the stream

Nexen - privilege separation in the Xen hypervisor

Alexander Bochmann Saturday 18 of March, 2017
Adrian Colyer sumarizes a research paper published on the NDSS Symposium 2017, Deconstructing Xen:

Deconstructing Xen wrote:
Our contributions: To summarize, this paper makes the following contributions:

* A systematic analysis on 191 Xen vulnerabilities (Sections II and V).
* Nexen, a novel deconstruction of Xen into a securitymonitor, shared service domain, and sandboxed per-VM slices (Section III) implemented in Xen (Section IV) that efficiently uses paged based isolation mechanisms for fine-grained data isolation.
* As informed by the analysis, a novel least-privilege decomposition strategy that places highly vulnerable code into per-VM slices while maintaining high performance and either eliminating vulnerabilities entirely or confining exploits (evaluated in Section V).
* Efficient code, memory, and control-flow integrity enforcement between Xen and VMs (evaluated in Section VI).

The design mitigates about 2/3rds of the vulnerabilities that have been discovered in the Xen hypervisor over the past years.

(Via tedu.)