Shared Resources and Protecting Them from the Users
Xen's design is congruent to good security.
It's a ringing endorsement, by security-boffin standards. By and large, with Xen, we're not worried about keeping people from breaking out of their virtual machines—Xen itself is supposed to provide an appropriate level of isolation. In paravirtualized mode, Xen doesn't expose hardware drivers to domUs, which eliminates one major attack vector.[39] For the most part, securing a dom0 is exactly like securing any other server, except in one area.
That area of possible concern is in the access controls for shared resources, which are not entirely foolproof. The primary worry is that malicious users ...
Get The Book of Xen now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
