SLIDE 1
Xen Hypervisor security in VM isolation
Yanick de Jong 4 February 2009
Xen Hypervisor security in VM isolation Yanick de Jong 4 February - - PowerPoint PPT Presentation
Xen Hypervisor security in VM isolation Yanick de Jong 4 February - - PowerPoint PPT Presentation
Xen Hypervisor security in VM isolation Yanick de Jong 4 February 2009 Research Question? What are the risks involved with merging Xen servers in different segments of the network and put all virtual machines together on one machine?
SLIDE 2
SLIDE 3
Network Overview
Internet DMZ Server LAN User LAN
SLIDE 4
Network Overview
Server LAN & DMZ Internet User LAN
SLIDE 5
Network System Disk allocation Memory Bridging DMA Conclusion
Subjects
SLIDE 6
Network
Defense in Depth Least Privilege
SLIDE 7
System (xen host)
Single point of Failure Increase complexity
SLIDE 8
Virtual Machine
Less risks Easy to restore
SLIDE 9
Disk Allocation
Writing outside allocated virtual
machine diskspace
SLIDE 10
Memory
Writing into memory Reading memory Reading memory from
checkpointfile
SLIDE 11
Bridging
All VM's on the same bridge VM's connected to physical
networkcards
VM's connected with vlan
SLIDE 12
DMA
Example – Reading memory (RAM)
through the firewire port
SLIDE 13
Conclusion
Network
Defense in Depth Least Privilege
Single point of failure
Xen host
SLIDE 14