Back to home

security

Call for Proposals Open for the Xen Project Developer and Design Summit Happening in June!
03/15/2018

Registration and the call for proposals are open for the Xen Project Developer and Design Summit 2018, which will be held in Nanjing Jiangning, China from June 20 – 22, 2018. The Xen Project Developer and Design Summit combines the formats of Xen Project Developer Summits with Xen Project Hackathons, and

Xen Project Spectre/Meltdown FAQ
01/04/2018

Updated to v3 on Dec 12th! Google’s Project Zero announced several information leak vulnerabilities affecting all modern superscalar processors. Details can be found on their blog, and in the Xen Project Advisory 254. To help our users understand the impact and our next steps forward, we put together the

Automotive, Security and the Future of the Xen Project at The Xen Project Developer and Design Summit
05/24/2017

The Xen Developer and Design Summit schedule is now live! This conference combines the formats of the Xen Project Developer Summits with the Xen Project Hackathons. If you are part of the Xen Project’s community of developers and power users, come join us in Budapest, Hungary, July 11 – 13

Request for Comment: Scope of Vulnerabilities for which XSAs are issued
02/14/2017

Issuing advisories has a cost: It costs the security team significant amounts of time to craft and send the advisories; it costs many of our downstreams time to apply, build, and test patches; and it costs many of our users time to decide whether to do an update, and if

What You Need to Know about Recent Xen Project Security Advisories
11/22/2016

Today the Xen Project announced eight security advisories: XSA-191 to XSA-198. The bulk of these security advisories were discovered and fixed during the hardening phase of the Xen Project Hypervisor 4.8 release (expected to come out in early December). The Xen Project has implemented a security-first approach when publishing

Virtual Machine Introspection: A Security Innovation With New Commercial Applications
08/15/2016

The article from Lars Kurth, the Xen Project chairperson, was first published on Linux.com. A few weeks ago, Citrix and Bitdefender launched XenServer 7 and Bitdefender Hypervisor Introspection, which together compose the first commercial application of the Xen Project Hypervisor’s Virtual Machine Introspection (VMI) infrastructure. In this article,

Q&A: Xen Project Release Strengthens Security and Pushes New Use Cases
07/18/2016

The following Q&A with Lars Kurth, the Xen Project chairperson, was first published on Linux.com. Xen Project technology supports more than 10 million users and is a staple in some of the largest clouds in production today, including Amazon Web Service, Tencent, and Alibaba’s Aliyun. Recently,

Intel hosts OpenXT Summit on Xen Project based Client Virtualization, June 7-8 in Fairfax, VA, USA
05/25/2016

This is a guest blog post by Rich Persaud, former member of the Citrix XenServer and XenClient engineering and business teams. He is currently a consultant to BAE Systems, working on the OpenXT project, which stands on the shoulders of the Xen Project, OpenEmbedded Linux and XenClient XT. While the

Stealthy monitoring with Xen altp2m
04/13/2016

One of the core features that differentiates Xen from other open-source hypervisors is its native support for stealthy and secure monitoring of guest internals (aka. virtual machine introspection [1]). In Xen 4.6 which was was released last autumn several new features have been introduced that make this subsystem better;

Security vs Features
10/30/2015

We’ve just released a rather interesting batch of Xen security advisories. This has given rise in some quarters to grumbling around Xen not taking security seriously. I have a longstanding interest in computer security. Nowadays I am a member of the Xen Project Security Team (the team behind security@

Hardening Hypervisors Against VENOM-Style Attacks
05/14/2015

This is a guest blog post by Tamas K. Lengyel, a long-time open source enthusiast and Xen contributor. Tamas works as a Senior Security Researcher at Novetta, while finishing his PhD on the topic of malware analysis and virtualization security at the University of Connecticut. The recent disclosure of the