Back to home

security (page 2)

Why Unikernels Can Improve Internet Security
04/23/2015

This is a reprint of a 3-part unikernel series published on Linux.com. In this post, Xen Project Advisory Board Chairman Lars Kurth explains how unikernels address security and allow for the careful management of particularly critical portions of an organization’s data and processing needs. (See part one,Â

Updates to Xen Project Security Process
03/02/2015

Before Christmas, the Xen Project ran a community consultation to refine its Security Problem Response Process.  We recently approved changes that, in essence, are tweaks to our existing process, which is based on a Responsible Disclosure philosophy. Responsible Disclosure and our Security Problem Response Process are important components

Xen Project Security Policy Improvements: Get Involved
10/22/2014

The recent XSA-108 vulnerability resulted in a lot of media coverage, which ended up stress-testing some of our policy and security related processes. During the embargo period of XSA-108, the Xen Project Security Team was faced with some difficult questions of policy interpretation, as well as practical issues related to

XSA-108: Not the vulnerability you're looking for
10/03/2014

There has an unusual amount of media attention to XSA-108 during the embargo period (which ended Wednesday) — far more than any of the previous security issues the Xen Project has reported. It began when a blogger complained that Amazon was telling customers it would be rebooting VMs in certain regions

XSA-108: Additional Information from the Xen Project
10/02/2014

The Xen Project Security Team today disclosed details of the Xen Security Advisory 108 / CVE-2014-7188 (Improper MSR range used for x2APIC emulation). The Xen Project does not normally comment on specific vulnerabilities other than issuing security advisories. However, given wide interest in this case, we believe it is helpful to

Ballooning, rebooting, and the feature you've never heard of
02/14/2014

Today I’d like to talk about a functionality of Xen you may not have heard of, but might have actually used without even knowing it. If you use memory ballooning to resize your guests, you’ve likely used “populate-on-demand” at some point.  As you may know, ballooning

Xen Project Well Represented at SUSECon and openSUSE Summit
11/21/2013

What do a chameleon, a panda, and a mouse have in common?  More than you might imagine, unless you were present at SUSECon and the openSUSE Summit at the Walt Disney Coronado Springs resort last week in Florida.  During the week, it was clear that the SUSE chameleon

Fedora 20 Virtualization Test Day Report
10/16/2013

So, it was Fedora Virtualization Test Day last Tuesday and I actually went down and took the occasion for some good testing of Xen on the next Fedora release (Fedora 20, codename Heisenbug). Fedora is going to ship Xen 4.3 (and there are not many other mainstream distribution doing

Indirect descriptors for Xen PV disks
08/07/2013

Some time ago Konrad Rzeszutek Wilk (the Xen Linux maintainer) came up with a list of possible improvements to the Xen PV block protocol, which is used by Xen guests to reduce the overhead of emulated disks. This document is quite long, and the list of possible improvements is also

Reporting A Bug Against the Xen Hypervisor
06/04/2013

With the release process for Xen 4.3 in full swing (we intend to release the third release candidate this week) and with the Xen Test Days initiative (the next one is this Wednesday 5 June, join us on IRC freenode #xentest) I thought it would be useful to offer

Xen.org Security Policy Update: Get Involved
06/28/2012

Xen.org recently released a number of (related) security updates, XSA-7 through to -9. This was done by the Xen.org Security Team who are charged with following the Xen.org Security Problem Response Process. As part of the process of releasing XSA-7..9 several short-comings (a few of which

The Intel SYSRET privilege escalation
06/13/2012

The Xen Security team recently disclosed a vulnerability, Xen Security Advisory 7 (CVE-2012-0217), which would allow guest administrators to escalate to hypervisor-level privileges. The impact is much wider than Xen; many other operating systems seem to have the same vulnerability, including NetBSD, FreeBSD, some versions of Microsoft Windows (including Windows