How To Shrink Attack Surfaces with a Hypervisor

A software environment’s attack surface is defined as the sum of points in which an unauthorized user or malicious adversary can enter or extract data. The smaller the attack surface, the better. Linux.com recently sat down with Doug Goldstein (https://github.com/cardoe or @doug_goldstein) to discuss how companies can use hypervisors to reduce attack surfaces and why the Xen Project hypervisor is a perfect choice for security-first environments. Doug is a principal software engineer at Star Lab, a company focused on providing software protection and integrity solutions for embedded systems.

You can read the full interview here.

Request for Comment: Scope of Vulnerabilities for which XSAs are issued

Issuing advisories has a cost: It costs the security team significant amounts of time to craft and send the advisories; it costs many of our downstreams time to apply, build, and test patches; and it costs many of our users time to decide whether to do an update, and if so, to test and deploy it.

Given this, the Xen Project Security Team wants to clarify when they should issue an advisory or not: the Xen Security Response Process only mentions “‘vulnerabilities”, without specifying what constitutes a vulnerability.

We would like guidelines from the community about what sorts of issues should be considered security issues (and thus will have advisories issued). I have posted the second version a draft of a section I am proposing to be added to the Xen Security Policy to xen-devel; a copy is included below for your convenience. There are only minor modifications from the first draft, so barring major feedback from the wider community it will likely achieve consensus. If you want input, now is the time to speak up.

Most of it is just encoding long-established practice. But there are two key changes and / or clarifications that deserve attention and discussion:

    Criteria 2c: Leaking of mundane information from Xen or dom0 will not be considered a security issue unless it may contain sensitive guest or user data

Criteria 4: If no operating systems are vulnerable to a bug, no advisory will be issued.

If you want to weigh in on the question, please join the discussion on xen-devel before 28 February. The title of the thread is “RFC v2: Scope of Vulnerabilities for which XSAs are issued”.

Continue reading

Tips and Tricks for Making VM Migration More Secure

A challenge for any cloud installation is the constant tradeoff of availability versus security. In general, the more fluid your cloud system (i.e., making virtualized resources available on demand more quickly and easily), the more your system becomes open to certain cyberattacks. This tradeoff is perhaps most acute during active virtual machine (VM) migration, when a VM is moved from one physical host to another transparently, without disruption of the VM’s operations. Live virtual machine migration is a crucial operation in the day-to-day management of modern cloud environment.

Linux.com recently published an article from John Shackleton of Adventium Labs that focuses on how to recognize and avoid common attacks with VM migration. Read the full article here.

 

FOSDEM Here We Come!

It’s that time of the year again – FOSDEM is coming to Brussels February 4 – 5 and the Xen Project team will be attending again.

We’ll be at a booth with Citrix, Oracle, both Xen Project members, and Vates. Xen Orchestra, which offers a complete web UI for controlling a XenServer and Xen infrastructure, will be demoed at the booth. You can find us in section K, level 1, group C, booth 5 or to make it easier between TOR/TAILS and OpenStack.

If you want to learn more about Xen Project technology, FOSS licenses and unikernels, then we recommend you come by the booth and/or head to the following presentations:

Live patching the Xen Project hypervisor
*Happening Saturday from 11:30 – 11:55
Live patching is the process of updating software while it is running, i.e. no more reboots. This type of technology is particularly important for cloud providers who need to keep themselves up and running 24/7. This talk covers everything from the design and implementation of live patching for Xen Project software to how it differs from live patching for Linux.

Mixed License FOSS Projects
*Happening Saturday from 11:35 – 12:20
Many projects start out with the intention of staying a single license FOSS project, but as your project grows there are some different licenses that you may not have anticipated. This talk will explore unintended consequences, risks and best practices through Xen Project examples on license issues. If you are an open source project that is growing fast, this is definitely a talk you don’t want to miss.

Adventures in Building Unikernel Clouds
*Happening Saturday from 14:45 to 15:25
Unikernels are a great approach to building the next generation of cloud infrastructure – they are performant and have a small attack surface. Even though the concept of a unikernel is not new, there has not been a ton of work done in building them for the infrastructure today. This talk provides a deep dive into the various layers of infrastructure that one needs to build out their own infrastructure of unikernels.

Towards a HVM-like Dom0 for Xen: Reducing the OS burden while taking advantage of new hardware features
*Happening Saturday from 18:45 to 19:00
Xen Project hypervisor uses a microkernel design that allows multiple concurrent operating systems to run on the same hardware. One of the key features of Xen Project software is that it is OS agnostic, meaning that any OS (with proper support) can be used as a host. This talk provides an overview on the different kind of guests supported by Xen Project software and how these new hardware features are used in order to improve and evolve them. It also describes the design and implementation of a new guest type, called PVHv2, and how it can be used as a control domain (Dom0).

We look forward to seeing you there. For those who can’t attend, follow our Twitter feed for FOSDEM updates and to stay up-to-date  on what’s happening with the project.

The Power of Hypervisor-Based Containers

The modern trend towards cloud-native apps seems to be set to kill hypervisors with a long slow death. Paradoxically, it is the massive success of hypervisors and infrastructure-as-a-service during the last 15 years that enabled this trend.

Stefano Stabellini provides an overview of the rise of containers and how hypervisors are co-existing and thriving in the era of containers. Read more here.

Xen Project 2017 Predictions: The Growth and Changes of the Hypervisor in 2017 and More

Embedded systems become virtualized, IoT security concerns continue and the container community diversifies… What else will happen to the hypervisor and beyond in 2017? Two members of the Xen Project, Stefano Stabellini and James Bulpin, provide insight on where the hypervisor is going in 2017 and other virtualization and infrastructure trends to watch out for in this VMblog post.