×
  • Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
 

XPDS13: In-Guest Mechanism to Strengthen Guest Separation - Philip Tricca, Citrix

by on Nov 04, 2013

  • 479 views

Terms related to security like 'disaggregation' and 'stubdom' have found their way into the standard Xen vernacular. Implementations of these architectures still require heavy lifting but examples ...

Terms related to security like 'disaggregation' and 'stubdom' have found their way into the standard Xen vernacular. Implementations of these architectures still require heavy lifting but examples have made their way into both the open source and commercial products. In this talk Philip presents a lesser known but complimentary method to confine QEMU processes using SELinux type enforcement. This architecture alone is interesting but Philip believes its utility extends beyond QEMU and SELinux. Future problems like inter-VM communication mechanisms hold unique challenges with regard to access control and policy semantics. Philip will argue that an approach influenced by sVirt and user-space object managers will be useful here. As always, attendees should expect tangents into abstract topics like the nature of trust and the utopic world that strong security mechanisms will bring about.

Statistics

Views

Total Views
479
Views on SlideShare
470
Embed Views
9

Actions

Likes
0
Downloads
15
Comments
0

3 Embeds 9

http://www.xenproject.org 6
http://xenproject.org 2
https://twitter.com 1

Accessibility

Categories

Upload Details

Uploaded via SlideShare as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
Post Comment
Edit your comment

XPDS13: In-Guest Mechanism to Strengthen Guest Separation - Philip Tricca, Citrix XPDS13: In-Guest Mechanism to Strengthen Guest Separation - Philip Tricca, Citrix Presentation Transcript