|
|
|
|
|
Logical Domains Security Questions Answered Covers CPU, Memory, Virtual Network -Disks-Console, and More October 20, 2009, Volume 140, Issue 3
Logical Domains (LDoms) provide built-in and no-cost virtualization capabilities for Sun Chip Multithreading (CMT) Servers, and many are considering implementing it as part of a virtualization strategy. But what about security? Sun's Jim Laurent recently had to address this question with a federal government customer and decided to share his findings in a Q&A blog entry. He begins by explaining that LDoms can save users up to $10,000 per server when comparing it to proprietary virtualization technologies. He writes that this Sun technology allows for the creation of up to 128 virtual servers on one system free of charge. Highlighting the added new features of LDoms 1.2, Laurent then addresses 13 security questions in categories of CPU, memory, virtual network, virtual disks, virtual console, and special interest. An abbreviated sampling follows: Q: Can the Control domain access/utilize the CPU threads of a guest without shutting down the guest?
Answer: A Control domain cannot access the CPU threads assigned to a guest domain unless the threads are removed from the guest, and then added to the control domain, such as with CPU Dynamic Reconfiguration, or by rebooting both the guest and control domain after a Static Reconfiguration. ... Q: Can the Control domain alter the active memory space of a running guest?
Answer: There are two types of memory “alteration” in a system, first is modifying the contents of existing memory in a guest, and second, is the reconfiguration of memory size within a guest. For LDoms, guests have no knowledge of one another, nor are there any interfaces to allow one guest to gain access to or modify the memory of another guest. Memory separation and partitioning is enforced by the SPARC Hypervisor. ... Q: Can the control domain alter the network traffic of guest domains? The concern is about a compromised Control Domain becoming a man-in-the-middle. How can this condition be identified/reported?
Answer: Yes. The network switching of the packets is done in a software driver(vsw), its harder to alter the network traffic to Guest domains, but a compromised control(or service) domain can alter the traffic. Our Security model assumes that the domain(s) that host services such as vsw, are trusted, so they need to be secured as per the local security guidelines. Compromising or accessing the network traffic of guest domains from the control domain requires root access on the control domain. Q: Can a guest domain access the console for the control domain?
Answers: A guest domain cannot access the console interface for a different guest domain, nor can a guest domain access the console for the control domain. The only console access is via a privileged user on the control domain itself. There are no interfaces available in any other scenario for access a guest console, including over the general network interface. More Information
Answering a customer's LDOMs security questions - Laurent's blog entry Logical Domains 1.2 Released with Nine New Features
|
|
||||||||||||||||||||||||||
Straightforward security answers about Logical Domains.
Print
Email
Logical Domains Security Questions Answered
(this article)|
News and Solutions for Users of Solaris, Java and Oracle's Sun hardware products
Just the news you need, none of what you don't – 42,000+ Members – 24,000+ Articles Published since 1998 |
Copyright © 1998-2011 System News, Inc.
