[trustable-software] No hypervisor required...

trustable at panic.fluff.org trustable at panic.fluff.org
Wed May 23 11:03:13 BST 2018


Colin,
        certainly all the Unix schedules I have worked with in recent years 
already allow the ability to say only these processes can be scheduled on 
this particularly core, typically based on ownership of the file.

        Doesn't the Hypervisor just add yet another load of code which 
no-one knows who well it works or from whence it came which needs to be 
validated and verified, when the OS itself has to have this done already ?

         Edmund

  On Wed, 23 May 2018, Colin Robbins wrote:

> Hi Paul,
>
> This is a long running debate in security circles, where hypervisors are now largely accepted (except high risk environments)
>
> In the diagrams in the paper, you have the hardware as a single block.   In reality, this is often a multi core processor.
>
> I have seen one implementation, where they used resource allocation, such that a specific guest OS was dedicated to once specific core of the processor, to ensure availability.  E.g., if malware took over the other guests OS's running on the other cores, the dedicated OS on the dedicated core should not be performance affected.
>
> I think this is an example of where hypervisors are better suited to resource allocation that operating systems.
>
> Also, I've seen the argument from security accreditors, that assuring correct operation of hypervisor separation is easier than for doing the same at the OS level - largely because the code base is smaller / simpler.
>
> Regards,
>
>
>
> Colin Robbins
> Nexor
> Tel: +44 (0) 115 953 5541
>
> -----Original Message-----
> From: trustable-software <trustable-software-bounces at lists.trustable.io> On Behalf Of Paul Sherwood
> Sent: 22 May 2018 13:44
> To: trustable-software at lists.trustable.io
> Subject: [trustable-software] No hypervisor required...
>
> Hi all,
>
> after various heated discussions at Codethink (and several customers) over the years, I was finally compelled to write the following with the help of some colleagues.
>
> We attempt to argue that adding a hypervisor into a critical system is probably a bad idea:
>
> https://docs.google.com/document/d/1H8ymdyAxKqBHTDPWY_ltQOwihRQ3iIzTqxjuYQXF8O4/edit?usp=sharing
>
> Currently it feels like world-and-dog is pushing the hypervisor story, but based on the reasoning outlined it seems to me we are just increasing the risks by going that way. As always I may be wrong, so I'll be grateful for any feedback.
>
> br
> Paul
>
> _______________________________________________
> trustable-software mailing list
> trustable-software at lists.trustable.io
> https://lists.trustable.io/cgi-bin/mailman/listinfo/trustable-software
> _______________________________________________
trustable-software mailing list
trustable-software at lists.trustable.io
https://lists.trustable.io/cgi-bin/mailman/listinfo/trustable-software

-- 
========================================================================
Edmund J. Sutcliffe                     Thoughtful Solutions; Creatively
<edmunds at panic.fluff.org>               Implemented and Communicated
<http://panic.fluff.org>                +44 (0) 7976 938841




More information about the trustable-software mailing list