The Xen Project’s code contributions have grown more than 10% each year. Although growth is extremely healthy to the project as a whole, it has its growing pains. For the Xen Project, it led to issues with its code review process: maintainers believed that their review workload increased and
Monday we closed the poll for the security discussion. Thank you everyone who participated! The process has not turned up a hidden option that everyone agreed on; however, it has helped find what I hope will be a “median” option which best addresses the concerns and desires as the community
The Xen Security team recently disclosed a vulnerability, Xen Security Advisory 7 (CVE-2012-0217), which would allow guest administrators to escalate to hypervisor-level privileges. The impact is much wider than Xen; many other operating systems seem to have the same vulnerability, including NetBSD, FreeBSD, some versions of Microsoft Windows (including Windows
As I mentioned in the Xen Day post, Xen.org was offered a slot at the Build an Open Source Cloud Day Boston. The Build a Cloud attendees were great. They were very engaged and asked lots of questions. The questions gave me a chance to cover several Xen topics
The Xen.org community is currently working on several projects that don’t receive much attention but are critical to the overall success of the Xen hypervisor solution. For example, the Xen ARM project being led by Samsung continues to develop a Xen hypervisor solution for the ARM 9 processor
I have added information and a link to a new project on the Xen.org Project Page: Isolated Execution; project home page is http://isolated-exec.sourceforge.net/. For more information on this project, see https://xenproject.org/index.php/2008/12/12/security-through-isolation-in-xen/
Joana Rutkowska and her team presented very interesting insights on Xen security, as well as attacks against it, at this years Black Hat conference in Las Vegas. In a trilogy of talks(“Xen 0wning trilogy”), they gave information about “Subverting the Xen Hypervisor”, “Detecting and preventing the Xen hypervisor subversions”
A new email has been established for anyone finding a security issue with any Xen build. Please send a detailed email of the problem to security@xen.org. This email distribution reaches a wide group of Xen community members who can immediately address the problem.