written 6.2 years ago by |
Xen is an open source hypervisor program developed.
It is a microkernel hypervisor, which separates the policy from the mechanism
The Xen hypervisor implements all the mechanisms, leaving the policy to be handled by Domain 0, as shown in figure does not include any device drivers natively. It just provides a mechanism by which a guest have direct access to the physical devices. As a result, the size of the Xen hypervisor is small.
Xen provides a virtual environment located between the hardware and the OS. The core components of a Xen system are the hypervisor, kernel, and applications. The organization of the three components is important.
Like other virtualization systems, many guest run on top of the hypervisor. The guest OS, which has control ability, is called Domain 0, and the others are called Domain U. Domain 0 is a privileged guest OS of Xen.
It is first loaded when Xen boots without any file system drivers being available. Domain 0 is designed to access hardware directly and manage devices. Therefore, one of the responsibilities of Domain 0 is to allocate and map hardware resources for the guest domains (the Domain U domains).
For example, Xen is based on Linux and its security level is C2. Its management VM is named Domain 0, which has the privilege to manage other VMs implemented on the same host.
If Domain0 is compromised, the hacker can control the entire system. So, in the VM system, security policies are needed to improve the security of Domain 0.
Domain 0, behaving as a VMM, allows users to create, copy, save, read, modify, share, migrate, and roll back VMs as easily as manipulating a file, which flexibly provides tremendous benefits for users.
It also brings a series of security problems during the software life cycle and data lifetime. Traditionally, a machine’s lifetime can be envisioned as a straight line where the current state of the machine is a point that progresses monotonically as the software executes.
During this time, configuration changes are made, software is installed, and patches are applied. In such an environment, the VM state is in to a tree: At any point, execution can go into N different branches where multiple instances of a VM can exist at any point in this tree at any given time.
VMs are allowed to roll back to previous states in their execution or rerun from the same point many times.