On 27/01/2010 18:34, Scott Kuehn wrote: >> Solaris 10 + VirtualBox is already in use at several customer sites >> where labelled security is required to be run on a common criteria >> system - sorry but I can't give references given the nature of the >> customers businesses. >> > > The rationale for using Xen/xVM in my scenario is to gain the typical > features of a separation kernel, such as hardware isolation via Xen/xVM > utilization of Intel VT-x. My goal is to combine Xen/xVM and HVM domU's
VirtualBox can use Intel VT-x as well as nested paging. > in a way that will form the basis of a general purpose MILS system. MILS > is popular in secure embedded systems and fairly standard in avionics. > We, however, are interested in enterprise systems. This is a new area. > We will be using Solaris 10 with trusted extensions as domUs (HVMs) and > will be using Java RTS 2.2. You want labelling in the guest (domU), do you want it on the host (dom0) as well ? Solaris 10 with TX enabled works well as a VirtualBox hosting system and as a guest under VirtualBox. > I hope that background info helps explain my Solaris/Xen/VT-x > intentions. With that said, is it correct that Solaris 10 cannot be run > as the PV dom0? Any general comments on this MILS system plan? Correct, Solaris 10 has no dom0 support. -- Darren J Moffat
