Darren J Moffat wrote: > On 27/01/2010 02:09, Scott Kuehn wrote: >> Hello All, >> >> I'm investigating the possibility of running an EAL-certified Solaris as >> a dom0 and domU on Xen or xVM. The rationale of running Solaris in >> dom0 is for security features, such as the features provided by the >> Controlled Access Protection Profile. So far it seems like a Solaris >> HVM is ideal for each domU in my current scenario, due to the ability >> for labeling via trusted extensions and the RTOS capabilities of the >> kernel. >> >> My efforts to understand the capabilities of Xen, xVM, Solaris, and >> OpenSolaris, have me running in circles. Does anyone understand the >> feasibility of running a certified Solaris with a xen-based hypervisor? >> My web searches show OpenSolaris with xVM is the only solaris/xen >> combination with a community backing. Any advice is appreciated. > > That is correct. OpenSolaris has xVM (ie Xen) but OpenSolaris doesn't > have a common criteria evaluation, those only apply to Solaris 10. > > For Solaris 10 I recommend using VirtualBox. You can even run > VirtualBox inside a labelled zone and get network isolation as well as > all the other containment a labeled zone provides for "normal" > applications. > > Solaris 10 + VirtualBox is already in use at several customer sites > where labelled security is required to be run on a common criteria > system - sorry but I can't give references given the nature of the > customers businesses. >
The rationale for using Xen/xVM in my scenario is to gain the typical features of a separation kernel, such as hardware isolation via Xen/xVM utilization of Intel VT-x. My goal is to combine Xen/xVM and HVM domU's in a way that will form the basis of a general purpose MILS system. MILS is popular in secure embedded systems and fairly standard in avionics. We, however, are interested in enterprise systems. This is a new area. We will be using Solaris 10 with trusted extensions as domUs (HVMs) and will be using Java RTS 2.2. I hope that background info helps explain my Solaris/Xen/VT-x intentions. With that said, is it correct that Solaris 10 cannot be run as the PV dom0? Any general comments on this MILS system plan?
