zlacker

[parent] [thread] 1 comments
1. walter+(OP)[view] [source] 2017-11-19 18:08:02
Qubes mailing list thread about hypervisor choices:

https://groups.google.com/forum/m/#!topic/qubes-devel/jEe4pQ...

> It seems one major residing problem with KVM is the Linux kernel (which is large and vulnerable). A port of KVM to a thinner base layer would obviate those issues.

replies(1): >>nickps+6r
2. nickps+6r[view] [source] 2017-11-20 00:03:09
>>walter+(OP)
One of the trends I told Joanna about (i.e secure L4 kernels) led to folks developing exactly that. It was called KVM-L4. Here you go.

http://os.inf.tu-dresden.de/papers_ps/liebergeld-diplom.pdf

Complexity was still yoo high. Most in high-assurance security were trying stuff like Nova microhypervisor as a result. KVM on separation kernels might be worth further investigation for these platforms that will stay on KVM regardless.

[go to top]