Skip to content

The Xen hypervisor improves security and reforms its code »MuyLinux

Last week showed up Xen 4.11, the latest version of this hypervisor that has its main market in the structures of the companies, being a fundamental part of Amazon Web Services (AWS), Tencent, Alibaba Cloud, Oracle Cloud, IBM SoftLayer, Citrix, Huawei, Inspur, and Oracle.

Xen 4.11 stands out for an architecture that has been totally rethought, with key technologies that have been rewritten such as x86 support, device emulation, and boot sequence. The reduction in the amount of code of which this hypervisor is now composed ends up impacting in various sections, such as a smaller Reliable Computing Base, in addition to less complexity and greater ease of maintenance. Improvements in performance, scalability, and ARM support have also been included.

At the level of security we find important improvements, especially with the intention of correcting the vulnerabilities derived from Specter and Meltdown, which months after being confirmed continue generating new problems that have to be approached from many fronts, from the kernel to Applications oriented to the end user. In addition to fixing previously discovered security holes, Xen developers have Combined the best features of Xen paravirtualization and hardware-assisted virtualization in PVH, which simplifies the interface between the systems with the Xen Project Support and the Xen Hypervisor Project and reduces the attack surface. It is also important to mention that it supports no guest modifications of only paravirtualization in PHV.

As we can see, Xen 4.11 includes many interesting new features that try to make it a more secure solution by combining features and easier to maintain for its own developers thanks to the reduction in the amount of code used to build it.

For those who are lost, Xen is one of the most established hypervisors in the GNU / Linux ecosystem. Originally founded and developed by the University of Cambridge, in 2013 it was transferred to The Linux Foundation as a collaborative development.

Via ZDNet