Lines Matching full:guest

46 integrity for the VM's guest memory and execution state (vCPU registers),
47 more tightly controlled guest interrupt injection, as well as some
48 additional mechanisms to control guest-host page mapping. More details on
53 The basic CoCo guest layout includes the host, guest, the interfaces that
54 communicate guest and host, a platform capable of supporting CoCo VMs, and
55 a trusted intermediary between the guest VM and the underlying platform
58 is still in charge of the guest lifecycle, i.e. create or destroy a CoCo
65 the rest of the components (data flow for guest, host, hardware) ::
68     | CoCo guest VM     |<---->|                       |
136 (in contrast to a remote network attacker) and has control over the guest
140                                  |    CoCo guest VM       |
160 While traditionally the host has unlimited access to guest data and can
161 leverage this access to attack the guest, the CoCo systems mitigate such
162 attacks by adding security features like guest data confidentiality and
168 1. Preserve the confidentiality and integrity of CoCo guest's private
171 2. Prevent privileged escalation from a host into a CoCo guest Linux kernel.
173 privilege to create, destroy, or pause the guest, part of the goal of
175 provide a pathway for attackers to gain access to the guest's kernel.
180 1. Guest kernel execution context.
181 2. Guest kernel private memory.
183 The host retains full control over the CoCo guest resources, and can deny
185 that the guest can consume, network bandwidth, etc. Because of this, the
190 guest Linux kernel towards an untrusted host that is not covered by the
196 interrupts allowed to be injected into the guest kernel by the host, as
199 guest: it has a method to load into a guest the firmware and bootloader
204 The table below shows a threat matrix for the CoCo guest Linux kernel but
206 CoCo-specific versions of the guest, host and platform.
208 .. list-table:: CoCo Linux guest kernel threat matrix
216    * - Guest malicious configuration
217      - A misbehaving host modifies one of the following guest's
220        1. Guest firmware or bootloader
222        2. Guest kernel or module binaries
224        3. Guest command line parameters
227        inside a CoCo guest, and violates the CoCo security objectives.
229    * - CoCo guest data attacks
230      - A misbehaving host retains full control of the CoCo guest's data
231        in-transit between the guest and the host-managed physical or
237        interface used by the guest's kernel code. If the code is not
239        --> guest kernel privilege escalation. This includes traditional
244        communication interface used by the guest's kernel code. The
247        impact the guest's kernel security. Examples of such inputs include
248        providing a malicious time to the guest or the entropy to the guest
250        be an attack vector on its own, if it results in a particular guest