The following figure shows the virtualization components that form the Oracle VM Server for SPARC “execution environment.” These components are not strictly separated. The most simple configuration is to combine all of these functions in a single domain. The control domain might also act as an I/O domain and a service domain for other domains.
Figure 3 - Components of the Execution Environment
Suppose an attacker attempts to break system isolation and then manipulate the hypervisor or another component of the execution environment to reach a guest domain. You must protect each guest domain as you would any stand-alone server.
The rest of this chapter presents threat possibilities and the various measures that you can take to counter them. Each of these attacks attempt to overcome or eliminate the isolation of the different domains that run on a single platform. The following sections describe the threats to each part of an Oracle VM Server for SPARC system: