Analysis of virtual machine system policies

14 years 6 months ago

Download www.cse.psu.edu

The recent emergence of mandatory access (MAC) enforcement for virtual machine monitors (VMMs) presents an opportunity to enforce a security goal over all its virtual machines (VMs). However, these VMs also have MAC enforcement, so to determine whether the overall system (VMsystem) is secure requires an evaluation of whether this combination of MAC policies, as a whole, complies with a given security goal. Previous MAC policy analyses either consider a single policy at a time or do not represent the interaction between diﬀerent policy layers (VMM and VM). We observe that we can analyze the VMM policy and the labels used for communications between VMs to create an interVM ﬂow graph that we use to identify safe, unsafe, and ambiguous VM interactions. A VM with only safe interactions is compliant with the goal, a VM with any unsafe interaction violates the goal. For a VM with ambiguous interactions we analyze its local MAC policy to determine whether it is compliant or not with the g...

Sandra Rueda, Hayawardh Vijayakumar, Trent Jaeger

Real-time Traffic

MAC Policy | Policy | SACMAT 2009 | Security Goal | Security Privacy |

claim paper

Post Info
More Details (n/a)

Added	28 May 2010
Updated	28 May 2010
Type	Conference
Year	2009
Where	SACMAT
Authors	Sandra Rueda, Hayawardh Vijayakumar, Trent Jaeger

Comments (0)

Sciweavers

Analysis of virtual machine system policies

MAC Policy | Policy | SACMAT 2009 | Security Goal | Security Privacy |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers