Network vaccination architecture
Proceedings of the International Conference on Advances in Computing, Communication and Control
Hypervisor-based prevention of persistent rootkits
Proceedings of the 2010 ACM Symposium on Applied Computing
| Hi-index | 0.00 |
Virtual environment Secure File System (VSFS) is a software architecture for secure file sharing among applications with different trust levels that consists of a set of interconnected virtual machines (VMs). Application VMs (APP-VMs) run the application processes that transparently access remote shared files hosted by file system VMs (FS-VMs). Each FS-VM implements a Mandatory Access Control (MAC) security policy to control file sharing. To define and enforce this policy, VSFS uses SELinux. Each APP-VM is labeled with a security context paired with the IP address of the VM. FS-VMs use this context to check access rights of the APP-VMs with respect to the requested files and operations. A third set of VMs, the administrative VMs (A-VMs), provides assurance about the integrity of the FS-VMs and implements anti-spoofing techniques to authenticate each file request sent by the APP-VMs. After describing the overall architecture, we discuss the security and performance results of a first prototype. These first results show that the overhead due to mandatory access control is fairly acceptable.