Safe kernel extensions without run-time checking
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Model-Carrying Code (MCC): a new paradigm for mobile-code security
Proceedings of the 2001 workshop on New security paradigms
Log Auditing through Model-Checking
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Experimenting with a Policy-Based HIDS Based on an Information Flow Control Model
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Synthesizing fast intrusion prevention/detection systems from high-level specifications
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Control of system calls from outside of virtual machines
Proceedings of the 2008 ACM symposium on Applied computing
Runtime Verification
Introducing reference flow control for detecting intrusion symptoms at the OS level
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Synthesising monitors from high-level policies for the safe execution of untrusted software
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
The ORCHIDS intrusion detection tool
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
| Hi-index | 0.00 |
Virtualized systems such as Xen, VirtualBox, VMWare or QEmu have been proposed to increase the level of security achievable on personal computers. On the other hand, such virtualized systems are now targets for attacks. We propose an intrusion detection architecture for virtualized systems, and discuss some of the security issues that arise. We argue that a weak spot of such systems is domain zero administration, which is left entirely under the administrator's responsibility, and is in particular vulnerable to trojans. To avert some of the risks, we propose to install a role-based access control model with possible role delegation, and to describe all undesired activity flows through simple temporal formulas. We show how the latter are compiled into Orchids rules, via a fragment of linear temporal logic, through a generalization of the so-called history variable mechanism.