Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
A Real-time Integrity Monitor for Xen Virtual Machine
ICNS '06 Proceedings of the International conference on Networking and Services
Shamon: A System for Distributed Mandatory Access Control
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
A layered approach to simplified access control in virtualized systems
ACM SIGOPS Operating Systems Review
IEEE Security and Privacy
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Analysis of virtual machine system policies
Proceedings of the 14th ACM symposium on Access control models and technologies
Outlook: Cloudy with a Chance of Security Challenges and Improvements
IEEE Security and Privacy
Towards a discipline of mission-aware cloud computing
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Privacy, Security and Trust Issues Arising from Cloud Computing
CLOUDCOM '10 Proceedings of the 2010 IEEE Second International Conference on Cloud Computing Technology and Science
Advanced MAC in HPC Systems: Performance Improvement
CCGRID '12 Proceedings of the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012)
Mandatory access control with a multi-level reference monitor: PIGA-cluster
Proceedings of the first workshop on Changing landscapes in HPC security
| Hi-index | 0.00 |
Efficient Mandatory Access Control of Virtual Machines remains an open problem for protecting efficiently Cloud Systems. For example, the MAC protection must allow some information flows between two virtual machines while preventing other information flows between those two machines. For solving these problems, the virtual environment must guarantee an in-depth protection in order to control the information flows that starts in a Virtual Machine (vm) and finishes in another one. In contrast with existing MAC approaches, PIGA-Virt is a MAC protection controlling the different levels of a virtual system. It eases the management of the required security objectives. The PIGA-Virt approach guarantees the required security objectives while controlling efficiently the information flows. PIGA-Virt supports a large range of predefined protection canvas whose efficiency has been demonstrated during the ANR Sec&Si security challenge. The paper shows how the PIGA-Virt approach guarantees advanced confidentiality and integrity properties by controlling complex combinations of transitive information flows passing through intermediate resources. As far as we know, PIGA-Virt is the first operational solution providing in-depth MAC protection, addressing advanced security requirements and controlling efficiently information flows inside and between virtual machines. Moreover, the solution is independent of the underlying hypervisor. Performances and protection scenarios are given for protecting KVM virtual machines.