A protocol for property-based attestation
Proceedings of the first ACM workshop on Scalable trusted computing
Layering negotiations for flexible attestation
Proceedings of the first ACM workshop on Scalable trusted computing
Towards a VMM-based usage control framework for OS kernel integrity protection
Proceedings of the 12th ACM symposium on Access control models and technologies
Managing the risk of covert information flows in virtual machine systems
Proceedings of the 12th ACM symposium on Access control models and technologies
Chinese-wall process confinement for practical distributed coalitions
Proceedings of the 12th ACM symposium on Access control models and technologies
A layered approach to simplified access control in virtualized systems
ACM SIGOPS Operating Systems Review
TVDc: managing security in the trusted virtual datacenter
ACM SIGOPS Operating Systems Review
Policy enforcement and compliance proofs for Xen virtual machines
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
OSLO: improving the security of trusted computing
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Control of system calls from outside of virtual machines
Proceedings of the 2008 ACM symposium on Applied computing
Re-engineering Xen internals for higher-assurance security
Information Security Tech. Report
A hypervisor-based system for protecting software runtime memory and persistent storage
Proceedings of the 2008 Spring simulation multiconference
A Trusted Group Signature Architecture in Virtual Computing Environment
ATC '08 Proceedings of the 5th international conference on Autonomic and Trusted Computing
O2S2: enhanced object-based virtualized storage
ACM SIGOPS Operating Systems Review
A formal security policy for xenon
Proceedings of the 6th ACM workshop on Formal methods in security engineering
Flexible and secure enterprise rights management based on trusted virtual domains
Proceedings of the 3rd ACM workshop on Scalable trusted computing
Efficiently tracking application interactions using lightweight virtualization
Proceedings of the 1st ACM workshop on Virtual machine security
Flexible security configuration for virtual machines
Proceedings of the 2nd ACM workshop on Computer security architectures
Extending virtualization services with trust guarantees via behavioral monitoring
Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems
Building a self-healing embedded system in a multi-OS environment
Proceedings of the 2009 ACM symposium on Applied Computing
An Integrity Assurance Mechanism for Run-Time Programs
Information Security and Cryptology
Analysis of virtual machine system policies
Proceedings of the 14th ACM symposium on Access control models and technologies
Robustly secure computer systems: a new security paradigm of system discontinuity
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Fine-grained I/O access control of the mobile devices based on the Xen architecture
Proceedings of the 15th annual international conference on Mobile computing and networking
TruWallet: trustworthy and migratable wallet-based web authentication
Proceedings of the 2009 ACM workshop on Scalable trusted computing
Hypervisors for consumer electronics
CCNC'09 Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference
Constructing trusted virtual execution environment in P2P grids
Future Generation Computer Systems
Load-based covert channels between Xen virtual machines
Proceedings of the 2010 ACM Symposium on Applied Computing
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
An architecture for enforcing end-to-end access control over web applications
Proceedings of the 15th ACM symposium on Access control models and technologies
Fine-grained I/O access control based on Xen virtualization for 3G/4G mobile devices
Proceedings of the 47th Design Automation Conference
Security for the cloud infrastructure: trusted virtual data center implementation
IBM Journal of Research and Development
Using formal methods for security in the Xenon project
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Towards trusted cloud computing
HotCloud'09 Proceedings of the 2009 conference on Hot topics in cloud computing
Content oriented virtual domains for secure information sharing across organizations
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Some ideas on virtualized system security, and monitors
DPM'10/SETOP'10 Proceedings of the 5th international Workshop on data privacy management, and 3rd international conference on Autonomous spontaneous security
Attestation of integrity of overlay networks
Journal of Systems Architecture: the EUROMICRO Journal
Breaking up is hard to do: security and functionality in a commodity hypervisor
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Delivering secure applications on commercial mobile devices: the case for bare metal hypervisors
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
SICE: a hardware-level strongly isolated computing environment for x86 multi-core platforms
Proceedings of the 18th ACM conference on Computer and communications security
Architectural characterization of VM scaling on an SMP machine
ISPA'06 Proceedings of the 2006 international conference on Frontiers of High Performance Computing and Networking
CertiKOS: a certified kernel for secure cloud computing
Proceedings of the Second Asia-Pacific Workshop on Systems
Bridging the gap between inter-communication boundary and internal trusted components
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Trusted virtual domains – design, implementation and lessons learned
INTRUST'09 Proceedings of the First international conference on Trusted Systems
PIGA-Virt: an advanced distributed MAC protection of virtual systems
Euro-Par'11 Proceedings of the 2011 international conference on Parallel Processing - Volume 2
An introspection-based memory scraper attack against virtualized point of sale systems
FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
Trustworthy execution on mobile devices: what security properties can my mobile platform give me?
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
VESPA: multi-layered self-protection for cloud resources
Proceedings of the 9th international conference on Autonomic computing
Leveraging "choice" to automate authorization hook placement
Proceedings of the 2012 ACM conference on Computer and communications security
Proceedings of the 2012 ACM conference on Computer and communications security
Enhancing grid security using trusted virtualization
ATC'07 Proceedings of the 4th international conference on Autonomic and Trusted Computing
Transforming commodity security policies to enforce Clark-Wilson integrity
Proceedings of the 28th Annual Computer Security Applications Conference
Separation virtual machine monitors
Proceedings of the 28th Annual Computer Security Applications Conference
Efficient protection of kernel data structures via object partitioning
Proceedings of the 28th Annual Computer Security Applications Conference
Virtualization: Issues, security threats, and solutions
ACM Computing Surveys (CSUR)
XEBHRA: a virtualized platform for cross domain information sharing
Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
Client-controlled cryptography-as-a-service in the cloud
ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
Proceedings of the 4th ACM conference on Data and application security and privacy
| Hi-index | 0.01 |
We present the sHype hypervisor security architecture and examine in detail its mandatory access control facilities. While existing hypervisor security approaches aiming at high assurance have been proven useful for high-security environments that prioritize security over performance and code reuse, our approach aims at commercial security where near-zero performance overhead, non-intrusive implementation, and usability are of paramount importance. sHype enforces strong isolation at the granularity of a virtual machine, thus providing a robust foundation on which higher software layers can enact finer-grained controls. We provide the rationale behind the sHype design and describe and evaluate our implementation for the Xen open-source hypervisor.