Software errors and complexity: an empirical investigation0
Communications of the ACM
IEEE Transactions on Software Engineering
A Retrospective on the VAX VMM Security Kernel
IEEE Transactions on Software Engineering
Protection and the control of information sharing in multics
Communications of the ACM
The design of the Venus operating system
Communications of the ACM
A note on the confinement problem
Communications of the ACM
The structure of the “THE”-multiprogramming system
Communications of the ACM
A logical framework for reasoning about access control models
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Verification of a Formal Security Model for Multiapplicative Smart Cards
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Proceedings of the workshop on virtual computer systems
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Comparing the expressive power of access control models
Proceedings of the 11th ACM conference on Computer and communications security
Diagnosing performance overheads in the xen virtual machine environment
Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments
Labels and event processes in the asbestos operating system
Proceedings of the twentieth ACM symposium on Operating systems principles
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Program confinement in KVM/370
ACM '77 Proceedings of the 1977 annual conference
SubVirt: Implementing malware with virtual machines
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
A Safety-Oriented Platform for Web Applications
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Advanced virtualization capabilities of POWER5 systems
IBM Journal of Research and Development - POWER5 and packaging
Virtual machines, virtual security?
Communications of the ACM
Shamon: A System for Distributed Mandatory Access Control
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Reducing TCB complexity for security-sensitive applications: three case studies
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Analyzing integrity protection in the SELinux example policy
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Forensics examination of volatile system data using virtual introspection
ACM SIGOPS Operating Systems Review
O2S2: enhanced object-based virtualized storage
ACM SIGOPS Operating Systems Review
XenSocket: a high-throughput interdomain transport for virtual machines
Proceedings of the ACM/IFIP/USENIX 2007 International Conference on Middleware
Extending virtualization services with trust guarantees via behavioral monitoring
Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems
XenSocket: a high-throughput interdomain transport for virtual machines
MIDDLEWARE2007 Proceedings of the 8th ACM/IFIP/USENIX international conference on Middleware
PIGA-Virt: an advanced distributed MAC protection of virtual systems
Euro-Par'11 Proceedings of the 2011 international conference on Parallel Processing - Volume 2
Transforming commodity security policies to enforce Clark-Wilson integrity
Proceedings of the 28th Annual Computer Security Applications Conference
| Hi-index | 0.00 |
In this work, we show how the abstraction layer created by a hypervisor, or virtual machine monitor, can be leveraged to reduce the complexity of mandatory access control policies throughout the system. Policies governing access control decisions in today's systems are complex and monolithic. Achieving strong security guarantees often means restricting usability across the entire system, which is a primary reason why mandatory access controls are rarely deployed. Our architecture uses a hypervisor and multiple virtual machines to decompose policies into multiple layers. This simplifies the policies and their enforcement, while minimizing the overall impact of security on the system. We show that the overhead of decomposing system policies into distinct policies for each layer can be negligible. Our initial implementation confirms that such layering leads to simpler security policies and enforcement mechanisms as well as a more robust layered trusted computing base. We hope that this work serves to start a dialog regarding the use of mandatory access controls within a hypervisor for both increasing security and improving manageability.