Sciweavers

SACMAT
2009
ACM

Analysis of virtual machine system policies

13 years 10 months ago
Analysis of virtual machine system policies
The recent emergence of mandatory access (MAC) enforcement for virtual machine monitors (VMMs) presents an opportunity to enforce a security goal over all its virtual machines (VMs). However, these VMs also have MAC enforcement, so to determine whether the overall system (VMsystem) is secure requires an evaluation of whether this combination of MAC policies, as a whole, complies with a given security goal. Previous MAC policy analyses either consider a single policy at a time or do not represent the interaction between different policy layers (VMM and VM). We observe that we can analyze the VMM policy and the labels used for communications between VMs to create an interVM flow graph that we use to identify safe, unsafe, and ambiguous VM interactions. A VM with only safe interactions is compliant with the goal, a VM with any unsafe interaction violates the goal. For a VM with ambiguous interactions we analyze its local MAC policy to determine whether it is compliant or not with the g...
Sandra Rueda, Hayawardh Vijayakumar, Trent Jaeger
Added 28 May 2010
Updated 28 May 2010
Type Conference
Year 2009
Where SACMAT
Authors Sandra Rueda, Hayawardh Vijayakumar, Trent Jaeger
Comments (0)