Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor

13 years 10 months ago

Download www.acsac.org

We present the sHype hypervisor security architecture and examine in detail its mandatory access control facilities. While existing hypervisor security approaches aiming at high assurance have been proven useful for high-security environments that prioritize security over performance and code reuse, our approach aims at commercial security where near-zero performance overhead, non-intrusive implementation, and usability are of paramount importance. sHype enforces strong isolation at the granularity of a virtual machine, thus providing a robust foundation on which higher software layers can enact ﬁner-grained controls. We provide the rationale behind the sHype design and describe and evaluate our implementation for the Xen open-source hypervisor.

Reiner Sailer, Trent Jaeger, Enriquillo Valdez, Ra

Real-time Traffic

ACSAC 2005 | Hypervisor Security | Hypervisor Security Architecture | Security Privacy | Xen Open-source Hypervisor |

claim paper

Post Info
More Details (n/a)

Added	24 Jun 2010
Updated	24 Jun 2010
Type	Conference
Year	2005
Where	ACSAC
Authors	Reiner Sailer, Trent Jaeger, Enriquillo Valdez, Ramón Cáceres, Ronald Perez, Stefan Berger, John Linwood Griffin, Leendert van Doorn

Comments (0)

Sciweavers

Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor

ACSAC 2005 | Hypervisor Security | Hypervisor Security Architecture | Security Privacy | Xen Open-source Hypervisor |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers