Multi-level security requirements for hypervisors

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn 2005, Issue , 2005, Pages 267-275

  Karger, Paul A ^a  

^a IBM T J WATSON RESEARCH CENTER   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

DATA PRIVACY; PUBLIC KEY CRYPTOGRAPHY; SYSTEMS ANALYSIS; VIRTUAL REALITY;

MULTI-LEVEL SECURITY; VIRTUAL MACHINE;

SECURITY OF DATA;

EID: 33846280529     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSAC.2005.41     Document Type: Conference Paper

References (49)

1. AMD64 Virtualization Codenamed "Pacifica" Technology: Secure Virtual Machine Architecture Reference Manual, Publication No. 33047, Revision 3.01, May 2005, Advanced Micro Devices: Sunnyvale, CA. URL: http://www.amd.com/us-en/assets/content_type/white_papers_and_tech_docs/ 33047.pdf
2. Certification Report for Processor Resource/ System Manager (PR/SM) for the IBM eServer zSeries 900, BSI-DSZ-CC-0179-2003,27 February 2003, Bundesamt für Sicherheit in der Informationstechnik: Bonn, Germany. URL: http://www.commoncriteriaportal.org/public/files/epfiles/0179a.pdf
3. Certification Report: BAE SYSTEMS - Trusted Filter Version 1.0, Certificate Number: 2001/19, July 2001, Defense Signals Directorate - Australasian Certification Authority: Kingston, ACT, Australia. URL: http://www.dsd.gov.au/infosec/evaluation_services/epl/network_security/ BAESystems_TrustedFilter.html
4. Computer Security Requirements - Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments, CSC-STD-003-85, 25 June 1985, DoD Computer Security Center: Ft. George G. Meade, MD. URL: http://www.radium.ncsc.mil/tpep/library/ rainbow/index.html
5. Department of Defense Trusted Computer System Evaluation Criteria, DOD 5200.28-STD, December 1985: Washington, DC. URL: http://csrc.nist.gov/ publications/history/dod85.pdf
6. DoD Information Technology Security Certification and Accreditation Process (DITSCAP), DoD Instruction 5200.40, 30 December 1997, Department of Defense: Washington, DC. URL: http://www.dtic.mil/whs/directives/corres/pdf/ i520040_123097/i520040p.pdf
7. Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model, ISO/EC 15408-1, 1999, International Organization for Standardization.
8. Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional requirements, ISO/EC 15408-2, 1999, International Organization for Standardization.
9. Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance requirements, ISO/EC 15408-3, 1999, International Organization for Standardization.
10. A Proposed Interpretation of the TCSEC for Virtual Machine Monitor Architectures, 31 March 1989, Trusted Information Systems, Inc.: Glenwood, MD.
11. Security Requirements for Automatic Data Processing (ADP) Systems, DoD Directive 5200.28, 18 December 1972, Department of Defense: Washington, DC.
12. Technical Rationale Behind CSC-STD-003-85: Computer Security Requirements - Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments, CSC-STD-004-85, 25 June 1985, DoD Computer Security Center: Ft. George G. Meade, MD. URL: http://www.radium.nc sc.mil/tpep/library/rainbow/index.html
13. Techniques and Procedures for Implementing, Deactivating, Testing, and Evaluating Secure Resource-Sharing ADP Systems, DoD 5200.28-M, January 1973, Department of Defense: Washington, DC.
14. Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria, NCSC-TG-005, Version-1, 31 July 1987, National Computer Security Center: Ft. George G. Meade, MD. URL: http://www.radiimi.ncsc.mil/ tpep/library/tcsec/index.html
15. Adair, R.J., R.U. Bayles, L.W. Comeau, and R.J. Creasy, A Virtual Machine System for the 360/40, Report 320-2007, May 1966, IBM Cambridge Scientific Center: Cambridge, MA.
16. Armstrong, W.J., R.L. Amdt, D.C. Boutcher, R.G. Kovacs, D. Larson, K.A. Lucke, N. Nayar, and R.C. Swanberg, Advanced Virtualization Capabilities of POWERS Systems. IBM Journal of Research and Development, July/September 2005. 49(4/5): p. 523-532. URL: http://www.research. ibm.com/journal/rd/494/armstrong.html
17. Barham, P., B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the Art of Virtualizatian. in Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles (SOSP). 19-22 October 2003, Bolton Landing, NY: ACM Press. URL: http://www.cl.catn.ac.uk/Research/SRG/netos/papers/2003-xensosp.pdf
18. Bell, D.E. and L.J. LaPadula, Computer Security Model: Unified Exposition and Multics Interpretation, ESD-TR-75-306, March 1976, The MITRE Corporation, Bedford, MA: HQ Electronic Systems Division, Hanscom AFB, MA. URL: http://csrc.nist.gov/publications/history/bell76.pdf
19. Biba, K.J., S.R. Ames, E.L. Burke, P.A. Karger, W.R. Price, R.R. Schell, and W.L. Schiller, A Preliminary Specification of a Multics Security Kernel, WP-20119, April 1975, The MITRE Corporation: Bedford, MA.
20. Broadbridge, R. and J. Mekota, Secure Communications Processor Specification, ESD-TR-76-351, Vol. II, June 1976, Honeywell Information Systems, Inc., McLean, VA: HQ Electronic Systems Division, Hanscom AFB, MA.
21. Hall, J.S. and P.T. Robinson. Virtualizing the VAX Architecture, in 18th International Symposium on Computer Architecture. May 1991, Toronto, ON, Canada: published in Computer Architecture News, vol. 19. p. 380-389.
22. Hendricks, E.C. and T.C. Hartmann, Evolution of a Virtual Machine Subsystem. IBM Systems Journal, 1979. 18(1): p. 111-142. URL: http://domino.research.ibm.com/tchjr/journalindex.nsf/SysVolumes?OpenView
23. Hinke, T.H. and M. Schaefer, Secure Data Management System, RADC-TR-75-266 [NTIS AD A019201], November 1975, Rome Air Development Center: Griffiss AFB, NY.
24. Karger, P.A., Improving Security and Performance for Capability Systems, Computer Laboratory Technical Report No. 149, October 1988, University of Cambridge: Cambridge, England.
25. Karger, P.A., Multi-Organizational Mandatory Access Controls for Commercial Applications, RC 21673 (97655), 22 February 2000, IBM Research Division, Thomas J. Watson Research Center: Yorktown Heights, NY. URL: http://domino.watson.ibm.com/library/CyberDig.nsf/home
26. Karger, P.A., Non-Discretionary Access Control for Decentralized Computing Systems, S. M. & E. E. thesis 1977, Laboratory for Computer Science, Massachusetts Institute of Technology: Cambridge, MA. URL: http://ncstrl.mit.edu:80/Dienst/UI/2.0/Describe/ncstrl. mit_1cs%2fMIT%2ILCS%2fTR-L179
27. Karger, P.A. Non-Discretionary Security for Decentralized Computing Systems: Host to Host Protocols. in Trends and Applications: 1978 Distributed Processing. 18 May 1978, National Bureau of Standards, Gaithersburg, MD: IEEE. p. 32-39.
28. Karger, P.A., Using Registers to Optimize Cross-Domain Call Performance, in Proceedings of the Third International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) 3-6 April 1989: Boston, MA. p. 194-204.
29. Karger, P.A., V.R. Austel, and B.C. Toll. Using a Mandatory Secrecy and Integrity Policy on Smart Cards and Mobile Devices, in EUROSMART Security Conference. 13-15 June 2000, Marseilles, France: p. 134-148.
30. Karger, P.A., V.R. Austel, and B.C. Toll. Using Mandatory Secrecy and Integrity for Business to Business Applications on Mobile Devices, in Workshop on Innovations in Strong Access Control. 25-27 September 2000, Naval Postgraduate School, Monterey, CA: published on CB-ROM. URL: http://www.acsac.org/sac-tac/wisac00/wed0830.karger.pdf
31. Karger, P.A. and R.R. Schell. Thirty Years Later: Lessons from the Multics Security Evaluation, in Proceedings of the 18th Annual Computer Security Applications Conference. 9-13 December 2002, Las Vegas, NV: IEEE Computer Society, p. 119-126. URL: http://www.acsac.org/2002/papers/classic- multics.pdf
32. Karger, P.A., M.E. Zurko, B.W. Bonin, A.H. Mason, and C.E. Kahn, A Retrospective on the VAX VMM Security Kernel. IEEE Transactions on Software Engineering, November 1991. 17(11): p. 1147-1165.
33. Kerner, S.M., IBM Offers Support for Xen. internetnews.com, 19 January 2005. URL: http://www.internetnews.com/dev-news/article.php/ 3461481
34. Lampson, B.W., A note on the confinement problem. Communications of the ACM, October 1973.16(10): p. 613-615.
35. Lauer, H.C. and R.M. Needham, On the duality of operating system structures, in Operating Systems: Theory and Practice, B. Lanciaux, Editor. 1979, North-Holland: Amsterdam, p. 371-384.
36. Lindquist, A.B., R.R. Seeber, and L.W. Comeau, A Time-Sharing System Using an Associative Memory. Proceedings of the IEEE, December 1966. 54(12): p. 1774-1779.
37. Lipner, S.B.,A comment on the confinement problem. Operating Systems Review, 19-21 November 1975. 9(5): p. 192-196. Proceedings of the Fifth Symposium on Operating Systems Principles.
38. Loscocco, P. and S. Smalley. Integrating Flexible Support for Security Policies into the Linux Operating System, in Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference (FREENIX '01). 2001, Boston, MA. URL: http://www.nsa.gov/selinux/doc/freenix01.pdf
39. Madnick, S.E. and J. J. Donovan. Application and Analysis of the Virtual Machine Approach to Information System Security, in Proceedings of the ACM SIGARCH-SIGOPS Workshop on Virtual Computer Systems. 26-27 March 1973, Cambridge, MA: Association for Computing Machinery, p. 210-224. URL: http://portal.acm.org/citation.cfm?id=803961
40. Meushaw, R. and D. Simard, NetTop: Commercial Technology in High Assurance Applications. National Security Agency Tech Trend Notes, Fall 2000. 9(4): p. 3-10. URL: http://www.vmwaro.coni/pdf/ TechTrondNotes.pdf
41. Postel, J. and J. Reynolds, File Transfer Protocol (FTP), RFC 959, October 1985, Network Working Group. URL: http://www.ietf.org/rfc/rfc959. txt
42. Reed, D.P. and R.K. Kanodia, Synchronization with Eventcounts and Sequencers. Comm. ACM, February 1979. 22(2): p. 115-123.
43. Rushby, J. and B. Randell, Distributed Secure System. IEEE Computer, July 1983.16(7): p. 55-67. URL: http://www.csl.sri.com/ users/rushby/abstracts/computer83
44. Sailer, R., T. Jaeger, J.L. Griffin, S. Berger, L. van Doom, R. Perez, and E. Valdez, Building a General-purpose Secure Virtual Machine Monitor, RC23537 (W0502-132), 25 February 2005, IBM Research Division, Thomas J. Watson Research Center: Yorktown Heights, NY. URL: http://domino.watson.ibm.com/ library/CyberDig.nsf/home
45. Schaefer, M., W.C. Barker, and C.P. Pfleeger. Tea and I: An Allergy, in IEEE Symposium on Security and Privacy. 1-3 May 1989, Oakland, CA: IEEE Computer Society, p. 178-182.
46. Schaefer, M., B. Gold, R. Linde, and J. Scheid. Program Confinement in KVM/370. in Proceedings of the 1977 ACM Annual Conference. 16-19 October 1977, Seattle, WA: p. 404-410.
47. Scherzer, H., R. Canetti, P.A. Karger, H. Krawczyk, T. Rabin, and D.C. Toll. Authenticating Mandatory Access Controls and Preserving Privacy for a High-Assurance Smart Card. in 8th European Symposium on Research in Computer Security (ESORICS 2003). 13-15 October 2003, Gjøvik, Norway:Lecture Notes in Computer Science Vol. 2808. Springer Verlag, p. 181-200.
48. Smalley, S., Configuring the SEL inux Policy, NAI Labs Report #02-007, June 2002, NAI Labs: Glenwood, MD. URL: http://www.nsa.gov/selinux/ policy2-abs.html
49. Varian, M. VM and the VM Community: Past Present, and Future, in SHARE 89, Sessions 9059-9061. August 1997. URL: http://pucc.princdon. edu/~melinda/25paper.pdf