Virtualization security combining mandatory access control and virtual machine introspection

Proceedings - 2014 IEEE/ACM 7th International Conference on Utility and Cloud Computing, UCC 2014

Volumn , Issue , 2014, Pages 1004-1009

  Win, Thu Yein ^a   Tianfield, Huaglory ^a   Mair, Quentin ^a  

^a GLASGOW CALEDONIAN UNIVERSITY   (United Kingdom)

Author keywords

Access Control; Cloud Computing; Security; Systems Security; Virtual Machine Introspection; Virtual Machines; Virtualization; Virtualization Security

Indexed keywords

CLOUD COMPUTING; DISTRIBUTED COMPUTER SYSTEMS; JAVA PROGRAMMING LANGUAGE; MOBILE SECURITY; VIRTUAL REALITY;

SECURITY; SYSTEMS SECURITY; VIRTUAL MACHINE INTROSPECTION; VIRTUAL MACHINES; VIRTUALIZATION SECURITIES; VIRTUALIZATIONS;

ACCESS CONTROL;

EID: 84946685838     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/UCC.2014.165     Document Type: Conference Paper

References (20)

1. M. Bishop, Computer security: Art and Science. Addison-Wesley, 2012, vol. 200
2. D. E. Bell and L. J. LaPadula, "Secure computer systems: Mathematical foundations," DTIC Document, Tech. Rep., 1973
3. J. P. Anderson, "Computer security technology planning study. volume 2," DTIC Document, Tech. Rep., 1972
4. U Erlingsson, "The inlined reference monitor approach to security policy enforcement," Cornell University, Tech. Rep., 2003
5. E. Valdez, R. Sailer, and R. Perez, "Retrofitting the ibm power hypervisor to support mandatory access control," in Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual. IEEE, 2007, pp. 221-231
6. R. Sailer, E. Valdez, T. Jaeger, R. Perez, L. Van Doorn, J. L. Griffin, S. Berger, R. Sailer, E. Valdez, T. Jaeger et al., "shype: Secure hypervisor approach to trusted virtualized systems," Techn. Rep. RC23511, 2005
7. J. M. McCune, T. Jaeger, S. Berger, R. Caceres, and R. Sailer, "Shamon: A system for distributed mandatory access control," in Computer Security Applications Conference, 2006. ACSAC'06. 22nd Annual. IEEE, 2006, pp. 23-32
8. C. Wright, C. Cowan, S. Smalley, J. Morris, and G. Kroah-Hartman, "Linux security modules: General security support for the linux kernel," in Proceedings of the 11th USENIX Security Symposium. USENIX Association, 2002, pp. 17-31
9. L. Tian, X. Rong, and T. Liu, "Design and implementation of linux file mandatory access control," in Network Computing and Information Security. Springer, 2012, pp. 15-22
10. N. Li, Z. Mao, and H. Chen, "Usable mandatory integrity protection for operating systems," in Security and Privacy, 2007. SP'07. IEEE Symposium on. IEEE, 2007, pp. 164-178
11. K. Harsha, B. M. Palavalli, S. Rao et al., "Lothlorien: mandatory access control using linux security modules," in Internet Multimedia Services Architecture and Applications (IMSAA), 2009 IEEE International Conference on. IEEE, 2009, pp. 1-6
12. T. Isohara, K. Takemori, Y. Miyake, N. Qu, and A. Perrig, "Lsm-based secure system monitoring using kernel protection schemes," in Availability, Reliability, and Security, 2010. ARES'10 International Conference on. IEEE, 2010, pp. 591-596
13. B. Hicks, S. Rueda, L. St Clair, T. Jaeger, and P. McDaniel, "A logical specification and analysis for selinux mls policy," ACM Transactions on Information and System Security (TISSEC), vol. 13, no. 3, p. 26, 2010
14. F. Mayer, D. Caplan, and K. MacMillan, SELinux by example: using security enhanced Linux. Pearson Education, 2006
15. G. Sala, D. Sgandurra, and F. Baiardi, "Security and integrity of a distributed file storage in a virtual environment," in Security in Storage Workshop, 2007. SISW'07. Fourth International IEEE. IEEE, 2007, pp. 58-69
16. M. Blanc and J.-F. Lalande, "Mandatory access control for shared hpc clusters: Setup and performance evaluation," in High Performance Computing and Simulation (HPCS), 2010 International Conference on. IEEE, 2010, pp. 291-298
17. X. Zhang, J.-P. Seifert, and R. Sandhu, "Security enforcement model for distributed usage control," in Sensor Networks, Ubiquitous and Trustworthy Computing, 2008. SUTC'08. IEEE International Conference on. IEEE, 2008, pp. 10-18
18. T. Garfinkel, M. Rosenblum et al., "A virtual machine introspection based architecture for intrusion detection." in NDSS, vol. 3, 2003, pp. 191-206
19. X. Jiang, X. Wang, and D. Xu, "Stealthy malware detection through vmm-based out-of-the-box semantic view reconstruction," in Proceedings of the 14th ACM conference on Computer and communications security. ACM, 2007, pp. 128-138
20. C. Harrison, D. Cook, R. McGraw, and J. Hamilton, "Constructing a cloud-based ids by merging vmi with fma," in Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on. IEEE, 2012, pp. 163-169.