|
Published Articles >> Table of Contents >> Abstract
21st Annual Computer Security Applications Conference (ACSAC'05)
pp. 276-285
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor
Reiner Sailer, IBM T. J. Watson Research Center, Hawthorne, NY
Trent Jaeger, IBM T. J. Watson Research Center, Hawthorne, NY
Enriquillo Valdez, IBM T. J. Watson Research Center, Hawthorne, NY
Ramon Caceres, IBM T. J. Watson Research Center, Hawthorne, NY
Ronald Perez, IBM T. J. Watson Research Center, Hawthorne, NY
Stefan Berger, IBM T. J. Watson Research Center, Hawthorne, NY
John Linwood Griffin, IBM T. J. Watson Research Center, Hawthorne, NY
Leendert van Doorn, IBM T. J. Watson Research Center, Hawthorne, NY
Full Article Text:
 
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.13
Send link to a friend
| Abstract |
|
We present the sHype hypervisor security architecture and
examine in detail its mandatory access control facilities.
While existing hypervisor security approaches aiming at
high assurance have been proven useful for high-security
environments that prioritize security over performance and
code reuse, our approach aims at commercial security
where near-zero performance overhead, non-intrusive implementation,
and usability are of paramount importance.
sHype enforces strong isolation at the granularity of a virtual
machine, thus providing a robust foundation on which
higher software layers can enact finer-grained controls. We
provide the rationale behind the sHype design and describe
and evaluate our implementation for the Xen open-source
hypervisor.
|
 Additional Information
|
Citation:
Reiner Sailer, Trent Jaeger, Enriquillo Valdez, Ramon Caceres, Ronald Perez, Stefan Berger, John Linwood Griffin, Leendert van Doorn,
"Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor,"
acsac,
pp. 276-285,
21st Annual Computer Security Applications Conference (ACSAC'05),
2005
|
|
