Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor

A
ACSAC
2005
21st Annual Computer Security Applications Conference (ACSAC'05)
Abstract - Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Reiner Sailer Articles by Trent Jaeger Articles by Enriquillo Valdez Articles by Ramon Caceres Articles by Ronald Perez Articles by Stefan Berger Articles by John Linwood Griffin Articles by Leendert van Doorn

21st Annual Computer Security Applications Conference (ACSAC'05)

Tucson, Arizona

December 05-December 09

ISBN: 0-7695-2461-3

	ASCII Text	x
	Reiner Sailer, Trent Jaeger, Enriquillo Valdez, Ramon Caceres, Ronald Perez, Stefan Berger, John Linwood Griffin, Leendert van Doorn, "Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor," Computer Security Applications Conference, Annual, pp. 276-285, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005.

	BibTex	x
	@article{ 10.1109/CSAC.2005.13, author = {Reiner Sailer and Trent Jaeger and Enriquillo Valdez and Ramon Caceres and Ronald Perez and Stefan Berger and John Linwood Griffin and Leendert van Doorn}, title = {Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2005}, issn = {1063-9527}, pages = {276-285}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.13}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor SN - 1063-9527 SP276 EP285 A1 - Reiner Sailer, A1 - Trent Jaeger, A1 - Enriquillo Valdez, A1 - Ramon Caceres, A1 - Ronald Perez, A1 - Stefan Berger, A1 - John Linwood Griffin, A1 - Leendert van Doorn, PY - 2005 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

Reiner Sailer, IBM T. J. Watson Research Center, Hawthorne, NY

Trent Jaeger, IBM T. J. Watson Research Center, Hawthorne, NY

Enriquillo Valdez, IBM T. J. Watson Research Center, Hawthorne, NY

Ramon Caceres, IBM T. J. Watson Research Center, Hawthorne, NY

Ronald Perez, IBM T. J. Watson Research Center, Hawthorne, NY

Stefan Berger, IBM T. J. Watson Research Center, Hawthorne, NY

John Linwood Griffin, IBM T. J. Watson Research Center, Hawthorne, NY

Leendert van Doorn, IBM T. J. Watson Research Center, Hawthorne, NY

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.13

We present the sHype hypervisor security architecture and examine in detail its mandatory access control facilities. While existing hypervisor security approaches aiming at high assurance have been proven useful for high-security environments that prioritize security over performance and code reuse, our approach aims at commercial security where near-zero performance overhead, non-intrusive implementation, and usability are of paramount importance. sHype enforces strong isolation at the granularity of a virtual machine, thus providing a robust foundation on which higher software layers can enact finer-grained controls. We provide the rationale behind the sHype design and describe and evaluate our implementation for the Xen open-source hypervisor.

Citation:

Reiner Sailer, Trent Jaeger, Enriquillo Valdez, Ramon Caceres, Ronald Perez, Stefan Berger, John Linwood Griffin, Leendert van Doorn, "Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor," acsac, pp.276-285, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.