The Community for Technology Leaders
RSS Icon
Subscribe
Tucson, Arizona
Dec. 5, 2005 to Dec. 9, 2005
ISBN: 0-7695-2461-3
pp: 276-285
Reiner Sailer , IBM T. J. Watson Research Center, Hawthorne, NY
Trent Jaeger , IBM T. J. Watson Research Center, Hawthorne, NY
Enriquillo Valdez , IBM T. J. Watson Research Center, Hawthorne, NY
Ramon Caceres , IBM T. J. Watson Research Center, Hawthorne, NY
Ronald Perez , IBM T. J. Watson Research Center, Hawthorne, NY
Stefan Berger , IBM T. J. Watson Research Center, Hawthorne, NY
John Linwood Griffin , IBM T. J. Watson Research Center, Hawthorne, NY
Leendert van Doorn , IBM T. J. Watson Research Center, Hawthorne, NY
ABSTRACT
We present the sHype hypervisor security architecture and examine in detail its mandatory access control facilities. While existing hypervisor security approaches aiming at high assurance have been proven useful for high-security environments that prioritize security over performance and code reuse, our approach aims at commercial security where near-zero performance overhead, non-intrusive implementation, and usability are of paramount importance. sHype enforces strong isolation at the granularity of a virtual machine, thus providing a robust foundation on which higher software layers can enact finer-grained controls. We provide the rationale behind the sHype design and describe and evaluate our implementation for the Xen open-source hypervisor.
INDEX TERMS
null
CITATION
Reiner Sailer, Trent Jaeger, Enriquillo Valdez, Ramon Caceres, Ronald Perez, Stefan Berger, John Linwood Griffin, Leendert van Doorn, "Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor", ACSAC, 2005, Computer Security Applications Conference, Annual, Computer Security Applications Conference, Annual 2005, pp. 276-285, doi:10.1109/CSAC.2005.13
13 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool