The Community for Technology Leaders
Computer Security Applications Conference, Annual (2005)
Tucson, Arizona
Dec. 5, 2005 to Dec. 9, 2005
ISSN: 1063-9527
ISBN: 0-7695-2461-3
pp: 276-285
Ramon Caceres , IBM T. J. Watson Research Center, Hawthorne, NY
Reiner Sailer , IBM T. J. Watson Research Center, Hawthorne, NY
Ronald Perez , IBM T. J. Watson Research Center, Hawthorne, NY
Leendert van Doorn , IBM T. J. Watson Research Center, Hawthorne, NY
Enriquillo Valdez , IBM T. J. Watson Research Center, Hawthorne, NY
Stefan Berger , IBM T. J. Watson Research Center, Hawthorne, NY
Trent Jaeger , IBM T. J. Watson Research Center, Hawthorne, NY
John Linwood Griffin , IBM T. J. Watson Research Center, Hawthorne, NY
ABSTRACT
We present the sHype hypervisor security architecture and examine in detail its mandatory access control facilities. While existing hypervisor security approaches aiming at high assurance have been proven useful for high-security environments that prioritize security over performance and code reuse, our approach aims at commercial security where near-zero performance overhead, non-intrusive implementation, and usability are of paramount importance. sHype enforces strong isolation at the granularity of a virtual machine, thus providing a robust foundation on which higher software layers can enact finer-grained controls. We provide the rationale behind the sHype design and describe and evaluate our implementation for the Xen open-source hypervisor.
INDEX TERMS
null
CITATION
Ramon Caceres, Reiner Sailer, Ronald Perez, Leendert van Doorn, Enriquillo Valdez, Stefan Berger, Trent Jaeger, John Linwood Griffin, "Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor", Computer Security Applications Conference, Annual, vol. 00, no. , pp. 276-285, 2005, doi:10.1109/CSAC.2005.13
98 ms
(Ver )