Introducing Role-Based Access Control to a Secure Virtual Machine Monitor: Security Policy Enforcement Mechanism for Distributed Computers
2008 IEEE Asia-Pacific Services Computing Conference (2008)
Dec. 9, 2008 to Dec. 12, 2008
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/APSCC.2008.14
In recent years, as the data processed by governmental or commercial organizations increases, cases involving information leak have risen. It is difficult to control information on many distributed end-point computers using conventional security mechanisms. Therefore, we have been proposed a novel secure VMM (Virtual Machine Monitor) architecture which is used as a foundation of security policy enforcement on distributed computers. This paper especially introduces Role-based Access Control (RBAC) to theID management framework in a secure VMM system. Our proposal will reduce costs for distributed policies updates. Proposed RBAC mechanism employs attribute certificates (ACs) to handle user’s roles. This paper shows design and prototype implementation based on PKI-based ID card and proven open source VMM software, QEMU.
Role-based access control, RBAC, Virtual machine monitor, VMM, Hypervisor, Security, Policy enforcement
T. Horie et al., "Introducing Role-Based Access Control to a Secure Virtual Machine Monitor: Security Policy Enforcement Mechanism for Distributed Computers," 2008 IEEE Asia-Pacific Services Computing Conference(APSCC), vol. 00, no. , pp. 1225-1230, 2008.