Flexible Security Configuration for Virtual Machines

Abstract

Virtual machines are widely accepted as a promising basis for building secure systems. However, while virtual machines offer effective mechanisms to create isolated environments, mechanisms that offer controlled interaction among VMs are immature. Some VM systems include flexible policy models and some enable MLS enforcement, but the flexible use of policy to control VM interactions has not been developed. In this paper, we propose an architecture that enables administrator to configure virtual machines to satisfy prescribed security goals. We describe the design and implementation of such architecture using SELinux, Xen an IPesc as the tools to express and enforce policies at the OS, VM and Network layers, respectively. We develop a web application using our architecture and show that we can configure application VMs in such a way that we can verify the enforcement of the security goals of those applications.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 01, 2008
Accession Number
ADA516569

Entities

People

  • Sandra Rueda
  • Trent Jaeger
  • Yogesh Sreenivasan

Organizations

  • Pennsylvania State University

Tags

Communities of Interest

  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Computer Access Control
  • Computer Network Security
  • Computer Science
  • Computers
  • Computing System Architectures
  • Cybersecurity
  • Environment
  • Intellectual Property
  • Language
  • Network Protocols
  • Networks
  • Operating Systems
  • Security
  • Security Protocols
  • Virtual Machines
  • Web Applications
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Parallel and Distributed Computing.