PIGA-Virt: An Advanced Distributed MAC Protection of Virtual Systems

  • J. Briffaut
  • E. Lefebvre
  • J. Rouzaud-Cornabas
  • C. Toinard
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7156)

Abstract

Efficient Mandatory Access Control of Virtual Machines remains an open problem for protecting efficiently Cloud Systems. For example, the MAC protection must allow some information flows between two virtual machines while preventing other information flows between those two machines. For solving these problems, the virtual environment must guarantee an in-depth protection in order to control the information flows that starts in a Virtual Machine (vm) and finishes in another one. In contrast with existing MAC approaches, PIGA-Virt is a MAC protection controlling the different levels of a virtual system. It eases the management of the required security objectives. The PIGA-Virt approach guarantees the required security objectives while controlling efficiently the information flows. PIGA-Virt supports a large range of predefined protection canvas whose efficiency has been demonstrated during the ANR Sec&Si  security challenge. The paper shows how the PIGA-Virt approach guarantees advanced confidentiality and integrity properties by controlling complex combinations of transitive information flows passing through intermediate resources. As far as we know, PIGA-Virt is the first operational solution providing in-depth MAC protection, addressing advanced security requirements and controlling efficiently information flows inside and between virtual machines. Moreover, the solution is independent of the underlying hypervisor. Performances and protection scenarios are given for protecting KVM virtual machines.

Keywords

Cloud Computing Virtual Machine Illegal Activity Security Property Covert Channel 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    BitVisor 1.1 Reference Manual (2010), http://www.bitvisor.org/
  2. 2.
    Carbone, M., Zamboni, D., Lee, W.: Taming virtualization. IEEE Security and Privacy 6(1), 65–67 (2008)CrossRefGoogle Scholar
  3. 3.
    Chen, X., Garfinkel, T., Christopher Lewis, E., Subrahmanyam, P., Waldspurger, C.A., Boneh, D., Dwoskin, J., Ports, D.R.K.: Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. SIGOPS Oper. Syst. Rev. 42, 2–13 (2008)CrossRefGoogle Scholar
  4. 4.
    Jaeger, T., Schiffman, J.: Outlook: Cloudy with a chance of security challenges and improvements. IEEE Security and Privacy 8, 77–80 (2010)CrossRefGoogle Scholar
  5. 5.
    Briffaut, C.T.J., Peres, M.: A dynamic end-to-end security for coordinating multiple protections within a linux desktop. In: Proceedings of the 2010 IEEE Workshop on Collaboration and Security (COLSEC 2010), pp. 509–515. IEEE Computer Society, Chicago (2010)Google Scholar
  6. 6.
    Loscocco, P.A., Smalley, S.D., Muckelbauer, P.A., Taylor, R.C., Turner, S.J., Farrell, J.F.: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments. In: Proceedings of the 21st National Information Systems Security Conference, Arlington, Virginia, USA, pp. 303–314 (October 1998)Google Scholar
  7. 7.
    McCune, J.M., Jaeger, T., Berger, S., Caceres, R., Sailer, R.: Shamon: A system for distributed mandatory access control. In: Proceedings of the 22nd Annual Computer Security Applications Conference, pp. 23–32. IEEE Computer Society, Washington, DC (2006)Google Scholar
  8. 8.
    Payne, B.D., Sailer, R., Cáceres, R., Perez, R., Lee, W.: A layered approach to simplified access control in virtualized systems. SIGOPS Oper. Syst. Rev. 41, 12–19 (2007)CrossRefGoogle Scholar
  9. 9.
    Pearson, S., Benameur, A.: Privacy, security and trust issues arising from cloud computing. In: Proceedings of the 2010 IEEE Second International Conference on Cloud Computing Technology and Science, CLOUDCOM 2010, pp. 693–702. IEEE Computer Society, Washington, DC (2010)CrossRefGoogle Scholar
  10. 10.
    Quynh, N.A., Takefuji, Y.: A real-time integrity monitor for xen virtual machine. In: ICNS 2006: Proceedings of the International Conference on Networking and Services, p. 90. IEEE Computer Society, Washington, DC (2006)CrossRefGoogle Scholar
  11. 11.
    Rueda, S., Vijayakumar, H., Jaeger, T.: Analysis of virtual machine system policies. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009, pp. 227–236. ACM, New York (2009)CrossRefGoogle Scholar
  12. 12.
    Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R., Berger, S., Griffin, J.L., Van Doorn, L., Center, I.B.M.T.J.W.R., Hawthorne, N.Y.: Building a MAC-based security architecture for the Xen open-source hypervisor. In: 21st Annual Computer Security Applications Conference, p. 10 (2005)Google Scholar
  13. 13.
    Sandhu, R., Boppana, R., Krishnan, R., Reich, J., Wolff, T., Zachry, J.: Towards a discipline of mission-aware cloud computing. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, CCSW 2010, pp. 13–18. ACM, New York (2010)CrossRefGoogle Scholar
  14. 14.
    Wojtczuk, R.: Subverting the Xen hypervisor. BlackHat USA (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • J. Briffaut
    • 1
  • E. Lefebvre
    • 1
  • J. Rouzaud-Cornabas
    • 1
  • C. Toinard
    • 1
  1. 1.LIFOENSI de BourgesBourges cedexFrance

Personalised recommendations