Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

European Conference on Parallel Processing

Euro-Par 2011: Euro-Par 2011: Parallel Processing Workshops pp 416–425Cite as

  1. Home
  2. Euro-Par 2011: Parallel Processing Workshops
  3. Conference paper
PIGA-Virt: An Advanced Distributed MAC Protection of Virtual Systems

PIGA-Virt: An Advanced Distributed MAC Protection of Virtual Systems

  • J. Briffaut30,
  • E. Lefebvre30,
  • J. Rouzaud-Cornabas30 &
  • …
  • C. Toinard30 
  • Conference paper
  • 1073 Accesses

  • 4 Citations

Part of the Lecture Notes in Computer Science book series (LNTCS,volume 7156)

Abstract

Efficient Mandatory Access Control of Virtual Machines remains an open problem for protecting efficiently Cloud Systems. For example, the MAC protection must allow some information flows between two virtual machines while preventing other information flows between those two machines. For solving these problems, the virtual environment must guarantee an in-depth protection in order to control the information flows that starts in a Virtual Machine (vm) and finishes in another one. In contrast with existing MAC approaches, PIGA-Virt is a MAC protection controlling the different levels of a virtual system. It eases the management of the required security objectives. The PIGA-Virt approach guarantees the required security objectives while controlling efficiently the information flows. PIGA-Virt supports a large range of predefined protection canvas whose efficiency has been demonstrated during the ANR Sec&Si  security challenge. The paper shows how the PIGA-Virt approach guarantees advanced confidentiality and integrity properties by controlling complex combinations of transitive information flows passing through intermediate resources. As far as we know, PIGA-Virt is the first operational solution providing in-depth MAC protection, addressing advanced security requirements and controlling efficiently information flows inside and between virtual machines. Moreover, the solution is independent of the underlying hypervisor. Performances and protection scenarios are given for protecting KVM virtual machines.

Keywords

  • Cloud Computing
  • Virtual Machine
  • Illegal Activity
  • Security Property
  • Covert Channel

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Download conference paper PDF

References

  1. BitVisor 1.1 Reference Manual (2010), http://www.bitvisor.org/

  2. Carbone, M., Zamboni, D., Lee, W.: Taming virtualization. IEEE Security and Privacy 6(1), 65–67 (2008)

    CrossRef  Google Scholar 

  3. Chen, X., Garfinkel, T., Christopher Lewis, E., Subrahmanyam, P., Waldspurger, C.A., Boneh, D., Dwoskin, J., Ports, D.R.K.: Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. SIGOPS Oper. Syst. Rev. 42, 2–13 (2008)

    CrossRef  Google Scholar 

  4. Jaeger, T., Schiffman, J.: Outlook: Cloudy with a chance of security challenges and improvements. IEEE Security and Privacy 8, 77–80 (2010)

    CrossRef  Google Scholar 

  5. Briffaut, C.T.J., Peres, M.: A dynamic end-to-end security for coordinating multiple protections within a linux desktop. In: Proceedings of the 2010 IEEE Workshop on Collaboration and Security (COLSEC 2010), pp. 509–515. IEEE Computer Society, Chicago (2010)

    Google Scholar 

  6. Loscocco, P.A., Smalley, S.D., Muckelbauer, P.A., Taylor, R.C., Turner, S.J., Farrell, J.F.: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments. In: Proceedings of the 21st National Information Systems Security Conference, Arlington, Virginia, USA, pp. 303–314 (October 1998)

    Google Scholar 

  7. McCune, J.M., Jaeger, T., Berger, S., Caceres, R., Sailer, R.: Shamon: A system for distributed mandatory access control. In: Proceedings of the 22nd Annual Computer Security Applications Conference, pp. 23–32. IEEE Computer Society, Washington, DC (2006)

    Google Scholar 

  8. Payne, B.D., Sailer, R., Cáceres, R., Perez, R., Lee, W.: A layered approach to simplified access control in virtualized systems. SIGOPS Oper. Syst. Rev. 41, 12–19 (2007)

    CrossRef  Google Scholar 

  9. Pearson, S., Benameur, A.: Privacy, security and trust issues arising from cloud computing. In: Proceedings of the 2010 IEEE Second International Conference on Cloud Computing Technology and Science, CLOUDCOM 2010, pp. 693–702. IEEE Computer Society, Washington, DC (2010)

    CrossRef  Google Scholar 

  10. Quynh, N.A., Takefuji, Y.: A real-time integrity monitor for xen virtual machine. In: ICNS 2006: Proceedings of the International Conference on Networking and Services, p. 90. IEEE Computer Society, Washington, DC (2006)

    CrossRef  Google Scholar 

  11. Rueda, S., Vijayakumar, H., Jaeger, T.: Analysis of virtual machine system policies. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009, pp. 227–236. ACM, New York (2009)

    CrossRef  Google Scholar 

  12. Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R., Berger, S., Griffin, J.L., Van Doorn, L., Center, I.B.M.T.J.W.R., Hawthorne, N.Y.: Building a MAC-based security architecture for the Xen open-source hypervisor. In: 21st Annual Computer Security Applications Conference, p. 10 (2005)

    Google Scholar 

  13. Sandhu, R., Boppana, R., Krishnan, R., Reich, J., Wolff, T., Zachry, J.: Towards a discipline of mission-aware cloud computing. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, CCSW 2010, pp. 13–18. ACM, New York (2010)

    CrossRef  Google Scholar 

  14. Wojtczuk, R.: Subverting the Xen hypervisor. BlackHat USA (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LIFO, ENSI de Bourges, 88 bd Lahitolle, 18020, Bourges cedex, France

    J. Briffaut, E. Lefebvre, J. Rouzaud-Cornabas & C. Toinard

Authors
  1. J. Briffaut
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. E. Lefebvre
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. J. Rouzaud-Cornabas
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. C. Toinard
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Scilytics, Koellnerhofgasse 3/15A, 1010, Vienna, Austria

    Michael Alexander

  2. ICAR-CNR, Via P. Castellino, 111, 80131, Napoli, Italy

    Pasqua D’Ambra

  3. University of Amsterdam, 1090, Amsterdam, Netherlands

    Adam Belloum

  4. Innovative Computing Laboratory, The University of Tennessee, US

    George Bosilca

  5. Department of Experimental Medicine and Clinic, University Magna Græcia, 88100, Catanzaro, Italy

    Mario Cannataro

  6. Computer Science Department, University of Pisa, Italy

    Marco Danelutto

  7. Second University of Naples, Italy

    Beniamino Di Martino

  8. TUMünchen,, Boltzmannstr. 3, ,, 85748, Garching, Germany

    Michael Gerndt

  9. Equipe Runtime, INRIA Bordeaux Sud-Ouest, 33405, Talence Cedex, France

    Emmanuel Jeannot & Raymond Namyst & 

  10. Equipe HIEPACS, INRIA Bordeaux Sud-Ouest, 33405, Talence Cedex, France

    Jean Roman

  11. Computer Science and Mathematics Division, Oak Ridge National Laboratory, 37831-6164, Oak Ridge, TN, USA

    Stephen L. Scott

  12. Department of Scientific Computing, University of Vienna, Nordbergstr. 15/3C, 1090, Vienna, Austria

    Jesper Larsson Traff

  13. Computer Science and Mathematics Division, Oak Ridge National Laboratory, 37831, Oak Ridge, TN, USA

    Geoffroy Vallée

  14. Technische Universität München, Germany

    Josef Weidendorfer

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Briffaut, J., Lefebvre, E., Rouzaud-Cornabas, J., Toinard, C. (2012). PIGA-Virt: An Advanced Distributed MAC Protection of Virtual Systems. In: Alexander, M., et al. Euro-Par 2011: Parallel Processing Workshops. Euro-Par 2011. Lecture Notes in Computer Science, vol 7156. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29740-3_47

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-29740-3_47

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-29739-7

  • Online ISBN: 978-3-642-29740-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature