Abstract
In order to guarantee security properties, such as confidentiality and integrity, cryptographic mechanisms provide encryption and signature of data, but protection is required to control the data accesses. The recent attacks on Facebook and Twitter show that the protection must not be limited to the infrastructure i.e. the hosts and the guest virtual machines.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
- 3.
- 4.
References
Smalley S, Vance C, Salamon W (2001) Implementing selinux as a linux security module. NAI Labs Report 1:43
Morris J (2009) sVirt: Hardening linux virtualization with mandatory access control. Linux.conf.au conference, In
Briffaut J, Lefebvre E, Rouzaud-Cornabas J, Toinard C, (2011) Piga-virt: an advanced distributed macprotection of virtual systems. In: VHPC, (2011) 6th workshop on virtualization and high-performance cloud computing. Bordeaux, France 2011
Sotomayor B, Montero RS, Llorente IM, Foster I (2009) Virtual infrastructure management in private and hybrid clouds. IEEE Internet Comput 13(5):14–22
Pearson S, Benameur A (2010) Privacy, security and trust issues arising from cloud computing. In Proceedings of the 2010 IEEE second international conference on cloud computing technology and science, CLOUDCOM ’10, Washington, DC, USA, 2010. IEEE Computer Society, pp 693–702.
Jaeger T, Schiffman J (2010) Outlook: cloudy with a chance of security challenges and improvements. IEEE Secu Priv Mag 8(1):77–80
Vaquero LM, Rodero-Merino L, Morán D (2011) Locking the sky: a survey on iaas cloud security. Computing 91:93–118
Sandhu R, Boppana R, Krishnan R, Reich J, Wolff T, Zachry J (2010) Towards a discipline of mission-aware cloud computing. In: Proceedings of the 2010 ACM workshop on Cloud computing security workshop, CCSW ’10, New York, NY, USA, 2010. ACM, pp 13–18.
Briffaut J, Perès M, Rouzaud-Cornabas J, Solanki TC, Venelle B (2011) Piga-os: Retour sur le système d’exploitation vainqueur du défi sécurité. In 8ième Conférence Francophone sur les Systèmes d’Exploitation, 2011.
Takabi H, Joshi JBD, Ahn G (2010) Security and privacy challenges in cloud computing environments. IEEE Secur Priv 8(6):24–31
Harrison MA, Ruzzo WL, Ullman JD (1976) Protection in operating systems. Commun ACM 19(8):461–471
Lampson BW (1971) Protection. In: The 5th symposium on information sciences and systems, Princeton University, March 1971, pp 437–443.
Hicks B, Rueda S, King D, Moyer T, Schiffman J, Sreenivasan Y, McDaniel P, Jaeger T (2010) An architecture for enforcing end-to-end access control over web applications. In Proceedings of the 15th ACM symposium on Access control models and technologies, SACMAT ’10, New York, NY, USA, 2010. ACM, pp 163–172.
Jérémy B (2007) Formalisation et garantie de propriétés de sécurité système : application à la détection d’intrusions. PhD thesis, Thèse de doctorat en informatique, Université d’Orléans, 13 décembre 2007.
Loscocco P, Smalley S (2001) Integrating flexible support for security policies into the linux operating system. In: 2001 USENIX annual technical conference (FREENIX ’01), Boston, Massachusets, United-States, 2001. USENIX Association.
Boebert WE, Kain RY (1985) A practical alternative to hierarchical integrity policies. In: The 8th national computer security conference, Gaithersburg, MD, USA, October 1985, pp 18–27.
Core Labs. Core force user’s guide. October 2005, pp 1–2.
Gros D, Toinard C, Briffaut J (2012) Contrôle d’accès mandataire pour Windows 7. In: SSTIC 2012, Rennes, France, June 2012, pp 266–291.
Keller E, Szefer J, Rexford J, Lee RB (2010) Nohype: virtualized cloud infrastructure without the virtualization. SIGARCH Comput Archit News 38(3):350–361
Szefer J, Keller E (2011) Lee RB (2011) Eliminating the hypervisor attack surface for a more secure cloud. ACM conference on computer and communications security, In
BitVisor 1.1 Reference Manual. http://www.bitvisor.org/, 2010
Carbone M, Zamboni D, Lee W (2008) Taming virtualization. IEEE Secur Priv 6(1):65–67
Quynh NA, Takefuji Y (2006) A real-time integrity monitor for xen virtual machine. In: ICNS ’06: Proceedings of the international conference on networking and services, Washington, DC, USA, 2006. IEEE computer society, p 90.
Sailer R, Jaeger T, Valdez E, Caceres R, Perez R, Berger S, Griffin JL, Van Doorn L, Center IBMTJWR, Hawthorne NY (2005) Building a MAC-based security architecture for the Xen open-source hypervisor. In: Computer security applications conference, 21st Annual, 2005, p 10.
Raj H, Nathuji R, Singh A (2009) Resource management for isolation enhanced cloud services. CCSW ’09 Proceedings of the 2009 ACM workshop on Cloud computing, security, 2009, p 77.
Abadi M, Fournet C (2003) Access control based on execution history. In: Proceedings of the 10th annual network and distributed system security, symposium pp 107–121, 2003.
Pistoia M (2007) Beyond stack inspection: a unified access-control and information-flow security model. In: SP: security and privacy. IEEE 2007:149–163
Vivek H, Deepak C (2005) Michael F (2005) Dynamic taint propagation for java. Department of Information and Computer Science - University of California, Technical report
Vivek H, Deepak C (2005) Michael F (2005) Practical, dynamic information-flow for virtual machines. Department of Information and Computer Science - University of California, September, Technical report
Nair S, Simpson P, Crispo B, Tanenbaum A (2008) Trishul: a policy enforcement architecture for java virtual machines. In: Technical, Report IR-CS-045, May 2008.
Rouzaud-Cornabas J (2010) Formalisation de propriétés de sécurité pour la protection des systèmes d’exploitation. PhD thesis, Thèse de doctorat en informatique, Université d’Orléans, 2 décembre 2010.
Almutairi A, Sarfraz M, Basalamah S, Aref W, Ghafoor A (2012) A distributed access control architecture for cloud computing. IEEE Softw 29(2):36–44
Calero JMA, Edwards N, Kirschnick J, Wilcock L, Wray M (2010) Toward a multi-tenancy authorization system for cloud services. IEEE Secur Priv 8(6):48–55
Briffaut J, Toinard C, Gros D (2012) Contrôle d’accès mandataire pour windows 7. In: Symposium sur la sécurité des technologies de l’information et des, communications, 2012, pp 266–291.
Rueda S, Vijayakumar H, Jaeger T (2009) Analysis of virtual machine system policies. In: Proceedings of the 14th ACM symposium on Access control models and technologies, SACMAT ’09, New York, NY, USA, 2009. ACM, pp 227–236.
Payne BD, Sailer R, Cáceres R, Perez R, Lee W (2007) A layered approach to simplified access control in virtualized systems. SIGOPS Oper Syst Rev 41:12–19
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Blanc, M. et al. (2014). Mandatory Access Protection Within Cloud Systems. In: Nepal, S., Pathan, M. (eds) Security, Privacy and Trust in Cloud Systems. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38586-5_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-38586-5_5
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38585-8
Online ISBN: 978-3-642-38586-5
eBook Packages: EngineeringEngineering (R0)