Centralized security policy support for virtual machine

Nguyen Anh Quynh, Ruo Ando, Yoshiyasu Takefuji

Research output: Contribution to conferencePaperpeer-review

11 Citations (Scopus)

Abstract

For decades, researchers have pointed out that Mandatory Access Control (MAC) is an effective method to protect computer systems from being misused. Unfortunately, MAC is still not widely deployed because of its complexity. The problem is even worse in a virtual machine environment, because the current architecture is not designed to support MAC in a site-wide manner: machines with multiple virtual hosts needs to have multiple MAC security policies, and each of these policies must be updated and managed separately inside each virtual host. In order to ease the burden on administrators when deploying security policies in a virtual environment, this paper proposes an architecture named Virtual Mandatory Access Control (VMAC) to centralize security policies, so that all policy management can easily be done from a central machine. VMAC securely centralizes the security logging information from all virtual hosts into a central machine so intrusion detection analysis on the logging data is straightforward. To arrive at the architecture presented here, we have investigated various popular MAC schemes, and implemented several schemes with VMAC on the Xen Virtual Machine. This paper presents our experiences in the development process.

Original languageEnglish
Pages79-87
Number of pages9
Publication statusPublished - 2006
Externally publishedYes
Event20th Large Installation System Administration Conference, LISA 2006 - Washington, United States
Duration: 2006 Dec 32006 Dec 8

Conference

Conference20th Large Installation System Administration Conference, LISA 2006
Country/TerritoryUnited States
CityWashington
Period06/12/306/12/8

ASJC Scopus subject areas

  • Management of Technology and Innovation
  • Information Systems and Management

Fingerprint

Dive into the research topics of 'Centralized security policy support for virtual machine'. Together they form a unique fingerprint.

Cite this