Centralized security policy support for virtual machine

Nguyen Anh Quynh; Ruo Ando; Yoshiyasu Takefuji

Centralized security policy support for virtual machine

Nguyen Anh Quynh, Ruo Ando, Yoshiyasu Takefuji

Research output: Contribution to conference › Paper › peer-review

Abstract

For decades, researchers have pointed out that Mandatory Access Control (MAC) is an effective method to protect computer systems from being misused. Unfortunately, MAC is still not widely deployed because of its complexity. The problem is even worse in a virtual machine environment, because the current architecture is not designed to support MAC in a site-wide manner: machines with multiple virtual hosts needs to have multiple MAC security policies, and each of these policies must be updated and managed separately inside each virtual host. In order to ease the burden on administrators when deploying security policies in a virtual environment, this paper proposes an architecture named Virtual Mandatory Access Control (VMAC) to centralize security policies, so that all policy management can easily be done from a central machine. VMAC securely centralizes the security logging information from all virtual hosts into a central machine so intrusion detection analysis on the logging data is straightforward. To arrive at the architecture presented here, we have investigated various popular MAC schemes, and implemented several schemes with VMAC on the Xen Virtual Machine. This paper presents our experiences in the development process.

Original language	English
Pages	79-87
Number of pages	9
Publication status	Published - 2006
Externally published	Yes
Event	20th Large Installation System Administration Conference, LISA 2006 - Washington, United States Duration: 2006 Dec 3 → 2006 Dec 8

Conference

Conference	20th Large Installation System Administration Conference, LISA 2006
Country/Territory	United States
City	Washington
Period	06/12/3 → 06/12/8

ASJC Scopus subject areas

Management of Technology and Innovation
Information Systems and Management

Cite this

@conference{9d52ea6427eb4bc0abdd19464a75dc84,

title = "Centralized security policy support for virtual machine",

abstract = "For decades, researchers have pointed out that Mandatory Access Control (MAC) is an effective method to protect computer systems from being misused. Unfortunately, MAC is still not widely deployed because of its complexity. The problem is even worse in a virtual machine environment, because the current architecture is not designed to support MAC in a site-wide manner: machines with multiple virtual hosts needs to have multiple MAC security policies, and each of these policies must be updated and managed separately inside each virtual host. In order to ease the burden on administrators when deploying security policies in a virtual environment, this paper proposes an architecture named Virtual Mandatory Access Control (VMAC) to centralize security policies, so that all policy management can easily be done from a central machine. VMAC securely centralizes the security logging information from all virtual hosts into a central machine so intrusion detection analysis on the logging data is straightforward. To arrive at the architecture presented here, we have investigated various popular MAC schemes, and implemented several schemes with VMAC on the Xen Virtual Machine. This paper presents our experiences in the development process.",

author = "Quynh, {Nguyen Anh} and Ruo Ando and Yoshiyasu Takefuji",

note = "Funding Information: His research interests focus on neural computing, security, electronic toys. He received the National Science Foundation Research Initiation Award in 1989, the distinct service award from IEEE Trans. on Neural Networks in 1992, the TEPCO research award in 1993, the Takayanagi research award in 1995, the Kanagawa Academy of Science and Technology research award in 1993, the best courseware award Publisher Copyright: {\textcopyright} LISA 2006 - 20th Large Installation System Administration Conference. All rights reserved.; 20th Large Installation System Administration Conference, LISA 2006 ; Conference date: 03-12-2006 Through 08-12-2006",

year = "2006",

language = "English",

pages = "79--87",

}

TY - CONF

T1 - Centralized security policy support for virtual machine

AU - Quynh, Nguyen Anh

AU - Ando, Ruo

AU - Takefuji, Yoshiyasu

N1 - Funding Information: His research interests focus on neural computing, security, electronic toys. He received the National Science Foundation Research Initiation Award in 1989, the distinct service award from IEEE Trans. on Neural Networks in 1992, the TEPCO research award in 1993, the Takayanagi research award in 1995, the Kanagawa Academy of Science and Technology research award in 1993, the best courseware award Publisher Copyright: © LISA 2006 - 20th Large Installation System Administration Conference. All rights reserved.

PY - 2006

Y1 - 2006

N2 - For decades, researchers have pointed out that Mandatory Access Control (MAC) is an effective method to protect computer systems from being misused. Unfortunately, MAC is still not widely deployed because of its complexity. The problem is even worse in a virtual machine environment, because the current architecture is not designed to support MAC in a site-wide manner: machines with multiple virtual hosts needs to have multiple MAC security policies, and each of these policies must be updated and managed separately inside each virtual host. In order to ease the burden on administrators when deploying security policies in a virtual environment, this paper proposes an architecture named Virtual Mandatory Access Control (VMAC) to centralize security policies, so that all policy management can easily be done from a central machine. VMAC securely centralizes the security logging information from all virtual hosts into a central machine so intrusion detection analysis on the logging data is straightforward. To arrive at the architecture presented here, we have investigated various popular MAC schemes, and implemented several schemes with VMAC on the Xen Virtual Machine. This paper presents our experiences in the development process.

AB - For decades, researchers have pointed out that Mandatory Access Control (MAC) is an effective method to protect computer systems from being misused. Unfortunately, MAC is still not widely deployed because of its complexity. The problem is even worse in a virtual machine environment, because the current architecture is not designed to support MAC in a site-wide manner: machines with multiple virtual hosts needs to have multiple MAC security policies, and each of these policies must be updated and managed separately inside each virtual host. In order to ease the burden on administrators when deploying security policies in a virtual environment, this paper proposes an architecture named Virtual Mandatory Access Control (VMAC) to centralize security policies, so that all policy management can easily be done from a central machine. VMAC securely centralizes the security logging information from all virtual hosts into a central machine so intrusion detection analysis on the logging data is straightforward. To arrive at the architecture presented here, we have investigated various popular MAC schemes, and implemented several schemes with VMAC on the Xen Virtual Machine. This paper presents our experiences in the development process.

UR - http://www.scopus.com/inward/record.url?scp=77950583783&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77950583783&partnerID=8YFLogxK

M3 - Paper

AN - SCOPUS:77950583783

SP - 79

EP - 87

T2 - 20th Large Installation System Administration Conference, LISA 2006

Y2 - 3 December 2006 through 8 December 2006

ER -

Centralized security policy support for virtual machine

Abstract

Conference

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this