TY - GEN
T1 - Building a MAC-based security architecture for the Xen open-source hypervisor
AU - Sailer, Reiner
AU - Jaeger, Trent
AU - Valdez, Enriquillo
AU - Cáceres, Ramón
AU - Perez, Ronald
AU - Berger, Stefan
AU - Griffin, John Linwood
AU - Van Doorn, Leendert
PY - 2005
Y1 - 2005
N2 - We present the sHype hypervisor security architecture and examine in detail its mandatory access control facilities. While existing hypervisor security approaches aiming at high assurance have been proven useful for high-security environments that prioritize security over performance and code reuse, our approach aims at commercial security where near-zero performance overhead, non-intrusive implementation, and usability are of paramount importance. sHype enforces strong isolation at the granularity of a virtual machine, thus providing a robust foundation on which higher software layers can enact finer-grained controls. We provide the rationale behind the sHype design and describe and evaluate our implementation for the Xen open-source hypervisor.
AB - We present the sHype hypervisor security architecture and examine in detail its mandatory access control facilities. While existing hypervisor security approaches aiming at high assurance have been proven useful for high-security environments that prioritize security over performance and code reuse, our approach aims at commercial security where near-zero performance overhead, non-intrusive implementation, and usability are of paramount importance. sHype enforces strong isolation at the granularity of a virtual machine, thus providing a robust foundation on which higher software layers can enact finer-grained controls. We provide the rationale behind the sHype design and describe and evaluate our implementation for the Xen open-source hypervisor.
UR - http://www.scopus.com/inward/record.url?scp=33750248123&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33750248123&partnerID=8YFLogxK
U2 - 10.1109/CSAC.2005.13
DO - 10.1109/CSAC.2005.13
M3 - Conference contribution
AN - SCOPUS:33750248123
SN - 0769524613
SN - 9780769524610
T3 - Proceedings - Annual Computer Security Applications Conference, ACSAC
SP - 276
EP - 285
BT - Proceedings - 21st Annual Computer Security Applications Conference, ACSAC 2005
T2 - 21st Annual Computer Security Applications Conference, ACSAC 2005
Y2 - 5 December 2005 through 9 December 2005
ER -