Building a MAC-based security architecture for the Xen open-source hypervisor

Reiner Sailer, Trent Jaeger, Enriquillo Valdez, Ramón Cáceres, Ronald Perez, Stefan Berger, John Linwood Griffin, Leendert Van Doorn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

211 Scopus citations

Abstract

We present the sHype hypervisor security architecture and examine in detail its mandatory access control facilities. While existing hypervisor security approaches aiming at high assurance have been proven useful for high-security environments that prioritize security over performance and code reuse, our approach aims at commercial security where near-zero performance overhead, non-intrusive implementation, and usability are of paramount importance. sHype enforces strong isolation at the granularity of a virtual machine, thus providing a robust foundation on which higher software layers can enact finer-grained controls. We provide the rationale behind the sHype design and describe and evaluate our implementation for the Xen open-source hypervisor.

Original languageEnglish (US)
Title of host publicationProceedings - 21st Annual Computer Security Applications Conference, ACSAC 2005
Pages276-285
Number of pages10
DOIs
StatePublished - 2005
Event21st Annual Computer Security Applications Conference, ACSAC 2005 - Tucson, AZ, United States
Duration: Dec 5 2005Dec 9 2005

Publication series

NameProceedings - Annual Computer Security Applications Conference, ACSAC
Volume2005
ISSN (Print)1063-9527

Other

Other21st Annual Computer Security Applications Conference, ACSAC 2005
Country/TerritoryUnited States
CityTucson, AZ
Period12/5/0512/9/05

All Science Journal Classification (ASJC) codes

  • Software
  • General Engineering

Fingerprint

Dive into the research topics of 'Building a MAC-based security architecture for the Xen open-source hypervisor'. Together they form a unique fingerprint.

Cite this