Flexible security configuration for virtual machines

Sandra Rueda, Yogesh Sreenivasan, Trent Jaeger

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Scopus citations

Abstract

Virtualmachines are widely accepted as a promising basis for building secure systems. However, while virtual machines offer effective mechanisms to create isolated environments, mechanisms that offer controlled interaction among VMs are immature. Some VM systems include flexible policy models and some enable MLS enforcement, but the flexible use of policy to control VM interactions has not been developed. In this paper, we propose an architecture that enables administrators to configure virtual machines to satisfy prescribed security goals. We describe the design and implementation of such an architecture using SELinux, Xen and IPsec as the tools to express and enforce policies at the OS, VM and Network layers, respectively. We develop a web application using our architecture and show that we can configure application VMs in such a way that we can verify the enforcement of the security goals of those applications.

Original languageEnglish (US)
Title of host publicationProceedings of the 2nd ACM Workshop on Computer Security Architectures, CSAW'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
Pages35-43
Number of pages9
DOIs
StatePublished - 2008
Event2nd ACM Workshop on Computer Security Architectures, CSAW'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08 - Alexandria, VA, United States
Duration: Oct 27 2008Oct 31 2008

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other2nd ACM Workshop on Computer Security Architectures, CSAW'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
Country/TerritoryUnited States
CityAlexandria, VA
Period10/27/0810/31/08

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Flexible security configuration for virtual machines'. Together they form a unique fingerprint.

Cite this