View article

Building a MAC-based security architecture for the Xen open-source hypervisor

Authors

Reiner Sailer, Trent Jaeger, Enriquillo Valdez, Ramon Caceres, Ronald Perez, Stefan Berger, John Linwood Griffin, Leendert Van Doorn

Publication date

2005/12/5

Conference

21st Annual Computer Security Applications Conference (ACSAC'05)

Pages

10 pp.-285

Publisher

IEEE

Description

We present the sHype hypervisor security architecture and examine in detail its mandatory access control facilities. While existing hypervisor security approaches aiming at high assurance have been proven useful for high-security environments that prioritize security over performance and code reuse, our approach aims at commercial security where near-zero performance overhead, non-intrusive implementation, and usability are of paramount importance. sHype enforces strong isolation at the granularity of a virtual machine, thus providing a robust foundation on which higher software layers can enact finer-grained controls. We provide the rationale behind the sHype design and describe and evaluate our implementation for the Xen open-source hypervisor

Total citations

Cited by 427

200520062007200820092010201120122013201420152016201720182019202020212022202320243 20 33 40 43 46 34 43 37 31 28 15 12 10 6 7 3 5 1

Scholar articles

Building a MAC-based security architecture for the Xen open-source hypervisor

R Sailer, T Jaeger, E Valdez, R Caceres, R Perez… - 21st Annual Computer Security Applications …, 2005

IBMTJWR Center, and NY Hawthorne. Building a MAC-based security architecture for the Xen open-source hypervisor*

R Sailer, T Jaeger, E Valdez, R Caceres, R Perez… - Computer Security Applications Conference, 21st …, 2005

Cited by 2 Related articles