A Mandatory Access Control Framework in Virtual Machine System with Respect to Multi-level Security Ⅱ:Implementation 被引量：5

一种虚拟机系统下关于多级安全的强制访问控制框架Ⅱ:实现(英文)

在线阅读下载PDF

导出

摘要 This paper is a continuation of our last paper [1] which describes the theory of Virt-BLP model. Based on Virt-BLP model,this paper implements a mandatory access control(MAC) framework applicable to multi-level security(MLS) in Xen. The Virt-BLP model is the theoretical basis of this MAC framework,and this MAC framework is the implementation of Virt-BLP model. Our last paper focuses on Virt-BLP model,while this paper concentrates on the design and implementation of MAC framework. For there is no MAC framework applicable to MLS in virtual machine system at present,our MAC framework fills the blank by applying Virt-BLP model to Xen,which is better than current researches to guarantee the security of communication between virtual machines(VMs) . The experimental results show that our MAC framework is effective to manage the communication between VMs. This paper is a continuation of our last paper [1] which describes the theory of Virt-BLP model. Based on Virt-BLP model,this paper implements a mandatory access control(MAC) framework applicable to multi-level security(MLS) in Xen. The Virt-BLP model is the theoretical basis of this MAC framework,and this MAC framework is the implementation of Virt-BLP model. Our last paper focuses on Virt-BLP model,while this paper concentrates on the design and implementation of MAC framework. For there is no MAC framework applicable to MLS in virtual machine system at present,our MAC framework fills the blank by applying Virt-BLP model to Xen,which is better than current researches to guarantee the security of communication between virtual machines(VMs) . The experimental results show that our MAC framework is effective to manage the communication between VMs.

作者刘谦王观海翁楚良骆源李明禄

机构地区 Department of Computer Science and Engineering

出处《China Communications》 SCIE CSCD 2011年第2期86-94,共9页 中国通信（英文版）

基金 supported by National Key Basic Research and Development Plan (973 Plan) of China (No. 2007CB310900) National Natural Science Foundation of China (No. 90612018, 90715030 and 60970008)

关键词 virt-BLP model MAC framework multi-level security XEN virt-BLP model MAC framework multi-level security Xen

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献8

1刘谦,王观海,翁楚良,骆源,李明禄.一种虚拟机系统中关于多级安全的强制访问控制框架Ⅰ:理论(英文)[J]中国通信,2010(04).
2LITTY L,LIE D.Manitou: A LayerBelow Approach to Fighting Malware. Proceedings of the 1st Workshop on Architectural and System Support for Improving Software Dependability . 2006
3HIRANO M,SHINAGAWA T,EIRAKU H, et al.Introducing Role-Based Access Control to a Secure Virtual Machine Monitor: Security Policy Enforcement Mechanism for Distributed Computers. Proceedings of IEEE Asia-Pacific Services Computing Conference . 2008
4COKER G.Xen Security Modules (XSM). http://www.xen.org/fi les/xensummit_4/xsm- summit-041707_Coker.pdf . 2010
5Dunlap G W,King S T,Sukru C et al.ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay. Proceedings of the Symposium on Operating Systems Design and Implementation (OSDI’02) . 2002
6Reiner Sailer,Trent Jaeger,Enriquillo Valdez,Ramon Caceres,Ronald Perez,Stefan Berger,John Linwood Griffin,Leendert van Doorn.Building a mac-based securityarchitecture for the xen open-source hypervisor. Proceedings of the 2005 Annual Computer Security Applications Conference . 2005
7Barham P,Dragovic B,Fraser K,et al.Xen and the Art of Virtualization. Proceedings of the 19th ACM Symposium on Operating Systems Principles . 2003
8McLean J.The specification and modeling of computer security. Computer . 1990

同被引文献64

1Brickell E F, Hall C D, Cihula J F, et al. Method of improv- ing computer security through sandboxing [P]. US: 7908653, 2011-03-15.
2Ashok R K, Jemiolo D E, Kaplinger T E, et al. Secure ac- cess to a virtual machine [P]. US: 13/420, 102, 2012-03-14.
3Tupakula U, Varadharajan V, Bichhawat A. Security archi- tecture for virtual machines [C]//Proc 1 lth Algorithms and architectures for parallel processing. Berlin, Heidelberg: Springer-Verlag, 2011 : 218-229.
4Garber L. The challenges of securing the virtualized envi- ronment [J]. Computer, 2012, 45(1): 17-20.
5Haeberlen A, Aditya P, Rodrigues R, et al. Accountable virtual machines [C]//Proc 9th USENIX Operating systems design and implementation. New York: USENIX Associa- tion, 2010: 58-74.
6Kunk A, Bohman P, Shaw E. VMM based rootkit detection on Android[EB/OL]. [2011-05-10]. http://cs523-sp2011-bjks. googlecode.com/files/cs5 23 final_report.pdf.
7Borghei E, Azmi R, Ghahremanian A, et al. Virtual machine based security architecture [C]//Proe World Congress on In- ternet Security. London: IEEE Press, 2011 : 210- 215.
8Nan Z. Virtualization safety problem analysis [C]//Proc 3rd Communication Software and Networks. Xi'an: IEEE Press, 2011: 195-197.
9Semnanian A A, Pham J, Englert B, et al. Virtualization technology and its impact on computer hardware architec- ture [C]//Proc Eighth International Conference on Informa- tion Technology: New Generations. Las Vegas: IEEE Press, 2011: 719-724.
10Amsden Z, Arai D, Hecht D, et al. Virtual machine interface (vmi) specifications [EB/OL]. [2013-05-02]. http://www. vmware, com/pdf/vmi_specs.pdf.

引证文献5

1WANG Xiaorui,WANG Qingxian,GUO Yudong,LU Jianping.Information Transfer Model of Virtual Machine Based on Storage Covert Channel[J].Wuhan University Journal of Natural Sciences,2013,18(5):377-384.
2王晓睿,王清贤,郭玉东,卢建平.虚拟化系统中的攻击与防护模型研究[J].武汉大学学报（理学版）,2013,59(5):416-424. 被引量：2
3梁彪,秦中元,沈日胜,陈琦,吕游,强勇,郭爱文.一种虚拟机访问控制安全模型[J].计算机应用研究,2014,31(1):231-235. 被引量：4
4邵国林,陈兴蜀,尹学渊,张峰伟.基于OpenFlow的虚拟机流量检测系统的设计与实现[J].计算机应用,2014,34(4):1034-1037. 被引量：7
5于红岩,岑凯伦,杨腾霄.云计算平台异常行为检测系统的设计与实现[J].计算机应用,2015,35(5):1284-1289. 被引量：9

二级引证文献22

1李宇宏.企业虚拟化环境中的安全防护[J].中国新技术新产品,2014(11):94-94. 被引量：2
2彭淑芬.基于虚拟机的信息系统结构安全研究[J].微型机与应用,2015,34(3):11-14. 被引量：1
3于红岩,岑凯伦,杨腾霄.云计算平台异常行为检测系统的设计与实现[J].计算机应用,2015,35(5):1284-1289. 被引量：9
4李敬有.可信计算机平台中易受攻击区域检测方法仿真[J].计算机仿真,2015,32(7):373-377.
5饶正婵,蒲天银.大型云计算网络下的疑似危险信号检测系统的设计与研发[J].现代电子技术,2015,38(22):105-107. 被引量：2
6翁垚.一种基于OpenFlow的入侵检测评估系统[J].电子测试,2016,27(1):67-68.
7王刚.无线传感器网络信号突变监控模块的电路设计[J].现代电子技术,2016,39(22):116-120. 被引量：1
8王兴芬,孙彦超.云计算模式下教学资源管理平台的研究与建设[J].中国教育信息化,2016,22(23):55-57. 被引量：4
9杨玉梅,宫纪明,胡兰兰.网络安全中防火墙穿越代理的实践研究[J].计算机与网络,2016,42(17):63-65.
10李岱,熊蜀峰.移动自组织网络中基于智能混合扩频的高效媒体访问控制方法[J].计算机应用研究,2017,34(7):2123-2127. 被引量：1

1LIU Qian WANG Guanhai WENG Chuliang LUO Yuan LI Minglu.A Mandatory Access Control Framework in Virtual Machine System with Respect to Multi-level Security I： Theory[J].China Communications,2010,7(4):137-143. 被引量：1
2自动多级安全的数字水印[J].军民两用技术与产品,2003(5):45-45.
3罗昭武.多级安全密码算法[J].密码与信息,1995(4):1-9.
4罗昭武.分布式多级密钥管理及分发系统[J].密码与信息,1995(4):27-36.
5苏铓,李凤华,史国振,李莉.面向多级安全的结构化文档描述模型[J].通信学报,2012,33(S1):222-227.
6李云峰.NAS后台运行ONLAN／PC承担通信任务[J].吉林气象,1996(2):53-53.
7刘晓坦,李晓雯,崔翔.基于可信计算的多级安全策略研究[J].电子设计工程,2016,24(7):148-150. 被引量：4
8Yu Jingyuan(Beijing Institute of Information and Control).Systems Engineering and Its Theoretical Basis[J].Journal of Systems Engineering and Electronics,1990,1(1):1-17.
9Li Youming Xu Chen Ren Chunli(Dept. Appl. Math., Xidian Univ., Xi’an 710071)(Dept. of Software, Shenzhen Univ., Shenzhen 518060).DIRECTION-OF-ARRIVAL ESTIMATION BY CONTINUATION METHOD[J].Journal of Electronics(China),1999,16(2):159-164.
10杨宝琪,贺玉寅.支持高机动战术互联网的多级安全－－ELB ACTD[J].外军电信动态,2003(1):59-62.

China Communications

2011年第2期

浏览历史

内容加载中请稍等...

A Mandatory Access Control Framework in Virtual Machine System with Respect to Multi-level Security Ⅱ:Implementation 被引量：5

参考文献8

同被引文献64

引证文献5

二级引证文献22

相关作者

相关机构

相关主题

浏览历史