42,875 Hits in 9.9 sec

A Virtual Machine Based Information Flow Control System for Policy Enforcement

Srijith K. Nair, Patrick N.D. Simpson, Bruno Crispo, Andrew S. Tanenbaum
2008 Electronical Notes in Theoretical Computer Science  
This paper presents the design and implementation of such an information flow control system, named Trishul, as a Java Virtual Machine.  ...  The ability to enforce usage policies attached to data in a fine grained manner requires that the system be able to trace and control the flow of information within it.  ...  Conclusions and Future Work In this paper we described the design and implementation of Trishul, a JVM based information flow tracing system.  ... 
doi:10.1016/j.entcs.2007.10.010 fatcat:cgyjnpsbbjhrhhb4vjf3li3fce

Flexible security configuration for virtual machines

Sandra Rueda, Yogesh Sreenivasan, Trent Jaeger
2008 Proceedings of the 2nd ACM workshop on Computer security architectures - CSAW '08  
Virtual machines are widely accepted as a promising basis for building secure systems.  ...  Some VM systems include flexible policy models and some enable MLS enforcement, but the flexible use of policy to control VM interactions has not been developed.  ...  This work demonstrated that a commercial virtual machine system could be a basis for mandatory access control enforcement, although the system was not released publicly.  ... 
doi:10.1145/1456508.1456515 dblp:conf/ccs/RuedaSJ08 fatcat:7rk6zvwfabhn7cp7kvgpev7jte

Towards automated security policy enforcement in multi-tenant virtual data centers

Serdar Cabuk, Chris I. Dalton, Konrad Eriksson, Dirk Kuhlmann, HariGovind V. Ramasamy, Gianluca Ramunno, Ahmad-Reza Sadeghi, Matthias Schunter, Christian Stüble, Jan Camenisch, Javier Lopez, Fabio Massacci (+2 others)
2010 Journal of Computer Security  
To address this challenge, this paper presents a security architecture for virtual data centers based on virtualization and Trusted Computing technologies.  ...  A major challenge in allaying such concerns is the enforcement of appropriate customer isolation as specified by high-level security policies.  ...  Cabuk This article is based on input from many members of the OpenTC project consortium.  ... 
doi:10.3233/jcs-2010-0376 fatcat:3smmtzait5chbd5ouiq3n3367q

Towards automated provisioning of secure virtualized networks

Serdar Cabuk, Chris I. Dalton, HariGovind Ramasamy, Matthias Schunter
2007 Proceedings of the 14th ACM conference on Computer and communications security - CCS '07  
enforce cross-group security requirements such as isolation, confidentiality, security, and information flow control.  ...  enforce crossgroup security requirements such as isolation, confidentiality, security, and information flow control.  ...  Acknowledgements We thank the other authors of [6] for valuable inputs. This work has been partially funded by the European Commission as part of the OpenTC project  ... 
doi:10.1145/1315245.1315275 dblp:conf/ccs/CabukDRS07 fatcat:6snudt5tgbdprduwjyrf3d5izi

Trusted virtual domains: Color your network

Luigi Catuogno, Hans Löhr, Mark Manulis, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy
2010 Datenschutz und Datensicherheit - DuD  
Trusted Virtual Domains (TVDs) provide a secure IT infrastructure offering a homogeneous and transparent enforcement of access control policies on data and network resources.  ...  In this article, we give an overview of the fundamental ideas and basic concepts behind TVDs, present a realization of TVDs, and discuss application scenarios.  ...  both intra-TVD and inter-TVD information flow policy.  ... 
doi:10.1007/s11623-010-0089-0 fatcat:se3b4xi4xneixjsnlgtbiy3pxa

Shamon: A System for Distributed Mandatory Access Control

Jonathan McCune, Trent Jaeger, Stefan Berger, Ramon Caceres, Reiner Sailer
2006 Proceedings of the Computer Security Applications Conference  
We define and demonstrate an approach to securing distributed computation based on a shared reference monitor (Shamon) that enforces mandatory access control (MAC) policies across a distributed set of  ...  We implement a prototype system on the Xen hypervisor with a trusted MAC virtual machine built on Linux 2.6 whose reference monitor design requires only 13 authorization checks, only 5 of which apply to  ...  MAC enforcement is simplified by using a small virtual machine monitor (VMM) as the base code and relying on minimal operating system controls.  ... 
doi:10.1109/acsac.2006.47 dblp:conf/acsac/McCuneJBCS06 fatcat:shjc7menozhcbjyjnnkkn6eta4

Decentralized information flow control on a bare-metal JVM

Karthikeyan Manivannan, Christian Wimmer, Michael Franz
2010 Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research - CSIIRW '10  
In a traditional setup where the Java Virtual Machine (JVM) runs on top of an Operating System (OS), sensitive information flows both through the JVM and the OS, and effective enforcement of information  ...  For example, Laminar uses the Linux Security Module to enforce information flow policies at the OS level, this could expose the system to rootkit based attacks [4] .  ... 
doi:10.1145/1852666.1852738 dblp:conf/csiirw/ManivannanWF10 fatcat:gupczfd5nrey7cyoiw6rxrnwiy

Behavior-based Attestation of Policy Enforcement among Trusted Virtual Domains

Rong-wei Yu, Fan Yin, Jin Ke, Lina Wang
2010 Journal of Networks  
According to behavior compliance, this paper proposes a behavior-based attestation of policy enforcement for distributed services in trusted virtual machine, which is adapted to trusted virtual domain.  ...  Index Terms-policy enforcement, behavior-based attestation, trusted virtual domain, integrity measurement  ...  The approach verified such two important behaviors of a UCON system enforcing its policies as attribute update behavior and information flow behavior. VI.  ... 
doi:10.4304/jnw.5.6.642-649 fatcat:5uwp4nt4rjfgpfqu64knemztwe

SeVMM: VMM-Based Security Control Model

Chen Wen-Zhi, Zhu Hong-Wei, Huang Wei
2008 2008 International Conference on Cyberworlds  
model for virtual machine monitors, operating systems and applications.  ...  By dividing the virtual resources into sharing virtual resources and normal ones, SeVMM provided secure mechanism for inter-domain communication control, which formed the base of multi-level security control  ...  Security policy enforcement module can make decision based on the security information and policy transferred by the hook.  ... 
doi:10.1109/cw.2008.110 dblp:conf/cw/ChenZH08 fatcat:4mgo7ymcrrejneq2gqxvit2pqq

Managing Critical Infrastructures through Virtual Network Communities [chapter]

Fabrizio Baiardi, Gaspare Sala, Daniele Sgandurra
2008 Lecture Notes in Computer Science  
A firewall VM (FW-VM) is a further kind of VM that, according to the security policy of each community, protects information private to a community transmitted across an untrusted network or controls the  ...  File system VM (FS-VMs) store and protect files shared among communities by applying a combination of MAC and Multi-Level Security (MLS) policies.  ...  Acknowledgments We would like to thank Riccardo Leggio for his contribution to the prototype and the anonymous reviewers for their suggestions.  ... 
doi:10.1007/978-3-540-89173-4_7 fatcat:r4jiy7aagnbd7lhdrf2hj3ve3q

Information flow control in cloud computing

Ruoyu Wu, Gail-Joon Ahn, Hongxin Hu, Mukesh Singhal
2010 Proceedings of the 6th International ICST Conference on Collaborative Computing: Networking, Applications, Worksharing  
A fundamental problem is the existence of insecure information flows due to the fact that a service provider can access multiple virtual machines in clouds.  ...  In this paper, we propose an approach to enforce the infor mation flow policies at Infrastructure-as-a-Service (IaaS) layer in a cloud computing environment.  ...  To control the access to cloud virtual machines for preventing information leaks, we need to define the policy specification.  ... 
doi:10.4108/icst.trustcol.2010.1 dblp:conf/colcom/WuAHS10 fatcat:fr56gbsa7nbcpbgea7mpgnnidu

Intrusion detection techniques for virtual domains

Udaya Tupakula, Vijay Varadharajan, Dipankar Dutta
2012 2012 19th International Conference on High Performance Computing  
A virtual domain enables grouping of related virtual machines running on separate physical machine into a single network domain with a unified security policy.  ...  Since the virtual machines can be running different operating systems and applications, the attacker can exploit even a single vulnerability in any of the operating system or applications in a single virtual  ...  to enforce information flow constraints between virtual machine partitions.  ... 
doi:10.1109/hipc.2012.6507491 dblp:conf/hipc/TupakulaVD12 fatcat:igzjeylii5d4zjoycvqt6hytpa

Towards designing secure virtualized systems

Hedi Benzina
2012 2012 Second International Conference on Digital Information and Communication Technology and it's Applications (DICTAP)  
Virtual machine technology is rapidly gaining acceptance as a fundamental building block in enterprise data centers. It is most known for improving efficiency and ease of management.  ...  However, it also provides a compelling approach to enhancing system security, offering new ways to rearchitect todays systems and opening the door for a wide range of future security technologies.  ...  complexity of policy rules organization. sHype [10] is one of the best-known security architecture for hypervisors : its primary goal was to control the information flows between VMs. sHype is based  ... 
doi:10.1109/dictap.2012.6215385 dblp:conf/dictap/Benzina12 fatcat:w24vy4fwmbf4did4zbeegy7ryy

Tenant-led Ciphertext Information Flow Control for Cloud Virtual Machines

Zhao Zhang, Zhi Yang, Xuehui Du, Wenfa Li, Xingyuan Chen, Lei Sun
2021 IEEE Access  
To solve the above problems, this article proposes a tenant-led ciphertext information flow control method for cloud virtual machines.  ...  Through the design of a decentralized information flow control security policy, a secret-domain key management scheme, and a multi-ID-based threshold encryption scheme, the information flow control strategies  ...  The decentralized information flow control module in the virtual machine hypervisor performs an information flow policy rule check on the security label of the tenant virtual machines a and b.  ... 
doi:10.1109/access.2021.3051061 fatcat:zzfkmtk3unhv3jnubco3qarreq

Intelligent Traffic Management in SDN

Chaithra P, Dr. B S Shylaja
2017 International Journal of Engineering Research and  
Software defined networking and network functions virtualization in the versatile core offer amazing flexibility for traffic steering, leading to advanced levels of quality-of-service control.  ...  SDN-based application aware routing system allows mobile network operators to achieve better efficiency of the networks, service providers to enhance customer satisfaction, and end-users to encounter desirable  ...  policy based flow control and security.  ... 
doi:10.17577/ijertv6is050410 fatcat:si2tk3rkgbfxpazbfnzogdjdqu
« Previous Showing results 1 — 15 out of 42,875 results