research-article

Policy enforcement and compliance proofs for Xen virtual machines

Authors:

Bernhard Jansen,

Hari-Govind V. Ramasamy,

Matthias SchunterAuthors Info & Claims

VEE '08: Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments

Pages 101 - 110

https://doi.org/10.1145/1346256.1346271

Published: 05 March 2008 Publication History

Abstract

We address the problem of integrity management in a virtualized environment. We introduce a formal integrity model for managing the integrity of arbitrary aspects of a virtualized system. Based on the model, we describe an architecture called PEV, which stands for protection, enforcement, and verification. The architecture generalizes the integrity management functions of the Trusted Platform Module (TPM) to cover not just software binaries, but also VMs, virtual devices, and a wide range of security policies. The architecture enables the verification of security compliance and enforcement of security policies. We describe a prototype implementation of the architecture based on the Xen hypervisor. We demonstrate the policy enforcement and compliance checking capabilities of our prototype through multiple use cases.

References

[1]

TrustedGRUB. http://sourceforge.net/projects/trustedgrub.

[2]

TPM Main Specification. https://www.trustedcomputinggroup.org/specs/TPM/, July 2007. Version 1.2 rev. 103.

[3]

TCG Software Stack Specification. https://www.trustedcomputinggroup.org/specs/TSS/, August 2006. Version 1.2.

[4]

XSLT Transformations. http://www.w3.org/TR/xslt.

[5]

The Open Trusted Computing Project, 2008. http://www.opentc.net/.

[6]

P.T. Barham, B. Dragovic, K. Fraser, S. Hand, T.L. Harris, A. Ho, RNeugebauer, IPratt, and AWarfield. Xen and the Art of Virtualization. In Proc. 19th ACM Symposium on Operating Systems Principles (SOSP-2003), pages 164--177, October 2003.

Digital Library

[7]

Stefan Berger, Ramon Cáceres, Kenneth Goldman, Ron Perez, Rainer Sailer, and Leender van Doorn. vTPM: Virtualizing the Trusted Platform Module. In Proc. 15th USENIX Security Symposium, pages 21--21, August 2006.

Digital Library

[8]

Serdar Cabuk, Chris Dalton, HariGovind V. Ramasamy, and Matthias Schunter. Towards Automated Provisioning of Secure Virtualized Networks. In Proc. 14th ACM Conference on Computer and Communications Security (CCS-2007), October 2007. To appear.

Digital Library

[9]

Ivan B. Damgård, Torben P. Pedersen, and Birgit Pfitzmann. Statistical Secrecy and Multi-Bit Commitments. IEEE Transactions on Information Theory, 44(3):1143--1151, 1998.

Digital Library

[10]

Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, and Dan Boneh. Terra: a Virtual Machine-based Platform for Trusted Computing. In Proc. 19th ACM Symposium on Operating Systems Principles (SOSP-2003), pages 193--206. ACM Press, 2003.

Digital Library

[11]

Oded Goldreich, Silvio Micali, and Avi Wigderson. Proofs that Yield Nothing but their Validity, or All Languages in NP have Zero-Knowledge Proof Systems. Journal of the ACM, 38 (3):690--728, 1991.

Digital Library

[12]

John Griffin, Trent Jaeger, Ron Perez, Rainer Sailer, Leendert Van Doorn, and Ramon Caceres. Trusted Virtual Domains: Toward Secure Distributed Services. In Proc. 1st Workshop on Hot Topics in System Dependability (Hotdep-2005), Yokohama, Japan, June 2005. IEEE Press.

Digital Library

[13]

Vivek Haldar, Deepak Chandra, and Michael Franz. Semantic Remote Attestation -- Virtual Machine Directed Approach to Trusted Computing. In USENIX Virtual Machine Research and Technology Symposium, pages 29--41, 2004.

Digital Library

[14]

Jonathan Poritz, Matthias Schunter, Els Van Herreweghen, and Michael Waidner. Property Attestation -- Scalable and Privacy-friendly Security Assessment of Peer Computers. Technical Report RZ 3548 (# 99559), IBM Research Division, May 2004.

[15]

Ahmad-Reza Sadeghi and Chris Stüble. Property--based Attestation for Computing Platforms: Caring about Properties, not Mechanisms. In Proc. 2004 Workshop on New Security Paradigms (NSPW-2004), pages 67--77. ACM Press, 2005.

Digital Library

[16]

Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn. Design and Implementation of a TCG--based Integrity Measurement Architecture. In Proc. 13th USENIX Security Symposium, pages 16--16. USENIX Association, August 2004.

Digital Library

[17]

Reiner Sailer, Trent Jaeger, Enriquillo Valdez, Ramon Caceres, Ronald Perez, Stefan Berger, John Linwood Griffin, and Leendert van Doorn. Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor. In Proc. 21st Annual Computer Security Applications Conference (ACSAC-2005), pages 276--285, 2005.

Digital Library

[18]

Trusted Computing Group. https://www.trustedcomputinggroup.org.

Cited By

(2016)A survey of security issues for cloud computingJournal of Network and Computer Applications10.1016/j.jnca.2016.05.01071:C(11-29)Online publication date: 1-Aug-2016
https://dl.acm.org/doi/10.1016/j.jnca.2016.05.010
Zhou FGoel MDesnoyers PSundaram R(2013)Scheduler vulnerabilities and coordinated attacks in cloud computingJournal of Computer Security10.5555/2590624.259062621:4(533-559)Online publication date: 1-Jul-2013
https://dl.acm.org/doi/10.5555/2590624.2590626
Benzina H(2012)Towards designing secure virtualized systems2012 Second International Conference on Digital Information and Communication Technology and it's Applications (DICTAP)10.1109/DICTAP.2012.6215385(250-255)Online publication date: May-2012
https://doi.org/10.1109/DICTAP.2012.6215385
Show More Cited By

Policy enforcement and compliance proofs for Xen virtual machines
1. Security and privacy
  1. Systems security
2. Social and professional topics
  1. Computing / technology policy

Recommendations

Live gang migration of virtual machines
HPDC '11: Proceedings of the 20th international symposium on High performance distributed computing

This paper addresses the problem of simultaneously migrating a group of co-located and live virtual machines (VMs), i.e, VMs executing on the same physical machine. We refer to such a mass simultaneous migration of active VMs as "live gang migration". ...
Towards automated security policy enforcement in multi-tenant virtual data centers
EU-Funded ICT Research on Trust and Security

Virtual data centers allow the hosting of virtualized infrastructures (networks, storage, machines) that belong to several customers on the same physical infrastructure. Virtualization theoretically provides the capability for sharing the infrastructure ...
Inter-rack live migration of multiple virtual machines
VTDC '12: Proceedings of the 6th international workshop on Virtualization Technologies in Distributed Computing Date

Within datacenters, often multiple virtual machines (VMs) need to be live migrated simultaneously for various reasons such as maintenance, power savings, and load balancing. Such mass simultaneous live migration of multiple VMs can trigger large data ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

VEE '08: Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments

March 2008

190 pages

ISBN:9781595937964

DOI:10.1145/1346256

General Chair:
David Gregg
Trinity College Dublin, Ireland
,
Program Chairs:
Vikram Adve
University of Illinois at Urbana-Champaign, USA
,
Brian Bershad
Google, USA

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 March 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

VEE '08

Sponsor:

VEE '08: International Conference on Virtual Execution Environments

March 5 - 7, 2008

WA, Seattle, USA

Acceptance Rates

VEE '08 Paper Acceptance Rate 18 of 57 submissions, 32%;

Overall Acceptance Rate 80 of 235 submissions, 34%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
706
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

(2016)A survey of security issues for cloud computingJournal of Network and Computer Applications10.1016/j.jnca.2016.05.01071:C(11-29)Online publication date: 1-Aug-2016
https://dl.acm.org/doi/10.1016/j.jnca.2016.05.010
Zhou FGoel MDesnoyers PSundaram R(2013)Scheduler vulnerabilities and coordinated attacks in cloud computingJournal of Computer Security10.5555/2590624.259062621:4(533-559)Online publication date: 1-Jul-2013
https://dl.acm.org/doi/10.5555/2590624.2590626
Benzina H(2012)Towards designing secure virtualized systems2012 Second International Conference on Digital Information and Communication Technology and it's Applications (DICTAP)10.1109/DICTAP.2012.6215385(250-255)Online publication date: May-2012
https://doi.org/10.1109/DICTAP.2012.6215385
Zhou FGoel MDesnoyers PSundaram R(2011)Scheduler Vulnerabilities and Coordinated Attacks in Cloud ComputingProceedings of the 2011 IEEE 10th International Symposium on Network Computing and Applications10.1109/NCA.2011.24(123-130)Online publication date: 25-Aug-2011
https://dl.acm.org/doi/10.1109/NCA.2011.24
Baiardi FSgandurra D(2011)Attestation of integrity of overlay networksJournal of Systems Architecture: the EUROMICRO Journal10.1016/j.sysarc.2010.06.00157:4(463-473)Online publication date: 1-Apr-2011
https://dl.acm.org/doi/10.1016/j.sysarc.2010.06.001
Cabuk SDalton CEriksson KKuhlmann DRamasamy HRamunno GSadeghi ASchunter MStüble C(2010)Towards automated security policy enforcement in multi-tenant virtual data centersJournal of Computer Security10.5555/1734234.173424218:1(89-121)Online publication date: 1-Jan-2010
https://dl.acm.org/doi/10.5555/1734234.1734242
Raj HSchwan KReiser HKapitza R(2009)Extending virtualization services with trust guarantees via behavioral monitoringProceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems10.1145/1518684.1518689(24-29)Online publication date: 31-Mar-2009
https://dl.acm.org/doi/10.1145/1518684.1518689
Baiardi FCilea DSgandurra DCeccarelli F(2009)Measuring Semantic Integrity for Remote AttestationProceedings of the 2nd International Conference on Trusted Computing10.1007/978-3-642-00587-9_6(81-100)Online publication date: 19-Feb-2009
https://dl.acm.org/doi/10.1007/978-3-642-00587-9_6

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten