Noninterference Policy For Trusted Virtual Machine Monitors

In this paper, a noninterference policy based on determinative state machine formal model is proposed to enhance the isolation capability of the virtual machine monitor system. It formally specifies the strong isolation property that trusted virtual machine monitors require and concludes some practical design restrictions to them. Compared with related works it shows more precise mapping to real systems and produces more practical specifications for the design

[1]  J. Thomas Haigh,et al.  Extending theNoninterference Versionof MLS , 1987 .

[2]  William R. Bevier,et al.  Connection policies and controlled interference , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[3]  John Rushby,et al.  Noninterference, Transitivity, and Channel-Control Security Policies 1 , 2005 .

[4]  Richard J. Feiertag,et al.  A separation model for virtual machine monitors , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[6]  John M. Rushby,et al.  Proof of separability: A verification technique for a class of a security kernels , 1982, Symposium on Programming.

[7]  Martín Abadi,et al.  The existence of refinement mappings , 1988, [1988] Proceedings. Third Annual Information Symposium on Logic in Computer Science.