Use of Role Based Access Control for Security-Purpose Hypervisors

This paper shows the design and implementation of a Role Based Access Control (RBAC) mechanism for securing a hypervisor called BitVisor. BitVisor is a small hypervisor that provides security functions like encryption services for I/O devices in its hypervisor-layer. BitVisor enforces security functions without the help of guest OSs, but it only supports a static configuration file for machine set up. Consequently, we employ the RBAC system called PERMIS, a proven implementation of an RBAC policy decision engine and credential validation service, in order to provide dynamic configuration control. By using PERMIS, we can write finer grained authorization policies and can dynamically update them for the security-purpose hypervisor.

[1]  Shigeru Chiba,et al.  Portable ID Management Framework for Security Enhancement of Virtual Machine Monitors , 2009 .

[2]  David W. Chadwick,et al.  The PERMIS X.509 role based privilege management infrastructure , 2002, SACMAT '02.

[3]  David W. Chadwick,et al.  Self-Adaptive Authorization Framework for Policy Based RBAC/ABAC Models , 2011, 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing.

[4]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[5]  Zhi Wang,et al.  HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity , 2010, 2010 IEEE Symposium on Security and Privacy.

[6]  Yeping He,et al.  Return-Oriented Programming Attack on the Xen Hypervisor , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.

[7]  Russ Housley,et al.  An Internet Attribute Certificate Profile for Authorization , 2010, RFC.

[8]  Kazuhiko Kato,et al.  Detecting malware signatures in a thin hypervisor , 2012, SAC '12.

[9]  Felix C. Freiling,et al.  TreVisor - OS-Independent Software-Based Full Disk Encryption Secure against Main Memory Attacks , 2012, ACNS.

[10]  David W. Chadwick,et al.  A privacy preserving authorisation system for the cloud , 2012, J. Comput. Syst. Sci..

[11]  Shigeru Chiba,et al.  BitVisor: a thin hypervisor for enforcing i/o device security , 2009, VEE '09.

[12]  Stephen McCamant,et al.  Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems , 2012, USENIX Annual Technical Conference.

[13]  Shoichi Hasegawa,et al.  Introducing Role-Based Access Control to a Secure Virtual Machine Monitor: Security Policy Enforcement Mechanism for Distributed Computers , 2008, 2008 IEEE Asia-Pacific Services Computing Conference.

[14]  Stephen Smalley,et al.  Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.

[15]  Jan H. P. Eloff,et al.  Separation of duties for access control enforcement in workflow environments , 2001, IBM Syst. J..

[16]  Shoichi Hasegawa,et al.  A Two-Step Execution Mechanism for Thin Secure Hypervisors , 2009, 2009 Third International Conference on Emerging Security Information, Systems and Technologies.