PIGA-Virt: An Advanced Distributed MAC Protection of Virtual Systems

Efficient Mandatory Access Control of Virtual Machines remains an open problem for protecting efficiently Cloud Systems. For example, the MAC protection must allow some information flows between two virtual machines while preventing other information flows between those two machines. For solving these problems, the virtual environment must guarantee an in-depth protection in order to control the information flows that starts in a Virtual Machine (vm) and finishes in another one. In contrast with existing MAC approaches, PIGA-Virt is a MAC protection controlling the different levels of a virtual system. It eases the management of the required security objectives. The PIGA-Virt approach guarantees the required security objectives while controlling efficiently the information flows. PIGA-Virt supports a large range of predefined protection canvas whose efficiency has been demonstrated during the ANR Sec&Si security challenge. The paper shows how the PIGA-Virt approach guarantees advanced confidentiality and integrity properties by controlling complex combinations of transitive information flows passing through intermediate resources. As far as we know, PIGA-Virt is the first operational solution providing in-depth MAC protection, addressing advanced security requirements and controlling efficiently information flows inside and between virtual machines. Moreover, the solution is independent of the underlying hypervisor. Performances and protection scenarios are given for protecting KVM virtual machines.

[1]  Trent Jaeger,et al.  Outlook: Cloudy with a Chance of Security Challenges and Improvements , 2010, IEEE Security & Privacy.

[2]  Jérémy Briffaut,et al.  Enforcement of Security Properties for Dynamic MAC Policies , 2009, 2009 Third International Conference on Emerging Security Information, Systems and Technologies.

[3]  Trent Jaeger,et al.  Analysis of virtual machine system policies , 2009, SACMAT '09.

[4]  Yoshiyasu Takefuji,et al.  A Real-time Integrity Monitor for Xen Virtual Machine , 2006, International conference on Networking and Services (ICNS'06).

[5]  Wenke Lee,et al.  A layered approach to simplified access control in virtualized systems , 2007, OPSR.

[6]  Siani Pearson,et al.  Privacy, Security and Trust Issues Arising from Cloud Computing , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[7]  Gil Neiger,et al.  Intel virtualization technology , 2005, Computer.

[8]  Rafal Wojtczuk Subverting the Xen hypervisor , 2008 .

[9]  Stefan Berger,et al.  Building a MAC-based security architecture for the Xen open-source hypervisor , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[10]  Ravi S. Sandhu,et al.  Towards a discipline of mission-aware cloud computing , 2010, CCSW '10.

[11]  Wenke Lee,et al.  Taming Virtualization , 2008, IEEE Security & Privacy.

[12]  Xiaoxin Chen,et al.  Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems , 2008, ASPLOS.

[13]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[14]  Stephen Smalley,et al.  The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments , 2000 .

[15]  Stefan Berger,et al.  Shamon: A System for Distributed Mandatory Access Control , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[16]  Jérémy Briffaut,et al.  A dynamic end-to-end security for coordinating multiple protections within a Linux desktop , 2010, 2010 International Symposium on Collaborative Technologies and Systems.