Title :
Verifying the Safety of Xen Security Modules
Author :
Han, Wei ; He, Yeping ; Ding, Liping
Author_Institution :
Nat. Eng. Res. Center for Fundamental Software, Inst. of Software, Beijing, China
Abstract :
In virtualization environment, the communication and resource sharing between virtual machines can be protected by mandatory access control mechanism to guarantee the isolation of the virtual machines. The safety of the mandatory access control framework depends on whether the security sensitive operations are protected by the security check functions completely. In this paper, we present a novel method to verify the safety of the Xen security modules framework. We implement our method on the Xen 4.01 source code and evaluate the results. While our work in this paper focuses on the verification of Xen security modules, which can be used to analyze other mandatory access control framework analogous with it as well.
Keywords :
authorisation; virtual machines; virtualisation; Xen 4.01 source code; Xen security module; mandatory access control mechanism; security check function; security sensitive operation; virtual machines; virtualization environment; Access control; Analytical models; Computational modeling; Linux; Safety; Saturn; Xen security modules; flow sensitive analysis; mandatory access control; path sensitive analysis; static analysis;
Conference_Titel :
Secure Software Integration & Reliability Improvement Companion (SSIRI-C), 2011 5th International Conference on
Conference_Location :
Jeju Island
Print_ISBN :
978-1-4577-0781-0
Electronic_ISBN :
978-0-7695-4454-0
DOI :
10.1109/SSIRI-C.2011.37