Verifying the Safety of Xen Security Modules

Author

Han, Wei ; He, Yeping ; Ding, Liping

Author_Institution

Nat. Eng. Res. Center for Fundamental Software, Inst. of Software, Beijing, China

fYear

2011

fDate

27-29 June 2011

Firstpage

30

Lastpage

34

Abstract

In virtualization environment, the communication and resource sharing between virtual machines can be protected by mandatory access control mechanism to guarantee the isolation of the virtual machines. The safety of the mandatory access control framework depends on whether the security sensitive operations are protected by the security check functions completely. In this paper, we present a novel method to verify the safety of the Xen security modules framework. We implement our method on the Xen 4.01 source code and evaluate the results. While our work in this paper focuses on the verification of Xen security modules, which can be used to analyze other mandatory access control framework analogous with it as well.

Keywords

authorisation; virtual machines; virtualisation; Xen 4.01 source code; Xen security module; mandatory access control mechanism; security check function; security sensitive operation; virtual machines; virtualization environment; Access control; Analytical models; Computational modeling; Linux; Safety; Saturn; Xen security modules; flow sensitive analysis; mandatory access control; path sensitive analysis; static analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Secure Software Integration & Reliability Improvement Companion (SSIRI-C), 2011 5th International Conference on

Conference_Location

Jeju Island

Print_ISBN

978-1-4577-0781-0

Electronic_ISBN

978-0-7695-4454-0

Type

conf

DOI

10.1109/SSIRI-C.2011.37

Filename

6004499