Centralized security policy support for virtual machine

Nguyen Anh Quynh, Ruo Ando, Yoshiyasu Takefuji

研究成果: Paper査読

11 被引用数 (Scopus)


For decades, researchers have pointed out that Mandatory Access Control (MAC) is an effective method to protect computer systems from being misused. Unfortunately, MAC is still not widely deployed because of its complexity. The problem is even worse in a virtual machine environment, because the current architecture is not designed to support MAC in a site-wide manner: machines with multiple virtual hosts needs to have multiple MAC security policies, and each of these policies must be updated and managed separately inside each virtual host. In order to ease the burden on administrators when deploying security policies in a virtual environment, this paper proposes an architecture named Virtual Mandatory Access Control (VMAC) to centralize security policies, so that all policy management can easily be done from a central machine. VMAC securely centralizes the security logging information from all virtual hosts into a central machine so intrusion detection analysis on the logging data is straightforward. To arrive at the architecture presented here, we have investigated various popular MAC schemes, and implemented several schemes with VMAC on the Xen Virtual Machine. This paper presents our experiences in the development process.

出版ステータスPublished - 2006
イベント20th Large Installation System Administration Conference, LISA 2006 - Washington, United States
継続期間: 2006 12月 32006 12月 8


Conference20th Large Installation System Administration Conference, LISA 2006
国/地域United States

ASJC Scopus subject areas

  • 技術マネージメントおよび技術革新管理
  • 情報システムおよび情報管理


「Centralized security policy support for virtual machine」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。