PIGA-Virt: an Advanced Distributed MAC Protection of Virtual Systems

Abstract : Efficient Mandatory Access Control of Virtual Machines re- mains an open problem for protecting efficiently Cloud Systems. For ex- ample, the MAC protection must allow some information flows between two virtual machines while preventing other information flows between those two machines. For solving these problems, the virtual environment must guarantee an in-depth protection in order to control the information flows that starts in a Virtual Machine (vm) and finishes in another one. In contrast with existing MAC approaches, PIGA-Virt is a MAC protec- tion controlling the different levels of a virtual system. It eases the man- agement of the required security objectives. The PIGA-Virt approach guarantees the required security objectives while controlling efficiently the information flows. PIGA-Virt supports a large range of predefined protection canvas whose efficiency has been demonstrated during the ANR Sec&Si 1 security challenge. The paper shows how the PIGA-Virt approach guarantees advanced confidentiality and integrity properties by controlling complex combinations of transitive information flows passing through intermediate resources. As far as we know, PIGA-Virt is the first operational solution providing in-depth MAC protection, addressing ad- vanced security requirements and controlling efficiently information flows inside and between virtual machines. Moreover, the solution is indepen- dent of the underlying hypervisor. Performances and protection scenarios are given for protecting KVM virtual machines.
Type de document :
Communication dans un congrès
Euro-Par 2011 Parallel Processing Workshops, Lecture Notes in Computer Science, Aug 2011, Bordeaux, France. pp.8-19, 2011
Liste complète des métadonnées

https://hal.inria.fr/hal-00671592
Contributeur : Jérémy Briffaut <>
Soumis le : vendredi 17 février 2012 - 18:21:25
Dernière modification le : mardi 28 octobre 2014 - 18:21:04

Identifiants

  • HAL Id : hal-00671592, version 1

Collections

Citation

Jérémy Briffaut, Jonathan Rouzaud-Cornabas, Christian Toinard, Emilie Lefebvre. PIGA-Virt: an Advanced Distributed MAC Protection of Virtual Systems. Euro-Par 2011 Parallel Processing Workshops, Lecture Notes in Computer Science, Aug 2011, Bordeaux, France. pp.8-19, 2011. 〈hal-00671592〉

Partager

Métriques

Consultations de la notice

118