Download: PDF.

“Flexible Configuration for Virtual Machines” by Sandra Rueda, Yogesh Sreenivasan, and Trent Jaeger. In Proceedings of the 2^nd ACM Computer Security Architecture Workshop, Oct. 2008.


Virtual machines are widely accepted as a promising basis for building secure systems. However, while virtual machines offer effective mechanisms to create isolated environments, mechanisms that offer controlled interaction among VMs are immature. Some VM systems include flexible policy models and some enable MLS enforcement, but the flexible use of policy to control VM interactions has not been developed. In this paper, we propose an architecture that enables administrators to configure virtual machines to satisfy prescribed security goals. We describe the design and implementation of such an architecture using SELinux, Xen and IPsec as the tools to express and enforce policies at the OS, VM and Network layers, respectively. We develop a web application using our architecture and show that we can configure application VMs in such a way that we can verify the enforcement of the security goals of those applications.

Download: PDF.

BibTeX entry:

   author = {Sandra Rueda and Yogesh Sreenivasan and Trent Jaeger},
   title = {Flexible Configuration for Virtual Machines},
   booktitle = {Proceedings of the {\it 2^{nd}} ACM Computer Security
	Architecture Workshop},
   month = oct,
   year = {2008}

(This webpage was created with bibtex2web.)

Back to Trent Jaeger's Publications.