Managing the risk of covert information flows in virtual machine systems

Trent Jaeger, Reiner Sailer, Yogesh Sreenivasan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

26 Scopus citations

Abstract

Flexible mandatory access control (MAC) enforcement is now available for virtual machine systems. For example, the sHype MAC system for the Xen virtual machine monitor is part of the mainline Xen distribution. Such systems offer the isolation of VM systems with the flexible security of MAC enforcement. A problem is that such MAC VM systems will only be assured at modest levels (e.g., Common Criteria EAL4), so they may contain covert channels. Covert channels are often difficult to identify and harder to remove, so we propose an approach to manage possible covert leakage to enable verification of security guarantees. Typically, covert channels are outside of access control policies, but we propose an approach that includes both overt flows and covert flows to assess the possible risk of information leakage due to their combination. We define the concept of a risk flow policy that describes the authorized risks due to covert flows. In this paper, we evaluate the ability of four policy models to express risk flow policies. Further, we examine how such policies will be enforced in VM systems. We find that variants of the Chinese Wall model and Bell-LaPadula model have features necessary to express risk flow policies. Further, we find that such policies can be enforced in the context of sHype's Type Enforcement model.

Original languageEnglish (US)
Title of host publicationSACMAT'07
Subtitle of host publicationProceedings of the 12th ACM Symposium on Access Control Models and Technologies
Pages81-90
Number of pages10
DOIs
StatePublished - 2007
EventSACMAT'07: 12th ACM Symposium on Access Control Models and Technologies - Sophia Antipolis, France
Duration: Jun 20 2007Jun 22 2007

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Other

OtherSACMAT'07: 12th ACM Symposium on Access Control Models and Technologies
CountryFrance
CitySophia Antipolis
Period6/20/076/22/07

All Science Journal Classification (ASJC) codes

  • Computer Science(all)

Fingerprint Dive into the research topics of 'Managing the risk of covert information flows in virtual machine systems'. Together they form a unique fingerprint.

  • Cite this

    Jaeger, T., Sailer, R., & Sreenivasan, Y. (2007). Managing the risk of covert information flows in virtual machine systems. In SACMAT'07: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies (pp. 81-90). (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT). https://doi.org/10.1145/1266840.1266853