By Topic

A Prioritized Chinese Wall Model for Managing the Covert Information Flows in Virtual Machine Systems

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

5 Author(s)
Ge Cheng ; Sch. of Comput. Sci. & Technol., Huazhong Univ. of Sci. & Technol., Wuhan ; Hai Jin ; Deqing Zou ; Alex K. Ohoussou
more authors

In virtual machine (VM) systems, mandatory access control (MAC) enforcement is possible now. This technique is both stronger and more flexible than traditional VM isolation, even if network communication is controlled. Unfortunately all of the VM systems with the MAC enforcement does not consider that the MAC controls may be distorted by covert channels, which constitute an important risk in VM systems. Traditional MAC models have difficulties being enforced to reduce the risk of covert flows in VM systems due to the many constraints and the lack of flexibility. In this paper, we identify access control requirements for managing covert channels in VM systems through a critical analysis of the ways by which classical models constrain the covert information flows and we propose a model called the prioritized Chinese wall model (PCW) to reduce the risk of covert flows in VM systems while preserving the flexibility. Furthermore, we enforce the policy in sHype/Xen VM system.

Published in:

Young Computer Scientists, 2008. ICYCS 2008. The 9th International Conference for

Date of Conference:

18-21 Nov. 2008