By Topic

DVM-MAC: A Mandatory Access Control System in Distributed Virtual Computing Environment

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Deqing Zou ; Services Comput. Technol. & Syst. Lab., Huazhong Univ. of Sci. & Technol., Wuhan, China ; Lei Shi ; Hai Jin

We design and implement a Mandatory Access Control (MAC) system in distributed virtual computing environment, named DVM-MAC, aiming to provide distributed trust through enforcing MAC policies. In DVM-MAC, Prioritized Chinese Wall (PCW) model is implemented to control potential covert channels between VMs in both single node and distributed environment. A policy enforcement module locates inside Xen VMM for better enforcing MAC locally rather than outside the VMM. DVM-MAC adopts centralized architecture for multi-level management and secure transmission of inter-node policy information. For performance consideration, a specific policy decision and enforcement module for controlling inter-node behaviors is moved out of Xen VMM and up to user space. DVM-MAC authorizes a specific center node named Central Security Server (CSS) to be responsible for the decision making between the nodes as well as leaves the inter-node policy enforcement module in each node. Through our experiments and data analysis, we verify the correctness, effectiveness, and efficiency in our prototype when implementing PCW model.

Published in:

Parallel and Distributed Systems (ICPADS), 2009 15th International Conference on

Date of Conference:

8-11 Dec. 2009