This paper interprets the essence of XEN and hardware virtualization technology, which make the virtual machine technology become the focus of people's attention again because of its impressive performance. The secur...This paper interprets the essence of XEN and hardware virtualization technology, which make the virtual machine technology become the focus of people's attention again because of its impressive performance. The security challenges of XEN are mainly researched from the pointes of view: security bottleneck, security isolation and share, life-cycle, digital copyright protection, trusted virtual machine and managements, etc. These security problems significantly affect the security of the virtual machine system based on XEN. At the last, these security measures are put forward, which will be a useful instruction on enhancing XEN security in the future.展开更多
In order to provide integrity protection for the secure operating system to satisfy the structured protection class' requirements, a DTE technique based integrity protection formalization model is proposed after the ...In order to provide integrity protection for the secure operating system to satisfy the structured protection class' requirements, a DTE technique based integrity protection formalization model is proposed after the implications and structures of the integrity policy have been analyzed in detail. This model consists of some basic rules for configuring DTE and a state transition model, which are used to instruct how the domains and types are set, and how security invariants obtained from initial configuration are maintained in the process of system transition respectively. In this model, ten invariants are introduced, especially, some new invariants dealing with information flow are proposed, and their relations with corresponding invariants described in literatures are also discussed. The thirteen transition rules with well-formed atomicity are presented in a well-operational manner. The basic security theorems correspond to these invariants and transition rules are proved. The rationalities for proposing the invariants are further annotated via analyzing the differences between this model and ones described in literatures. At last but not least, future works are prospected, especially, it is pointed out that it is possible to use this model to analyze SE-Linux security.展开更多
基金Supported by the National Natural Science Foundation of China (90104005, 60373087, 60473023) and Network and Information Security Key Laboratory Program of Ministry of Education of China
文摘This paper interprets the essence of XEN and hardware virtualization technology, which make the virtual machine technology become the focus of people's attention again because of its impressive performance. The security challenges of XEN are mainly researched from the pointes of view: security bottleneck, security isolation and share, life-cycle, digital copyright protection, trusted virtual machine and managements, etc. These security problems significantly affect the security of the virtual machine system based on XEN. At the last, these security measures are put forward, which will be a useful instruction on enhancing XEN security in the future.
基金supported by the Beijing Natural Science Foundation(Grant No.4052016)the National Natural Science Foundation of China(Grant No.60573042)the National Grand Fundamental Research 973 Program of China(Grant No.G1999035802).
文摘In order to provide integrity protection for the secure operating system to satisfy the structured protection class' requirements, a DTE technique based integrity protection formalization model is proposed after the implications and structures of the integrity policy have been analyzed in detail. This model consists of some basic rules for configuring DTE and a state transition model, which are used to instruct how the domains and types are set, and how security invariants obtained from initial configuration are maintained in the process of system transition respectively. In this model, ten invariants are introduced, especially, some new invariants dealing with information flow are proposed, and their relations with corresponding invariants described in literatures are also discussed. The thirteen transition rules with well-formed atomicity are presented in a well-operational manner. The basic security theorems correspond to these invariants and transition rules are proved. The rationalities for proposing the invariants are further annotated via analyzing the differences between this model and ones described in literatures. At last but not least, future works are prospected, especially, it is pointed out that it is possible to use this model to analyze SE-Linux security.
