A mandatory access control framework in virtual machine system with respect to multi-level security I: Theory

Qian Liu; Guanhai Wang; Chuliang Weng; Yuan Luo; Minglu Li

A mandatory access control framework in virtual machine system with respect to multi-level security I: Theory

Qian Liu, Guanhai Wang, Chuliang Weng, Yuan Luo, Minglu Li

Shanghai Jiao Tong University

Research output: Contribution to journal › Article › peer-review

12 Scopus citations

Abstract

At present, there are few security models which control the communication between virtual machines (VMs). Moreover, these models are not applicable to multi-level security (MLS). In order to implement mandatory access control (MAC) and MLS in virtual machine system, this paper designs Virt-BLP model, which is based on BLP model. For the distinction between virtual machine system and nonvirtualized system, we build elements and security axioms of Virt-BLP model by modifying those of BLP. Moreover, comparing with BLP, the Number of state transition rules of Virt-BLP is reduced accordingly and some rules can only be enforced by trusted subject. As a result, Virt-BLP model supports MAC and partial discretionary access control (DAC), well satisfying the requirement of MLS in virtual machine system. As space is limited, the implementation of our MAC framework will be shown in a continuation.

Original language	English
Pages (from-to)	137-143
Number of pages	7
Journal	China Communications
Volume	7
Issue number	4
State	Published - Oct 2010
Externally published	Yes

Keywords

Mandatory access control
Multi-level security
Virt-BLP
Virtual machine system

Cite this

@article{75b0e66986ba4557b0072ff5da256372,

title = "A mandatory access control framework in virtual machine system with respect to multi-level security I: Theory",

abstract = "At present, there are few security models which control the communication between virtual machines (VMs). Moreover, these models are not applicable to multi-level security (MLS). In order to implement mandatory access control (MAC) and MLS in virtual machine system, this paper designs Virt-BLP model, which is based on BLP model. For the distinction between virtual machine system and nonvirtualized system, we build elements and security axioms of Virt-BLP model by modifying those of BLP. Moreover, comparing with BLP, the Number of state transition rules of Virt-BLP is reduced accordingly and some rules can only be enforced by trusted subject. As a result, Virt-BLP model supports MAC and partial discretionary access control (DAC), well satisfying the requirement of MLS in virtual machine system. As space is limited, the implementation of our MAC framework will be shown in a continuation.",

keywords = "Mandatory access control, Multi-level security, Virt-BLP, Virtual machine system",

author = "Qian Liu and Guanhai Wang and Chuliang Weng and Yuan Luo and Minglu Li",

year = "2010",

month = oct,

language = "英语",

volume = "7",

pages = "137--143",

journal = "China Communications",

issn = "1673-5447",

publisher = "Editorial Board of Journal on Communications",

number = "4",

}

TY - JOUR

T1 - A mandatory access control framework in virtual machine system with respect to multi-level security I

T2 - Theory

AU - Liu, Qian

AU - Wang, Guanhai

AU - Weng, Chuliang

AU - Luo, Yuan

AU - Li, Minglu

PY - 2010/10

Y1 - 2010/10

N2 - At present, there are few security models which control the communication between virtual machines (VMs). Moreover, these models are not applicable to multi-level security (MLS). In order to implement mandatory access control (MAC) and MLS in virtual machine system, this paper designs Virt-BLP model, which is based on BLP model. For the distinction between virtual machine system and nonvirtualized system, we build elements and security axioms of Virt-BLP model by modifying those of BLP. Moreover, comparing with BLP, the Number of state transition rules of Virt-BLP is reduced accordingly and some rules can only be enforced by trusted subject. As a result, Virt-BLP model supports MAC and partial discretionary access control (DAC), well satisfying the requirement of MLS in virtual machine system. As space is limited, the implementation of our MAC framework will be shown in a continuation.

AB - At present, there are few security models which control the communication between virtual machines (VMs). Moreover, these models are not applicable to multi-level security (MLS). In order to implement mandatory access control (MAC) and MLS in virtual machine system, this paper designs Virt-BLP model, which is based on BLP model. For the distinction between virtual machine system and nonvirtualized system, we build elements and security axioms of Virt-BLP model by modifying those of BLP. Moreover, comparing with BLP, the Number of state transition rules of Virt-BLP is reduced accordingly and some rules can only be enforced by trusted subject. As a result, Virt-BLP model supports MAC and partial discretionary access control (DAC), well satisfying the requirement of MLS in virtual machine system. As space is limited, the implementation of our MAC framework will be shown in a continuation.

KW - Mandatory access control

KW - Multi-level security

KW - Virt-BLP

KW - Virtual machine system

UR - https://www.scopus.com/pages/publications/80052009918

M3 - 文章

AN - SCOPUS:80052009918

SN - 1673-5447

VL - 7

SP - 137

EP - 143

JO - China Communications

JF - China Communications

IS - 4

ER -

A mandatory access control framework in virtual machine system with respect to multi-level security I: Theory

Abstract

Keywords

Other files and links

Fingerprint

Cite this