
















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A set of lecture notes from a computer and network security course at penn state university, focusing on virtual machine security. The notes cover topics such as virtual machine architectures, types, and security, as well as specific security mechanisms like access control and chinese wall. The professor, jaeger, also discusses challenges and threats related to virtual machines.
Typology: Study notes
1 / 24
This page cannot be seen from the preview
Don't miss anything!

















Experimental Platform
Exact specification of platform
Design may have more than implementation -- what did you implement?
How are key design features/mechanisms implemented?
Results
Summarize -- what do the results mean?
Specific experiments
What do the experiments prove
What other experiments would you want to do based on these results?
Instead of using system software to enable sharing, use system software to enable isolation
Virtualization
characteristics of computing resources from the way in which others systems, applications, and end users interact with those resources”
Virtual Machines
Single physical resource can appear as multiple logical resources
Full system simulation
CPU can be simulated
Paravirtualization (Xen)
VM has a special API
Requires OS changes
Native virtualization (VMWare)
Simulate enough HW to run OS
OS is for same CPU
Application virtualization (JVM)
Application API
Isolation of VM computing
Like a separate machine VM VM Virtual Machine Monitor Physical Device Controls Guest OS Guest OS Partitioned Resources Device Requests
A1 assured virtual machine system
Virtualization
Protect sensitive state
Need to hide virtualization
I/O Processing
Self-virtualization: Run VMM as VM
Subjects and objects
Coarse-grained access control possible
Lattice policies for secrecy and integrity
Bell-LaPadula for secrecy
Biba for integrity
Privileges for special operations
E.g., administrative operations
Discretionary access controls
Simple security property
Read-down only
S can read O if and only if S’s access class dominates (or equal) O
_(star)-security property_*
Write-up only
S can write to O if and only if O’s access class dominates (or equal) S
Basic Security Theorem
Every protection state satisfies simple and *-security properties
Bell-LaPadula meets this trivially
Isolated networks of VMs
Alternative to “air gap” security VM: Secret VM: Public SELinux Host OS Guest OS’ Guest OS’ VMWare MLS VM: Secret VM: Public SELinux Host OS Guest OS’ Guest OS’ VMWare MLS
Paravirtualized Hypervisor
Privileged VM VM: DomU VM: DomU Xen Hypervisor Guest OS’ Guest OS’ Partitioned Resources Device Dom 0 Requests Host OS’ Drivers VM Services
Mandatory, access matrix policy associating subject labels with object labels and operations
A VM with a subject label L can perform an operation op on an object (e.g., VM, memory, file system) with object label M if the TE policy access matrix includes an entry for this
A subject L can access an object labeled M in conflict set C
Interpret Java bytecodes
Machine specification defined by bytecode
On all architectures, run same bytecodes
Can run multiple programs w/i JVM simultaneously
Different ‘classloaders’ can result in different protection domains
How do we enforce access control?
CSE543 Computer and Network Security - Fall 2007 - Professor Jaeger Page Java Security Architecture
CSE543 Computer and Network Security - Fall 2007 - Professor Jaeger Page Stack Inspection