In this work, we show how the abstraction layer created by a hypervisor, or virtual machine monitor, can be leveraged to reduce the complexity of mandatory access control policies throughout the system. Policies governing access control decisions in today’s systems are complex and monolithic. Achieving strong security guarantees often means restricting usability across the entire system, which is a primary reason why mandatory access controls are rarely deployed. Our architecture uses a hypervisor and multiple virtual machines to decompose policies into multiple layers. This simplifies the policies and their enforcement, while minimizing the overall impact of security on the system. We show that the overhead of decomposing system policies i...
2017 Fall.Includes bibliographical references.With the advancements in contemporary multi-core CPU a...
The evolution of technological progress continually presents new information security challenges for...
Part 9: Cloud ComputingInternational audienceIn cloud computing, the security of infrastructure is d...
Virtualization has become a target for attacks in cloud computing environments. Existing approaches ...
Cloud computing, as an emerging computing paradigm, greatly facilitates resource sharing and enables...
Computer systems play an increasingly prominent role in our daily lives. Interacting with these syst...
Usage control is an extension of access control that additionally defines what must and must not hap...
System administrators specify the access control policy they want and implement the relevant configu...
Usage control is an extension of access control that additionally defines what must and must not hap...
Nested virtualization [1] provides an extra layer of virtualization to enhance security with fairly ...
Virtual Machine Monitors (VMMs), also called hypervisors,can be used to construct a trusted computin...
International audienceNested virtualization provides an extra layer of virtualization to enhance sec...
The basis of today’s security systems is the trust and confidence that the system will behave as exp...
Abstract—Data usage control is concerned with requirements on data after access has been granted. In...
Access control is the traditional center of gravity of computer security [1]. People specify access ...
2017 Fall.Includes bibliographical references.With the advancements in contemporary multi-core CPU a...
The evolution of technological progress continually presents new information security challenges for...
Part 9: Cloud ComputingInternational audienceIn cloud computing, the security of infrastructure is d...
Virtualization has become a target for attacks in cloud computing environments. Existing approaches ...
Cloud computing, as an emerging computing paradigm, greatly facilitates resource sharing and enables...
Computer systems play an increasingly prominent role in our daily lives. Interacting with these syst...
Usage control is an extension of access control that additionally defines what must and must not hap...
System administrators specify the access control policy they want and implement the relevant configu...
Usage control is an extension of access control that additionally defines what must and must not hap...
Nested virtualization [1] provides an extra layer of virtualization to enhance security with fairly ...
Virtual Machine Monitors (VMMs), also called hypervisors,can be used to construct a trusted computin...
International audienceNested virtualization provides an extra layer of virtualization to enhance sec...
The basis of today’s security systems is the trust and confidence that the system will behave as exp...
Abstract—Data usage control is concerned with requirements on data after access has been granted. In...
Access control is the traditional center of gravity of computer security [1]. People specify access ...
2017 Fall.Includes bibliographical references.With the advancements in contemporary multi-core CPU a...
The evolution of technological progress continually presents new information security challenges for...
Part 9: Cloud ComputingInternational audienceIn cloud computing, the security of infrastructure is d...