Policy Analysis Tools for XSM/Flask

Award #: N/A
Amount Awarded: $193,000
Sponsoring Organization: Air Force Research Lab (AFRL)
Grant Period: 2009
Primary Investigator(s): Trent Jaeger

Abstract

The objective of this project is to develop systems policy management infrastructure for Xen virtual machine systems that leverage the Xen Security Modules (XSM) framework and the policy enforcement of SELinux. The reference monitor concept requires a tamperproof trusted computing base that mediates all security-sensitive operations to enforce the system's security goals. A Xen system's trusted computing base consists of the Xen hypervisor and privileged VMs running SELinux. The XSM framework and SELinux ensure mediation of all security-sensitive operations, but the design of policies to ensure a tamperproof trusted computing base that enforces system's security goals are yet to be realized. A systems policy infrastructure is necessary to assist in XSM and SELinux policy design, analyze a combination of access control policies, and debug across the sets of policies.

Related Research Projects

Related Publications

Sandra Rueda, Hayawardh Vijayakumar, and Trent Jaeger. Analysis of Virtual Machine System Policies. 14th ACM Symposium on Access Control Models (SACMAT), June 2009.