A Mandatory Access Control Mechanism In Virtual Machine Systems

Cloud computing has been an important focus of research of computer science. Virtualization as a key technology behind cloud computing originated from mainframes which made by IBM in the 19th century and have been popular with the rapid development of techniques of binary translation and hardware-assisted virtualization. Recently some researchers propose some mandatory access control models in virtual machine systems. But they are not applicable to multi-level security virtual machine systems. Furthermore these models can only control overt communications between virtual machines and cannot block covert communications which are incurred by sharing hardware among virtual machines。Firstly the background of virtualization, security problems of virtual machine systems and the defects of current mandatory access control models are briefed in this dissertation. Secondly BLP model and Chinese Wall security policy are applied to virtual machine systems to build Virt-BLP model, which is applicable to multi-level security virtual machine systems, and Chinese Wall Isolation (CWI) model. Virt-BLP labels virtual machines with classifications and categories, sets up access matrices, and builds a set of rules which regulate transitions of system states. When a virtual machine access another one, Virt-BLP decides whether the access is allowed based on the rules. CWI model labels the virtual machines with dataset IDs and conflict of interest class IDs, and records all usage histories of all hardware. When a virtual machine monitor allocates hardware to a virtual machine, CWI checks the usage history of the hardware and the dataset ID and the conflict of interest class of the virtual machine, then decides whether the allocation is allowed. Thirdly Virt-BCMAC, a mandatory access control mechanism based on Virt-BLP and CWI, is proposed. Virt-BCMAC is also implemented under the open source virtual machine monitor, Xen. Finally test results show that overheads of Virt-BCMAC are small. The innovation of this dissertation is that Virt-BCMAC, the mandatory access control mechanism which is built in virtual machine systems, is applicable to multi-level security environments. It can not only regulate fine grained overt communications between virtual machines, but also block covert communications which are incurred by sharing hardware.