Title :
A Hypervisor-Based Bus System for Usage Control
Author :
Moucha, Cornelius ; Lovat, Enrico ; Pretschner, Alexander
Author_Institution :
Fraunhofer IESE, Kaiserslautern, Germany
Abstract :
Data usage control is concerned with requirements on data after access has been granted. In order to enforce usage control requirements, it is necessary to track the different representations that the data may take (among others, file, window content, network packet). These representations exist at different layers of abstraction. As a consequence, in order to enforce usage control requirements, multiple data flow tracking and usage control enforcement monitors must exist, one at each layer. If a new representation is created at some layer of abstraction, e.g., if a cache file is created for a picture after downloading it with a browser, then the initiating layer (in the example, the browser) must notify the layer at which the new representation is created (in the example, the operating system). We present a bus system for system-wide usage control that, for security and performance reasons, is implemented in a hyper visor. We evaluate its security and performance.
Keywords :
security of data; virtual machines; virtualisation; data flow tracking; data usage control; file data; hypervisor-based bus system; network packet data; usage control requirement; window content data; Availability; Hardware; Kernel; Libraries; Monitoring; Security; Virtual machine monitors; Information Flow; Usage Control; Virtualization;
Conference_Titel :
Availability, Reliability and Security (ARES), 2011 Sixth International Conference on
Conference_Location :
Vienna
Print_ISBN :
978-1-4577-0979-1
Electronic_ISBN :
978-0-7695-4485-4
DOI :
10.1109/ARES.2011.44
