Use of Role Based Access Control for Security-Purpose Hypervisors

Author

Hirano, Masahiro ; Chadwick, David W. ; Yamaguchi, Satarou

Author_Institution

Dept. of Inf. & Comput. Eng., Toyota Nat. Coll. of Technol., Toyota, Japan

fYear

2013

fDate

16-18 July 2013

Firstpage

1613

Lastpage

1619

Abstract

This paper shows the design and implementation of a Role Based Access Control (RBAC) mechanism for securing a hypervisor called BitVisor. BitVisor is a small hypervisor that provides security functions like encryption services for I/O devices in its hypervisor-layer. BitVisor enforces security functions without the help of guest OSs, but it only supports a static configuration file for machine set up. Consequently, we employ the RBAC system called PERMIS, a proven implementation of an RBAC policy decision engine and credential validation service, in order to provide dynamic configuration control. By using PERMIS, we can write finer grained authorization policies and can dynamically update them for the security-purpose hypervisor.

Keywords

authorisation; BitVisor; I/O devices; RBAC mechanism; dynamic configuration control; encryption services; role based access control; security functions; security purpose hypervisors; static configuration file; Authorization; Computers; Encryption; Servers; Universal Serial Bus; Virtual machine monitors; Authorization policies; Role Based Access Control (RBAC); Security-purpose hypervisor; Virtual Machine Monitors;

fLanguage

English

Publisher

ieee

Conference_Titel

Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on

Conference_Location

Melbourne, VIC

Type

conf

DOI

10.1109/TrustCom.2013.199

Filename

6681024