Title :
Use of Role Based Access Control for Security-Purpose Hypervisors
Author :
Hirano, Masahiro ; Chadwick, David W. ; Yamaguchi, Satarou
Author_Institution :
Dept. of Inf. & Comput. Eng., Toyota Nat. Coll. of Technol., Toyota, Japan
Abstract :
This paper shows the design and implementation of a Role Based Access Control (RBAC) mechanism for securing a hypervisor called BitVisor. BitVisor is a small hypervisor that provides security functions like encryption services for I/O devices in its hypervisor-layer. BitVisor enforces security functions without the help of guest OSs, but it only supports a static configuration file for machine set up. Consequently, we employ the RBAC system called PERMIS, a proven implementation of an RBAC policy decision engine and credential validation service, in order to provide dynamic configuration control. By using PERMIS, we can write finer grained authorization policies and can dynamically update them for the security-purpose hypervisor.
Keywords :
authorisation; BitVisor; I/O devices; RBAC mechanism; dynamic configuration control; encryption services; role based access control; security functions; security purpose hypervisors; static configuration file; Authorization; Computers; Encryption; Servers; Universal Serial Bus; Virtual machine monitors; Authorization policies; Role Based Access Control (RBAC); Security-purpose hypervisor; Virtual Machine Monitors;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on
Conference_Location :
Melbourne, VIC
DOI :
10.1109/TrustCom.2013.199
