Title :
Introducing Role-Based Access Control to a Secure Virtual Machine Monitor: Security Policy Enforcement Mechanism for Distributed Computers
Author :
Hirano, Manabu ; Shinagawa, Takahiro ; Eiraku, Hideki ; Hasegawa, Shoichi ; Omote, Kazumasa ; Tanimoto, Koichi ; Horie, Takashi ; Kato, Kazuhiko ; Okuda, Takeshi ; Kawai, Eiji ; Yamaguchi, Suguru
Author_Institution :
Dept. of Inf. & Comput. Eng., Toyota Nat. Coll. of Technol., Toyota
Abstract :
In recent years, as the data processed by governmental or commercial organizations increases, cases involving information leak have risen. It is difficult to control information on many distributed end-point computers using conventional security mechanisms. Therefore, we have been proposed a novel secure VMM (Virtual Machine Monitor) architecture which is used as a foundation of security policy enforcement on distributed computers. This paper especially introduces Role-based Access Control (RBAC) to the ID management framework in a secure VMM system. Our proposal will reduce costs for distributed policies updates. Proposed RBAC mechanism employs attribute certificates (ACs) to handle userpsilas roles. This paper shows design and prototype implementation based on PKI-based ID card and proven open source VMM software, QEMU.
Keywords :
authorisation; distributed processing; virtual machines; attribute certificates; distributed end-point computers; role-based access control; secure virtual machine monitor; security policy enforcement mechanism; Access control; Computer architecture; Computer security; Costs; Data security; Distributed computing; Identity management systems; Information security; Proposals; Virtual machine monitors; Hypervisor; Policy enforcement; RBAC; Role-based access control; Security; VMM; Virtual machine monitor;
Conference_Titel :
Asia-Pacific Services Computing Conference, 2008. APSCC '08. IEEE
Conference_Location :
Yilan
Print_ISBN :
978-0-7695-3473-2
Electronic_ISBN :
978-0-7695-3473-2
DOI :
10.1109/APSCC.2008.14