About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
VEE 2008
Conference paper
Policy enforcement and compliance proofs for Xen virtual machines
Abstract
We address the problem of integrity management in a virtualized environment. We introduce a formal integrity model for managing the integrity of arbitrary aspects of a virtualized system. Based on the model, we describe an architecture called PEV, which stands for protection, enforcement, and verification. The architecture generalizes the integrity management functions of the Trusted Platform Module (TPM) to cover not just software binaries, but also VMs, virtual devices, and a wide range of security policies. The architecture enables the verification of security compliance and enforcement of security policies. We describe a prototype implementation of the architecture based on the Xen hypervisor. We demonstrate the policy enforcement and compliance checking capabilities of our prototype through multiple use cases.Copyright ©2008 ACM.