使用基于角色的安全管理程序访问控制

2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications Pub Date : 2013-07-16 DOI:10.1109/TrustCom.2013.199

Manabu Hirano, D. Chadwick, S. Yamaguchi

{"title":"使用基于角色的安全管理程序访问控制","authors":"Manabu Hirano, D. Chadwick, S. Yamaguchi","doi":"10.1109/TrustCom.2013.199","DOIUrl":null,"url":null,"abstract":"This paper shows the design and implementation of a Role Based Access Control (RBAC) mechanism for securing a hypervisor called BitVisor. BitVisor is a small hypervisor that provides security functions like encryption services for I/O devices in its hypervisor-layer. BitVisor enforces security functions without the help of guest OSs, but it only supports a static configuration file for machine set up. Consequently, we employ the RBAC system called PERMIS, a proven implementation of an RBAC policy decision engine and credential validation service, in order to provide dynamic configuration control. By using PERMIS, we can write finer grained authorization policies and can dynamically update them for the security-purpose hypervisor.","PeriodicalId":206739,"journal":{"name":"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Use of Role Based Access Control for Security-Purpose Hypervisors\",\"authors\":\"Manabu Hirano, D. Chadwick, S. Yamaguchi\",\"doi\":\"10.1109/TrustCom.2013.199\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper shows the design and implementation of a Role Based Access Control (RBAC) mechanism for securing a hypervisor called BitVisor. BitVisor is a small hypervisor that provides security functions like encryption services for I/O devices in its hypervisor-layer. BitVisor enforces security functions without the help of guest OSs, but it only supports a static configuration file for machine set up. Consequently, we employ the RBAC system called PERMIS, a proven implementation of an RBAC policy decision engine and credential validation service, in order to provide dynamic configuration control. By using PERMIS, we can write finer grained authorization policies and can dynamically update them for the security-purpose hypervisor.\",\"PeriodicalId\":206739,\"journal\":{\"name\":\"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-07-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/TrustCom.2013.199\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TrustCom.2013.199","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

本文展示了基于角色的访问控制(RBAC)机制的设计和实现，用于保护一个名为BitVisor的管理程序。BitVisor是一个小型管理程序，在其管理程序层中为I/O设备提供加密服务等安全功能。BitVisor在没有客户操作系统帮助的情况下强制执行安全功能，但它只支持机器设置的静态配置文件。因此，为了提供动态配置控制，我们采用了名为PERMIS的RBAC系统，这是一种经过验证的RBAC策略决策引擎和凭证验证服务的实现。通过使用PERMIS，我们可以编写更细粒度的授权策略，并可以动态地更新它们以用于安全目的的管理程序。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Use of Role Based Access Control for Security-Purpose Hypervisors

This paper shows the design and implementation of a Role Based Access Control (RBAC) mechanism for securing a hypervisor called BitVisor. BitVisor is a small hypervisor that provides security functions like encryption services for I/O devices in its hypervisor-layer. BitVisor enforces security functions without the help of guest OSs, but it only supports a static configuration file for machine set up. Consequently, we employ the RBAC system called PERMIS, a proven implementation of an RBAC policy decision engine and credential validation service, in order to provide dynamic configuration control. By using PERMIS, we can write finer grained authorization policies and can dynamically update them for the security-purpose hypervisor.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

自引率

0.00%

发文量