Design and Implementation on Multilevel Security Mandatory Access Control System for Virtual Machine Based on BLP

doi:10.3969/j.issn.1671-1122.2016.10.001

Abstract

Abstract:

Multilevel security is a mechanism that supports the simultaneous access of users and resources with different privileges, while ensuring that both users and resources can access the information that they have access to. In the cloud computing, the virtual machines that belonging to different users or enterprises may run on the same physical host, usually they have different levels of security. So it is very meaningful to implement multilevel secure access control policy to protect the virtual machine communication. In reaction to the phenomenon, mandatory access control security model that suitable for the virtual machine environment was built by modifying the model elements, security axioms and state transition rules of the traditional BLP security model. By using SELinux technology through shared memory and authorization table way, the multilevel security mandatory access control in the virtual environment was realized, that effectively enhance access security between the virtual machine and virtual machine with the host machine.

Key words: cloud computing, virtual machine, BLP, mandatory access control

CLC Number:

TP309

Yaping CHI, Tingting JIANG, Chuping DAI, Wei SUN. Design and Implementation on Multilevel Security Mandatory Access Control System for Virtual Machine Based on BLP[J]. Netinfo Security, 2016, 16(10): 1-7.

Figures/Tables 9

References 12

[1]	林闯,苏文博,孟坤,等. 云计算安全:架构、机制与模型评价[J]. 计算机学报,2013,36(9):1765-1784.
[2]	滕萍. 云计算技术发展分析及其应用研究[J]. 信息网络安全,2012(11):89-91.
[3]	刘宏. 云计算环境下虚拟机逃逸问题研究[D]. 上海:上海大学,2015.
[4]	刘谦. 面向云计算的虚拟机系统安全研究[D]. 上海:上海交通大学,2012.
[5]	CHEN Lin, CHEN Xingshu, JIANG Junfang, et al.Research and Practice of Dynamic Network Security Architecture for IaaS Platforms[J]. Tsinghua Science & Technology, 2014, 19(5): 496-507.
[6]	马威,韩臻,成阳. 可信云计算中的多级管理机制研究[J]. 信息网络安全,2015(7):20-25.
[7]	魏辉,吴庆波,谭郁松. 基于虚拟机的运行时入侵检测技术研究[J]. 计算机应用与软件,2011,28(9):52-55.
[8]	秦中元,沈日胜,张群芳,等. 虚拟机系统安全综述[J]. 计算机应用研究,2012,29(5):1618-1622.
[9]	周娜,林果园,李正奎. 云计算中基于无干扰理论的多级安全模型[J]. 信息网络安全,2015(12):21-27.
[10]	董婵,范修斌,李有文,等. 应用规律下的BLP模型密级赋值方法[J]. 通信学报,2013(9):142-149.
[11]	池亚平,樊洁,程代伟. 基于可信等级的BLP改进模型[J]. 计算机工程,2012,38(8):117-119.
[12]	肖永康,纪翠玲,谢宝恂,等. SELinux的安全机制和安全模型[J]. 计算机应用,2009,29(S1):66-68.

[1]	Yuan LIU, Wei QIAO. Research and Optimization of Container Network Based on Kubernetes Cluster System in Cloud Environment [J]. Netinfo Security, 2020, 20(3): 36-44.
[2]	Xiao WANG, Jun ZHAO, Jianbiao ZHANG. Research on Dynamic Monitoring Mechanism for Virtual Machine Based on Trusted Software Base [J]. Netinfo Security, 2020, 20(2): 7-13.
[3]	Jiameng BAI, Yingshuai KOU, Zeyi LIU, Daren ZHA. Docker-based RBAC Task Management System [J]. Netinfo Security, 2020, 20(1): 75-82.
[4]	Liangqin REN, Wei WANG, Qiongxiao WANG, Linli LU. A New Cloud Cryptographic Computing Platform Architecture and Implementation [J]. Netinfo Security, 2019, 19(9): 91-95.
[5]	Yi YU, Liangshuang LV, Xiaojian LI, Tianbo WANG. Dynamic Network Topology Description Language for Mobile Cloud Computing Scenario [J]. Netinfo Security, 2019, 19(9): 120-124.
[6]	Zixuan WANG, Liangshuang LV, Xiaojian LI, Tianbo WANG. A Shared Storage-based Virtual Machine Application Distribution Strategy for OpenStack [J]. Netinfo Security, 2019, 19(9): 125-129.
[7]	Yanpeng CUI, Luming FENG, Zheng YAN, Huaqing LIN. Research on Software Security Model of Cloud Computing Based on Program Slicing Technology [J]. Netinfo Security, 2019, 19(7): 31-41.
[8]	Xinrui GE, Wei CUI, Rong HAO, Jia YU. Verifiable Keywords Ranked Search Scheme over Encrypted Cloud Data [J]. Netinfo Security, 2019, 19(7): 82-89.
[9]	Chunqi TIAN, Jing LI, Wei WANG, Liqing ZHANG. A Method for Improving the Performance of Spark on Container Cluster Based on Machine Learning [J]. Netinfo Security, 2019, 19(4): 11-19.
[10]	Pu ZHAO, Wei CUI, Rong HAO, Jia YU. A Secure Outsourcing Computation Scheme for El-Gamal Signature Generation [J]. Netinfo Security, 2019, 19(3): 81-86.
[11]	Zhenfeng ZHANG, Zhiwen ZHANG, Ruichao WANG. Model of Cloud Computing Security and Compliance Capability for Classified Protection of Cybersecurity 2.0 [J]. Netinfo Security, 2019, 19(11): 1-7.
[12]	Jian ZHANG, Wenzhen LI, Liangyi GONG. Research on Malicious E-mail Detection Technology [J]. Netinfo Security, 2018, 18(9): 80-85.
[13]	Xinyang FENG, Jianjing SHEN. A Yarn and NMF Based Big Data Clustering Algorithm [J]. Netinfo Security, 2018, 18(8): 43-49.
[14]	Yuan TAO, Tao HUANG, Mohan ZHANG, Shuilin LI. Research and Development Trend Analysis of Key Technologies for Cyberspace Security Situation Awareness [J]. Netinfo Security, 2018, 18(8): 79-85.
[15]	Qi ZHANG, Xijun LIN, Haipeng QU. Identity-based Encryption Scheme Support Authorization Equality Test in Cloud Environment [J]. Netinfo Security, 2018, 18(6): 52-60.