Protecting the Security and Privacy of the Virtual Machine through Privilege Separation
- 10.2991/iccsee.2013.558How to use a DOI?
- mutual trust, separation of privilege, virtual machine security, security model
Virtual machine security issues have been the focus of attention. The permissions of traditional administrative domain Dom0 are too large, so that the user's privacy is threatened. Once the attacker compromises Dom0, it can threaten the entire virtualization platform. This paper introduces a privilege separation virtual machine security model (PSVM). Dom0’s privileges are split into two parts: the operations about the user's privacy form a DomU management domain, responsible for managing the user's privacy; remaining forms Thin Dom0. Users and virtualization platform for server-side need mutual authentication. It can prevent unauthorized users and counterfeiting Virtualization platform invading system. The user's privacy is under its own management to prevent the Virtualization platform snooping. However, it affects only one user, even if the management domain is compromised. Combined with the model, the prototype system is implemented and security analysis and performance testing is done.
- © 2013, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Cong Yu AU - Lixin Li AU - Kui Wang AU - Wentao Yu PY - 2013/03 DA - 2013/03 TI - Protecting the Security and Privacy of the Virtual Machine through Privilege Separation BT - Proceedings of the 2nd International Conference on Computer Science and Electronics Engineering (ICCSEE 2013) PB - Atlantis Press SP - 2224 EP - 2228 SN - 1951-6851 UR - https://doi.org/10.2991/iccsee.2013.558 DO - 10.2991/iccsee.2013.558 ID - Yu2013/03 ER -