A performance analysis of ARM virtual machines secured using SELinux

被引：0

作者：

Paolino, Michele ^{[1
]}

Hamayun, Mian M. ^{[1
]}

Raho, Daniel ^{[1
]}

机构：

[1] Virtual Open Systems, Grenoble

来源：

Communications in Computer and Information Science | 2014年 / 470卷

关键词：

ARM virtualization; KVM ARM; MAC virtual machines; Mandatory access control (MAC); SELinux; VM security;

D O I：

10.1007/978-3-319-12574-9_3

中图分类号：

学科分类号：

摘要：

Virtualization of the ARM architecture is becoming increasingly popular in several domains. Thus security is one of the main concerns in modern virtualized embedded platforms. An effective way to enhance the security of these platforms is through a combination of virtualization and Mandatory Access Control (MAC) security policies. The aim of this paper is to discuss the performance overhead of MAC-secured virtual machines. We compare the I/O performance of a KVM/ARM guest running on a SELinux host with the one of a non-secured VM. The result of the comparison is unexpected, since the performance of the SELinux based VM is better than the non-secured VM. We present a detailed analysis based on a modified version of SELinux running on an ARM core, and highlight the main causes of the observed performance improvement. © Springer International Publishing Switzerland 2014.

引用

页码：28 / 36

页数：8

共 25 条

[1]

Barr J., The Flask Security Architecture, Comput. Sci, 574, (2002)

[2]

Coker G., Xen security modules (XSM), Xen Summit, pp. 1-33, (2006)

[3]

Coker R., Porting NSA security enhanced linux to hand-held devices, Proceedings of the Linux Symposium, Ottawa Linux Symposium, (2003)

[4]

Fiorin L., Ferrante A., Padarnitsas K., Regazzoni F., Security enhanced linux on embedded systems: A hardware-accelerated implementation, 17Th Asia and South Pacific Design Automation Conference (ASP-DAC), pp. 29-34, (2012)

[5]

Lepreau J., Spencer R., Smalley S., Loscocco P., Hibler M., Ersen D., The flask security architecture: System support for diverse security policies, SSYM’99 Proceedings of the 8Th Conference on USENIX Security Symposium, (2006)

[6]

Lindqvist H., Mandatory Access Control. Master’s Thesis in Computing Science, (2006)

[7]

Mayer F., Caplan D., Macmillan K., Selinux by Example: Using Security Enhanced Linux, (2006)

[8]

Nahari H., Trusted secure embedded linux, Proceedings of 2007 Linux Symposium, pp. 79-85, (2007)

[9]

Nakamura Y., Sameshima Y., SELinux for consumer electronics devices, Proceedings of Linux Symposium, pp. 125-133, (2008)

[10]

Paolino M., Svirt Security for KVM Virtualization on OMAP5 Uevm

← 1 2 3 →