A performance analysis of ARM virtual machines secured using SELinux

被引：0

作者：

Paolino, Michele ^{[1
]}

Hamayun, Mian M. ^{[1
]}

Raho, Daniel ^{[1
]}

机构：

[1] Virtual Open Systems, Grenoble

来源：

Communications in Computer and Information Science | 2014年 / 470卷

关键词：

ARM virtualization; KVM ARM; MAC virtual machines; Mandatory access control (MAC); SELinux; VM security;

D O I：

10.1007/978-3-319-12574-9_3

中图分类号：

学科分类号：

摘要：

Virtualization of the ARM architecture is becoming increasingly popular in several domains. Thus security is one of the main concerns in modern virtualized embedded platforms. An effective way to enhance the security of these platforms is through a combination of virtualization and Mandatory Access Control (MAC) security policies. The aim of this paper is to discuss the performance overhead of MAC-secured virtual machines. We compare the I/O performance of a KVM/ARM guest running on a SELinux host with the one of a non-secured VM. The result of the comparison is unexpected, since the performance of the SELinux based VM is better than the non-secured VM. We present a detailed analysis based on a modified version of SELinux running on an ARM core, and highlight the main causes of the observed performance improvement. © Springer International Publishing Switzerland 2014.

引用

页码：28 / 36

页数：8

共 25 条

[11]

Park J., Kim B., Kim S.R., Yoon J.H., Cho Y., Performance analysis of security enforcement on android operating system, Proceedings of the 2011 ACM Symposium on Research in Applied Computation, pp. 282-286, (2011)

[12]

Pek G., Bencsath B., Et al., A survey of security issues in hardware virtualization. ACM Comput, Surv. (CSUR), 45, 3, (2013)

[13]

Pek G., Lanzi A., Srivastava A., Balzarotti D., Francillon A., Neumann C., On the feasibility of software attacks on commodity virtual machine monitors via direct device assignment, ACM Symposium on Information, Computer and Communications Security (ASIACCS), (2014)

[14]

Reuben J.S., A Survey on Virtual Machine Security, (2007)

[15]

Sailer R., Jaeger T., Valdez E., Caceres R., Perez R., Berger S., Griffin J.L., Van Doorn L., Building a MAC-based security architecture for the xen open-source hypervisor, 21St Annual Computer Security Applications Conference, (2005)

[16]

Sailer R., Valdez E., Jaeger T., Perez R., Van Doorn L., Griffin J.L., Berger S., Sailer R., Valdez E., Jaeger T., Et al., Shype: Secure Hypervisor Approach to Trusted Virtualized Systems, (2005)

[17]

Schreuders Z.C., McGill T., Payne C., Empowering end users to confine their own applications: The results of a usability study comparing SELinux, AppArmor, and FBAC-LSM. ACM Trans, Inf. Syst. Secur. (TISSEC), 14, 2, (2011)

[18]

Shabtai A., Fledel Y., Elovici Y., Securing android-powered mobile devices using SELinux, IEEE Secur. Priv, 8, 3, pp. 36-44, (2010)

[19]

Smalley S., Vance C., Salamon W., Implementing SELinux as a linux security module, NAI Labs Rep, 1, (2001)

[20]

Thapliyal M., Mandoria H.L., Garg N., Data security analysis in cloud environment: A review, Int. J. Innovations Adv. Comput. Sci, 2, 1, pp. 14-19, (2014)

← 1 2 3 →