Developer Summit 2009/Abstracts/Jaeger Virt - Revision history http://selinuxproject.org/w/?title=Developer_Summit_2009/Abstracts/Jaeger_Virt&action=history Revision history for this page on the wiki en MediaWiki 1.10.4 Fri, 24 May 2013 02:13:11 GMT JamesMorris at 09:43, 2 July 2009 http://selinuxproject.org/w/?title=Developer_Summit_2009/Abstracts/Jaeger_Virt&diff=597&oldid=prev <p></p> <table border='0' width='98%' cellpadding='0' cellspacing='4' style="background-color: white;"> <tr> <td colspan='2' width='50%' align='center' style="background-color: white;">←Older revision</td> <td colspan='2' width='50%' align='center' style="background-color: white;">Revision as of 09:43, 2 July 2009</td> </tr> <tr><td colspan="2" align="left"><strong>Line 5:</strong></td> <td colspan="2" align="left"><strong>Line 5:</strong></td></tr> <tr><td> </td><td style="background: #eee; font-size: smaller;">== Topic ==</td><td> </td><td style="background: #eee; font-size: smaller;">== Topic ==</td></tr> <tr><td> </td><td style="background: #eee; font-size: smaller;"></td><td> </td><td style="background: #eee; font-size: smaller;"></td></tr> <tr><td>-</td><td style="background: #ffa; font-size: smaller;"><del style="color: red; font-weight: bold; text-decoration: none;">Anslysis </del>of Flask Policies in VM Systems</td><td>+</td><td style="background: #cfc; font-size: smaller;"><ins style="color: red; font-weight: bold; text-decoration: none;">Analysis </ins>of Flask Policies in VM Systems</td></tr> <tr><td> </td><td style="background: #eee; font-size: smaller;"></td><td> </td><td style="background: #eee; font-size: smaller;"></td></tr> <tr><td> </td><td style="background: #eee; font-size: smaller;">== Abstract ==</td><td> </td><td style="background: #eee; font-size: smaller;">== Abstract ==</td></tr> </table> Thu, 02 Jul 2009 09:43:21 GMT JamesMorris http://selinuxproject.org/page/Talk:Developer_Summit_2009/Abstracts/Jaeger_Virt JamesMorris: New page: == Author == Trent Jaeger == Topic == Anslysis of Flask Policies in VM Systems == Abstract == With the introduction of the Xen Security Modules with support for Flask MAC policies, we... http://selinuxproject.org/w/?title=Developer_Summit_2009/Abstracts/Jaeger_Virt&diff=595&oldid=prev <p>New page: == Author == Trent Jaeger == Topic == Anslysis of Flask Policies in VM Systems == Abstract == With the introduction of the Xen Security Modules with support for Flask MAC policies, we...</p> <p><b>New page</b></p><div>== Author ==<br /> <br /> Trent Jaeger<br /> <br /> == Topic ==<br /> <br /> Anslysis of Flask Policies in VM Systems<br /> <br /> == Abstract ==<br /> <br /> With the introduction of the Xen Security Modules with support for<br /> Flask MAC policies, we are presented with the opportunity to enforce<br /> mandatory policies comprehensively over all virtual machines. A<br /> question is whether the combination of SELinux policies in the VMs and<br /> the XSM/Flask policy in the VMM ensure comprehensive enforcement of a<br /> consistent view of security. At Penn State University, we are<br /> developing a policy analysis tool for VM systems that infers a system<br /> security goal from the relationships among VMs and determines whether<br /> the Flask and SELinux policies comply with that goal. In this talk,<br /> we will present the design of this analysis and demonstrate how to use<br /> the tool to identify and resolve policy specifications that conflict<br /> with the security goal. The key feature of the tool design is that we<br /> consider interactions between VMs without considering the internal VM<br /> policies. Only if we cannot prove that all inter-VM accesses are safe<br /> do we examine that VM's SELinux policy. We can show a demonstration<br /> of the system on real XSM/Flask and SELinux VM policies.</div> Thu, 02 Jul 2009 09:41:52 GMT JamesMorris http://selinuxproject.org/page/Talk:Developer_Summit_2009/Abstracts/Jaeger_Virt