Xen Project Developer Summit has ended
Monday, August 18 • 2:00pm - 2:30pm
Xenstore Mandatory Access Control - James Bielman, Galois

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Mandatory Access Control (MAC) is a security model in which access
decisions are governed by a centralized security policy rather than
the system's users. Systems with MAC are better protected from
malicious or careless users and programs granting permissions that
violate a system's desired security goals.

Xen supports MAC at the hypervisor level via the Flask Xen Security
Module (XSM/Flask), building upon the widely used SELinux
infrastructure. However, other critical components of the Xen
architecture, such as Xenstore, are not covered by the XSM security

Galois has developed an implementation of mandatory access control for
a disaggregated Xenstore domain. In this presentation, James Bielman
will discuss the implementation of Xenstore's nested security server
in a Mirage-based Xen kernel.


James Bielman

Software Engineer, Galois
James Bielman is a software engineer at Galois, Inc, a Computer Science R&D company in Portland, OR. Galois does research in formal methods, programming language development, operating systems, compiler engineering, and security. Mr. Bielman has worked across a variety of projects... Read More →

Monday August 18, 2014 2:00pm - 2:30pm CDT

Attendees (0)