Loading…
This event has ended. Create your own event → Check it out
This event has ended. Create your own
View analytic
Monday, August 18 • 2:00pm - 2:30pm
Xenstore Mandatory Access Control - James Bielman, Galois

Sign up or log in to save this to your schedule and see who's attending!

Mandatory Access Control (MAC) is a security model in which access
decisions are governed by a centralized security policy rather than
the system's users. Systems with MAC are better protected from
malicious or careless users and programs granting permissions that
violate a system's desired security goals.

Xen supports MAC at the hypervisor level via the Flask Xen Security
Module (XSM/Flask), building upon the widely used SELinux
infrastructure. However, other critical components of the Xen
architecture, such as Xenstore, are not covered by the XSM security
policy.

Galois has developed an implementation of mandatory access control for
a disaggregated Xenstore domain. In this presentation, James Bielman
will discuss the implementation of Xenstore's nested security server
in a Mirage-based Xen kernel.

Speakers
JB

James Bielman

Software Engineer, Galois
James Bielman is a software engineer at Galois, Inc, a Computer Science R&D company in Portland, OR. Galois does research in formal methods, programming language development, operating systems, compiler engineering, and security. Mr. Bielman has worked across a variety of projects in and around security policies and embedded system control, including work on policy formulation and analysis, policy implementation, and higher-assurance... Read More →


Monday August 18, 2014 2:00pm - 2:30pm
Erie

Attendees (8)