Applying Virtual Machine Technology to Achieve Multi-Level Security: A Conceptual Technical Overview

PDF

Authors
  1. Henderson, G.
  2. Tremblay, L.
Corporate Authors
Defence R&D Canada - Ottawa, Ottawa ONT (CAN);Cinnabar Networks, Ottawa Ont (CAN)
Abstract
This document presents a conceptual technical overview for utilizing virtual machine (VM) technology to achieve a Multi-Level Secure (MLS) solution. The goal of this effort is to define a solution architecture that can leverage the savings in space and infrastructure that can be realized through the use of virtual system images while still adhering to the security principles that define an MLS environment. As part of this effort, an emphasis has been made to illustrate the isolation that exists between virtual machines and the hosting environment in the areas of information processing, information storage and information transmission. This document provides an architectural approach that utilizes VM images that are distributed according to a flexible, yet secure, policy. This policy defines the conditions under which potentially sensitive system images can be distributed and accessed. It is the position of this paper that VM technology can be leveraged to provide a more effective MLS solution while still maintaining the needed separation to ensure sensitive data assets are protected.
Report Number
DRDC-OTTAWA-CR-2006-087 — Contractor Report
Date of publication
01 Mar 2006
Number of Pages
72
DSTKIM No
CA027380
CANDIS No
525475
Format(s):
CD ROM

Permanent link

Document 1 of 1

Date modified: