Policy enforcement and compliance proofs for Xen virtual machines

Abstract

We address the problem of integrity management in a virtualized environment. We introduce a formal integrity model for managing the integrity of arbitrary aspects of a virtualized system. Based on the model, we describe an architecture called PEV, which stands for protection, enforcement, and verification. The architecture generalizes the integrity management functions of the Trusted Platform Module (TPM) to cover not just software binaries, but also VMs, virtual devices, and a wide range of security policies. The architecture enables the verification of security compliance and enforcement of security policies. We describe a prototype implementation of the architecture based on the Xen hypervisor. We demonstrate the policy enforcement and compliance checking capabilities of our prototype through multiple use cases.Copyright ©2008 ACM.