VM
(Subject)
Hook
Object
Core Hypervisor
Access
Control
Module
1. H_Call
2. Authorization Query
3. Authorization Decision
Hypervisor
Binary
Security
Policy
Security
Policy
Manager
VM
XML
Security
Policy
Figure 4. sHype security reference monitor
We describe the control architecture in the context of the
hypervisor, but it will also be used in the MAC domains.
Figure 4 shows the sHype access control architecture as part
of the core hypervisor and depicts the relationships between
its three major design components.
Security enforcement
hooks are carefully inserted into the core hypervisor and
cover references of VMs to virtual resources. Enforcement
hooks retrieve access control decisions from the
access con-
trol module (ACM).
The ACM authorizes access of VMs to resources based
on the policy rules and the security labels attached to VMs
(CW-types, TE-types) and resources (TE-types). The
for-
mal security policy defines these access rules as well as the
structure and interpretation of security labels for VMs and
resources. Finally, a hypervisor interface enables trusted
policy-management VMs to manage the ACM security pol-
icy.
Do'stlaringiz bilan baham: 
