Virtual Machines - Security Qualities

The main goal of the project Object- and Service-Based Security is to clarify which security functionality could be transformed into services, and to consider which security functionality that potentially could be bound to distributed information objects. Virtual machines are relevant for both parts of the project. Therefore, a literature study is reported, concentrating on the isolation and separation capabilities of hypervisors, which are minimal virtual machine monitors. The isolation and separation capabilities are central to achieve assured security. The report starts with general hypervisors, and then focuses on the open source hypervisor Xen. The conclusions of the study are that the separation capability of a hypervisor is of the same kind as that of a separation kernel. However, unlike separation kernel there is no authoritatively security evaluated hypervisor. Some literature, on what assurance level that could be achieved, is referred to. Likewise, research projects on mandatory access control in the Xen hypervisor are referred. This is a step towards the vision of object-based security. References on risks with virtual machines are also included.