Multi-Level Security Requirements for Hypervisors

Paul Karger
IBM T. J. Watson Research Center

Using hypervisors or virtual machine monitors for security has become very popular in recent years, and a number of proposals have been made for supporting multi-level security on secure hypervisors, including PR/SM, NetTop, sHype, and others. This paper looks at the requirements that users of MLS systems will have and discusses their implications on the design of multi-level secure hypervisors. It contrasts the new directions for secure hypervisors with the earlier efforts of KVM/370 and Digital’s A1-secure VMM kernel.

Keywords: multi-level security, virtual machine monitors, hypervisors

Read Paper Read Paper (in PDF)