A Separation Model for Virtual Machine Monitors

Oakland, CA May 20-May 22

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/RISP.1991.130776

1991 IEEE Symposium on Security and P ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Nancy L. Kelem Articles by Richard J. Feiertag

	ASCII Text	x
	Nancy L. Kelem, Richard J. Feiertag, "A Separation Model for Virtual Machine Monitors," Security and Privacy, IEEE Symposium on, pp. 78, 1991 IEEE Symposium on Security and Privacy, 1991.

	BibTex	x
	@article{ 10.1109/RISP.1991.130776, author = {Nancy L. Kelem and Richard J. Feiertag}, title = {A Separation Model for Virtual Machine Monitors}, journal ={Security and Privacy, IEEE Symposium on}, volume = {0}, year = {1991}, issn = {1540-7993}, pages = {78}, doi = {http://doi.ieeecomputersociety.org/10.1109/RISP.1991.130776}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Security and Privacy, IEEE Symposium on TI - A Separation Model for Virtual Machine Monitors SN - 1540-7993 SP EP A1 - Nancy L. Kelem, A1 - Richard J. Feiertag, PY - 1991 KW - null VL - 0 JA - Security and Privacy, IEEE Symposium on ER -

Nancy L. Kelem

Richard J. Feiertag

This paper presents a security policy for separation Virtual Machine Monitors (SVMMS) and interprets Rushby 's Separation Model R USH81] for SVMMS. 44 Applying the technique of [ USH81] yields a practical method for demonstrating that an implementation of an SVMM adheres to the abstract Isolation Axiom of the Separation Model, thus providing relatively strong assurance for a low level of effort. First we describe the relevant characteristics of SVMMS, and note the applicable formal modeling requirements. Next we present a summary of the SVMM Separation Model, a modification of the original model presented in [R USH81 . The Separation Model technique permits a proof of separability among the operating systems under control of the kernel of an SVMM. We supply an interpretation of the elements of the Separation Model using concepts from SVMMS. Finally, we relate this work to similar applications of the Separation Model.

Citation:

Nancy L. Kelem, Richard J. Feiertag, "A Separation Model for Virtual Machine Monitors," sp, pp.78, 1991 IEEE Symposium on Security and Privacy, 1991

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.