ACM实践与分析
This presentation is the property of its rightful owner.
Sponsored Links
1 / 12

ACM实践与分析 PowerPoint PPT Presentation


  • 73 Views
  • Uploaded on
  • Presentation posted in: General

ACM实践与分析. ACM策略(/etc/xen/acm-security/policy). <SimpleTypeEnforcement> <SimpleTypeEnforcementTypes> <Type> <ChineseWall> <ChineseWallTypes> <Type> <ConflictSets> <Conflict> <Type>. ACM策略-Types. ACM策略-Labels. <SecurityLabelTemplate> <SubjectLabels> <VirtualMachineLabel>

Download Presentation

ACM实践与分析

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Acm

ACM实践与分析


Acm etc xen acm security policy

ACM策略(/etc/xen/acm-security/policy)


Acm types

<SimpleTypeEnforcement>

<SimpleTypeEnforcementTypes>

<Type>

<ChineseWall>

<ChineseWallTypes>

<Type>

<ConflictSets>

<Conflict>

<Type>

ACM策略-Types


Acm labels

ACM策略-Labels

<SecurityLabelTemplate>

<SubjectLabels>

<VirtualMachineLabel>

<Name>

<SimpleTypeEnforcementTypes>

<Type>

<ChineseWallTypes>

<Type>

<ObjectLabels>

<ResourceLabel>

<Name>

<SimpleTypeEnforcementTypes>

<Type>


Acm

源码结构

  • Xen/xsm

  • Xen/xsm/acm

  • Xen/include/xsm

  • Xen/include/xsm/acm

  • /xen/include/public/xsm


Acm

XSM钩子

  • dom0_ops.c|domain.c|grant_table.c

  • event_channel.c|setup.c|mm.c


Acm

ACM实现钩子

struct xsm_operations acm_xsm_ops = {

.domain_create = acm_domain_create,

.free_security_domain = acm_domain_destroy,

.grant_mapref = acm_grant_mapref,

.evtchn_unbound = acm_evtchn_unbound,

.evtchn_interdomain = acm_evtchn_interdomain,

.security_domaininfo = acm_security_domaininfo,

.__do_xsm_op = do_acm_op,

};


Acm

ACM钩子

  • policy management functions

  • domain management control hooks

  • event channel control hooks

  • grant table control hooks

  • generic domain-requested decision hooks

  • determine whether the default policy is installed

  • acm_operations

    • acm_null_ops

    • acm_chinesewall_ops

    • acm_simple_type_enforcement_ops


Acm

XSM初始化

_start_xen()

do_xsm_initcalls

__xsm_initcall_start

xsm_init()

.......

xsm_policy_init()

__xsm_initcall_start


Acm

ACM初始化

acm_init

acm_setup

do_acm_set_policy

acm_init_binary_policy

_acm_update_policy

dom0_ste_ssidref

dom0_chwall_ssidref

acm_init_binary_policy

register_xsm


Chinesewall

ChineseWall冲突判别算法

ssidrefs

conflict_sets


Acm

感谢您的关注


  • Login