slide1
Download
Skip this Video
Download Presentation
ACM实践与分析

Loading in 2 Seconds...

play fullscreen
1 / 12

ACM实践与分析 - PowerPoint PPT Presentation


  • 143 Views
  • Uploaded on

ACM实践与分析. ACM策略(/etc/xen/acm-security/policy). <SimpleTypeEnforcement> <SimpleTypeEnforcementTypes> <Type> <ChineseWall> <ChineseWallTypes> <Type> <ConflictSets> <Conflict> <Type>. ACM策略-Types. ACM策略-Labels. <SecurityLabelTemplate> <SubjectLabels> <VirtualMachineLabel>

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' ACM实践与分析' - delano


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
acm types
<SimpleTypeEnforcement>

<SimpleTypeEnforcementTypes>

<Type>

<ChineseWall>

<ChineseWallTypes>

<Type>

<ConflictSets>

<Conflict>

<Type>

ACM策略-Types
acm labels
ACM策略-Labels

<SecurityLabelTemplate>

<SubjectLabels>

<VirtualMachineLabel>

<Name>

<SimpleTypeEnforcementTypes>

<Type>

<ChineseWallTypes>

<Type>

<ObjectLabels>

<ResourceLabel>

<Name>

<SimpleTypeEnforcementTypes>

<Type>

slide5
源码结构
  • Xen/xsm
  • Xen/xsm/acm
  • Xen/include/xsm
  • Xen/include/xsm/acm
  • /xen/include/public/xsm
slide6
XSM钩子
  • dom0_ops.c|domain.c|grant_table.c
  • event_channel.c|setup.c|mm.c
slide7
ACM实现钩子

struct xsm_operations acm_xsm_ops = {

.domain_create = acm_domain_create,

.free_security_domain = acm_domain_destroy,

.grant_mapref = acm_grant_mapref,

.evtchn_unbound = acm_evtchn_unbound,

.evtchn_interdomain = acm_evtchn_interdomain,

.security_domaininfo = acm_security_domaininfo,

.__do_xsm_op = do_acm_op,

};

slide8
ACM钩子
  • policy management functions
  • domain management control hooks
  • event channel control hooks
  • grant table control hooks
  • generic domain-requested decision hooks
  • determine whether the default policy is installed
  • acm_operations
    • acm_null_ops
    • acm_chinesewall_ops
    • acm_simple_type_enforcement_ops
slide9
XSM初始化

_start_xen()

do_xsm_initcalls

__xsm_initcall_start

xsm_init()

.......

xsm_policy_init()

__xsm_initcall_start

slide10
ACM初始化

acm_init

acm_setup

do_acm_set_policy

acm_init_binary_policy

_acm_update_policy

dom0_ste_ssidref

dom0_chwall_ssidref

acm_init_binary_policy

register_xsm

chinesewall
ChineseWall冲突判别算法

ssidrefs

conflict_sets

ad