Analysing Flow Security Properties in Virtualised Computing Systems
This work addresses security vulnerabilities in virtualized environments, which is an incremental improvement for cloud computing and cybersecurity domains.
The paper tackles the problem of analyzing information leakage in virtualized computing systems with mobility by proposing a formal language CSP_{4v} and a type system to enforce a cache flow policy, resulting in a method to control leakage from process executions, communications, and cache side channels.
This paper studies the problem of reasoning about flow security properties in virtualised computing networks with mobility from perspective of formal language. We propose a distributed process algebra CSP_{4v} with security labelled processes for the purpose of formal modelling of virtualised computing systems. Specifically, information leakage can come from observations on process executions, communications and from cache side channels in the virtualised environment. We describe a cache flow policy to identify such flows. A type system of the language is presented to enforce the flow policy and control the leakage introduced by observing behaviours of communicating processes and behaviours of virtual machine (VM) instances during accessing shared memory cache.