The OSCKAR Virtualization Security Policy Enforcement Framework

OSCKAR Project Homepage

  1. Overview
  2. Project Status
  3. Getting Involved
  4. Further Reading
    1. Presentations
    2. Project Team
    3. Other Virtualization Work at Clarkson

Overview

Here we present our open source virtualization security policy enforcement framework called OSCKAR. OSCKAR helps enforce the principle of least privilege in a virtualization environment, and also enforces this principle for user applications to help protect against malware. OSCKAR employs a combination between intrusion prevention (resource access control), intrusion detection (resource abuse monitoring), and intrusion response, all at a level outside of the operating systems and applications being protected. At the heart of the OSCKAR architecture is a powerful and very extensible policy enforcement engine and security contract specification, which enable those experts that know the operating systems and applications best (developers, maintainers, or other trusted sources) to specify the unique runtime environment that is required in order to run these operating systems and applications safely.

OSCKAR enables individuals to design virtual appliances--self-contained packages of any combination of pre-existing disk images, specifications for on-the-fly image generation, and environmental security policies--to allow the secure deployment of operating systems and end user applications. To date, we have designed and implemented several front-ends for OSCKAR that demonstrate OSCKAR's extensibility and configurability (thanks to its policy enforcement engine and contract specification), covering use cases that include consolidated servers, public access terminals with kiosked operating systems, rapid recovery desktops, and application segregation.

Project Status

OSCKAR is a work-in-progress. This website will be updated with source code, publications, and presentations that result from our work on our commonground OSCKAR core.

Getting Involved

If you would like more information about OSCKAR, or would like to participate in discussion about or contribute to the development of OSCKAR, please e-mail both: {deshantm,wilburpf}@clarkson.edu

Thank you for your interest in OSCKAR!

Further Reading

Presentations

Project Team and Helpful People

Other Virtualization Work at Clarkson


This page last updated: 2009-08-17 06:39:50 AM (EDT)