OSCKAR Work-in-Progress (WiP) Talk

The OSCKAR Virtualization Security Policy Enforcement Framework

USENIX Security Symposium 2009 - August 14, 2009

Todd Deshane and Patrick F. Wilbur

{deshantm,wilburpf}@clarkson.edu - or, if they no longer work just Google us

Thank you for your interest in OSCKAR, our open source virtual machine (virtual appliance) security policy enforcement framework. Comments and criticisms are encouraged at our above e-mail addresses!

  1. Abstract
  2. Presentation Materials
    1. View Slides Online
  3. Further Reading
    1. About the OSCKAR Project
    2. About the Authors


In this presentation we introduce our open source virtualization security policy enforcement framework called OSCKAR. We discuss how OSCKAR helps enforce the principle of least privilege in a virtualization environment, as well as how OSCKAR can enforce this principle for user applications and protect against malware. We present its architecture and benefits, including an extensible contract language that allows security experts and those that know the operating systems and applications best to specify the unique security and resource environment that is needed.

OSCKAR enables individuals to design virtual appliances--self-contained packages of any combination of pre-existing disk images, specifications for on-the-fly image generation, and environmental security policies--to allow the secure deployment of operating systems and end user applications. We have designed and implemented several front-ends for OSCKAR, covering use cases that include consolidated servers, public access terminals with kiosked operating systems, rapid recovery desktops, and application segregation.

USENIX Security Symposium 2009 WiPs Page

Presentation Materials

View Slides Online


Further Reading

About the OSCKAR Project

About the Authors

This page last updated: 2009-08-17 05:55:25 AM (EDT)