Thank you for your interest in OSCKAR, our open source virtual machine (virtual appliance) security policy enforcement framework. Comments and criticisms are encouraged at our above e-mail addresses!
In this presentation we introduce our open source virtualization security policy enforcement framework called OSCKAR. We discuss how OSCKAR helps enforce the principle of least privilege in a virtualization environment, as well as how OSCKAR can enforce this principle for user applications and protect against malware. We present its architecture and benefits, including an extensible contract language that allows security experts and those that know the operating systems and applications best to specify the unique security and resource environment that is needed.
OSCKAR enables individuals to design virtual appliances--self-contained packages of any combination of pre-existing disk images, specifications for on-the-fly image generation, and environmental security policies--to allow the secure deployment of operating systems and end user applications. We have designed and implemented several front-ends for OSCKAR, covering use cases that include consolidated servers, public access terminals with kiosked operating systems, rapid recovery desktops, and application segregation.
USENIX Security Symposium 2009 WiPs Page
This page last updated: 2009-08-17 05:55:25 AM (EDT)