Enterprise Scale Separation VMM Systems

Myong Kang
U.S. Naval Research Laboratory

We explain how the strong security separation provided by separation VMMs is preserved under enterprise scale use. Enterprise scale use includes multiple separation policies, composite policies on individual hosts, multiple service level agreements addressing different threat models, and support for elasticity. We explain how an enclave abstraction accomplishes this and describe an architecture that uses Xenon’s MSM security module to support the enclave abstraction on local hosts.

🔎 Xen