{"id":"https:\/\/openalex.org\/W2013773577","doi":"https:\/\/doi.org\/10.1145\/1278901.1278905","title":"A layered approach to simplified access control in virtualized systems","display_name":"A layered approach to simplified access control in virtualized systems","publication_year":2007,"publication_date":"2007-07-01","ids":{"openalex":"https:\/\/openalex.org\/W2013773577","doi":"https:\/\/doi.org\/10.1145\/1278901.1278905","mag":"2013773577"},"language":"en","primary_location":{"id":"doi:10.1145\/1278901.1278905","is_oa":false,"landing_page_url":"https:\/\/doi.org\/10.1145\/1278901.1278905","pdf_url":null,"source":{"id":"https:\/\/openalex.org\/S50071195","display_name":"ACM SIGOPS Operating Systems Review","issn_l":"0163-5980","issn":["0163-5980","1943-586X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https:\/\/openalex.org\/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https:\/\/openalex.org\/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM SIGOPS Operating Systems Review","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https:\/\/openalex.org\/A5028165639","display_name":"Bryan D. Payne","orcid":null},"institutions":[{"id":"https:\/\/openalex.org\/I130701444","display_name":"Georgia Institute of Technology","ror":"https:\/\/ror.org\/01zkghx44","country_code":"US","type":"education","lineage":["https:\/\/openalex.org\/I130701444"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Bryan D. Payne","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA","Georgia Institute of Technology Atlanta, GA"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA","institution_ids":["https:\/\/openalex.org\/I130701444"]},{"raw_affiliation_string":"Georgia Institute of Technology Atlanta, GA","institution_ids":["https:\/\/openalex.org\/I130701444"]}]},{"author_position":"middle","author":{"id":"https:\/\/openalex.org\/A5015743671","display_name":"Reiner Sailer","orcid":null},"institutions":[{"id":"https:\/\/openalex.org\/I1341412227","display_name":"IBM (United States)","ror":"https:\/\/ror.org\/05hh8d621","country_code":"US","type":"company","lineage":["https:\/\/openalex.org\/I1341412227"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Reiner Sailer","raw_affiliation_strings":["IBM T.J. Watson Research Center, Hawthorne, NY"],"affiliations":[{"raw_affiliation_string":"IBM T.J. Watson Research Center, Hawthorne, NY","institution_ids":["https:\/\/openalex.org\/I1341412227"]}]},{"author_position":"middle","author":{"id":"https:\/\/openalex.org\/A5103580206","display_name":"Ram\u00f3n C\u00e1ceres","orcid":null},"institutions":[{"id":"https:\/\/openalex.org\/I1341412227","display_name":"IBM (United States)","ror":"https:\/\/ror.org\/05hh8d621","country_code":"US","type":"company","lineage":["https:\/\/openalex.org\/I1341412227"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ram\u00f3n C\u00e1ceres","raw_affiliation_strings":["IBM T.J. Watson Research Center, Hawthorne, NY"],"affiliations":[{"raw_affiliation_string":"IBM T.J. Watson Research Center, Hawthorne, NY","institution_ids":["https:\/\/openalex.org\/I1341412227"]}]},{"author_position":"middle","author":{"id":"https:\/\/openalex.org\/A5078907282","display_name":"Ron Perez","orcid":null},"institutions":[{"id":"https:\/\/openalex.org\/I1341412227","display_name":"IBM (United States)","ror":"https:\/\/ror.org\/05hh8d621","country_code":"US","type":"company","lineage":["https:\/\/openalex.org\/I1341412227"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ron Perez","raw_affiliation_strings":["IBM T.J. Watson Research Center, Hawthorne, NY"],"affiliations":[{"raw_affiliation_string":"IBM T.J. Watson Research Center, Hawthorne, NY","institution_ids":["https:\/\/openalex.org\/I1341412227"]}]},{"author_position":"last","author":{"id":"https:\/\/openalex.org\/A5047140382","display_name":"Wenke Lee","orcid":"https:\/\/orcid.org\/0000-0003-2761-1277"},"institutions":[{"id":"https:\/\/openalex.org\/I130701444","display_name":"Georgia Institute of Technology","ror":"https:\/\/ror.org\/01zkghx44","country_code":"US","type":"education","lineage":["https:\/\/openalex.org\/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wenke Lee","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, GA","Georgia Institute of Technology Atlanta, GA"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, GA","institution_ids":["https:\/\/openalex.org\/I130701444"]},{"raw_affiliation_string":"Georgia Institute of Technology Atlanta, GA","institution_ids":["https:\/\/openalex.org\/I130701444"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https:\/\/openalex.org\/A5028165639"],"corresponding_institution_ids":["https:\/\/openalex.org\/I130701444"],"apc_list":null,"apc_paid":null,"fwci":6.2785,"has_fulltext":false,"cited_by_count":37,"citation_normalized_percentile":{"value":0.96122545,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":"41","issue":"4","first_page":"12","last_page":"19"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https:\/\/openalex.org\/T11424","display_name":"Security and Verification in Computing","score":1,"subfield":{"id":"https:\/\/openalex.org\/subfields\/1702","display_name":"Artificial Intelligence"},"field":{"id":"https:\/\/openalex.org\/fields\/17","display_name":"Computer Science"},"domain":{"id":"https:\/\/openalex.org\/domains\/3","display_name":"Physical Sciences"}},"topics":[{"id":"https:\/\/openalex.org\/T11424","display_name":"Security and Verification in Computing","score":1,"subfield":{"id":"https:\/\/openalex.org\/subfields\/1702","display_name":"Artificial Intelligence"},"field":{"id":"https:\/\/openalex.org\/fields\/17","display_name":"Computer Science"},"domain":{"id":"https:\/\/openalex.org\/domains\/3","display_name":"Physical Sciences"}},{"id":"https:\/\/openalex.org\/T10927","display_name":"Access Control and Trust","score":0.9980000257492065,"subfield":{"id":"https:\/\/openalex.org\/subfields\/3312","display_name":"Sociology and Political Science"},"field":{"id":"https:\/\/openalex.org\/fields\/33","display_name":"Social Sciences"},"domain":{"id":"https:\/\/openalex.org\/domains\/2","display_name":"Social Sciences"}},{"id":"https:\/\/openalex.org\/T11614","display_name":"Cloud Data Security Solutions","score":0.9979000091552734,"subfield":{"id":"https:\/\/openalex.org\/subfields\/1710","display_name":"Information Systems"},"field":{"id":"https:\/\/openalex.org\/fields\/17","display_name":"Computer Science"},"domain":{"id":"https:\/\/openalex.org\/domains\/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https:\/\/openalex.org\/keywords\/hypervisor","display_name":"Hypervisor","score":0.9409953355789185},{"id":"https:\/\/openalex.org\/keywords\/computer-science","display_name":"Computer science","score":0.8624812364578247},{"id":"https:\/\/openalex.org\/keywords\/mandatory-access-control","display_name":"Mandatory access control","score":0.8238837122917175},{"id":"https:\/\/openalex.org\/keywords\/access-control","display_name":"Access control","score":0.7094749808311462},{"id":"https:\/\/openalex.org\/keywords\/virtual-machine","display_name":"Virtual machine","score":0.5616849064826965},{"id":"https:\/\/openalex.org\/keywords\/trusted-computing-base","display_name":"Trusted computing base","score":0.5344072580337524},{"id":"https:\/\/openalex.org\/keywords\/overhead","display_name":"Overhead (engineering)","score":0.5077224969863892},{"id":"https:\/\/openalex.org\/keywords\/computer-security","display_name":"Computer security","score":0.5052962899208069},{"id":"https:\/\/openalex.org\/keywords\/security-policy","display_name":"Security policy","score":0.4931945204734802},{"id":"https:\/\/openalex.org\/keywords\/abstraction","display_name":"Abstraction","score":0.47525784373283386},{"id":"https:\/\/openalex.org\/keywords\/enforcement","display_name":"Enforcement","score":0.43023407459259033},{"id":"https:\/\/openalex.org\/keywords\/operating-system","display_name":"Operating system","score":0.3751291036605835},{"id":"https:\/\/openalex.org\/keywords\/distributed-computing","display_name":"Distributed computing","score":0.3607414960861206},{"id":"https:\/\/openalex.org\/keywords\/virtualization","display_name":"Virtualization","score":0.32749712467193604},{"id":"https:\/\/openalex.org\/keywords\/role-based-access-control","display_name":"Role-based access control","score":0.24921002984046936},{"id":"https:\/\/openalex.org\/keywords\/cloud-computing","display_name":"Cloud computing","score":0.19880974292755127},{"id":"https:\/\/openalex.org\/keywords\/cloud-computing-security","display_name":"Cloud computing security","score":0.16896647214889526}],"concepts":[{"id":"https:\/\/openalex.org\/C112904061","wikidata":"https:\/\/www.wikidata.org\/wiki\/Q1077480","display_name":"Hypervisor","level":4,"score":0.9409953355789185},{"id":"https:\/\/openalex.org\/C41008148","wikidata":"https:\/\/www.wikidata.org\/wiki\/Q21198","display_name":"Computer science","level":0,"score":0.8624812364578247},{"id":"https:\/\/openalex.org\/C2777407602","wikidata":"https:\/\/www.wikidata.org\/wiki\/Q1888932","display_name":"Mandatory access control","level":4,"score":0.8238837122917175},{"id":"https:\/\/openalex.org\/C527821871","wikidata":"https:\/\/www.wikidata.org\/wiki\/Q228502","display_name":"Access control","level":2,"score":0.7094749808311462},{"id":"https:\/\/openalex.org\/C25344961","wikidata":"https:\/\/www.wikidata.org\/wiki\/Q192726","display_name":"Virtual machine","level":2,"score":0.5616849064826965},{"id":"https:\/\/openalex.org\/C147346212","wikidata":"https:\/\/www.wikidata.org\/wiki\/Q5492632","display_name":"Trusted computing base","level":4,"score":0.5344072580337524},{"id":"https:\/\/openalex.org\/C2779960059","wikidata":"https:\/\/www.wikidata.org\/wiki\/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.5077224969863892},{"id":"https:\/\/openalex.org\/C38652104","wikidata":"https:\/\/www.wikidata.org\/wiki\/Q3510521","display_name":"Computer security","level":1,"score":0.5052962899208069},{"id":"https:\/\/openalex.org\/C154908896","wikidata":"https:\/\/www.wikidata.org\/wiki\/Q2167404","display_name":"Security policy","level":2,"score":0.4931945204734802},{"id":"https:\/\/openalex.org\/C124304363","wikidata":"https:\/\/www.wikidata.org\/wiki\/Q673661","display_name":"Abstraction","level":2,"score":0.47525784373283386},{"id":"https:\/\/openalex.org\/C2779777834","wikidata":"https:\/\/www.wikidata.org\/wiki\/Q4202277","display_name":"Enforcement","level":2,"score":0.43023407459259033},{"id":"https:\/\/openalex.org\/C111919701","wikidata":"https:\/\/www.wikidata.org\/wiki\/Q9135","display_name":"Operating system","level":1,"score":0.3751291036605835},{"id":"https:\/\/openalex.org\/C120314980","wikidata":"https:\/\/www.wikidata.org\/wiki\/Q180634","display_name":"Distributed computing","level":1,"score":0.3607414960861206},{"id":"https:\/\/openalex.org\/C513985346","wikidata":"https:\/\/www.wikidata.org\/wiki\/Q270471","display_name":"Virtualization","level":3,"score":0.32749712467193604},{"id":"https:\/\/openalex.org\/C45567728","wikidata":"https:\/\/www.wikidata.org\/wiki\/Q1702839","display_name":"Role-based access control","level":3,"score":0.24921002984046936},{"id":"https:\/\/openalex.org\/C79974875","wikidata":"https:\/\/www.wikidata.org\/wiki\/Q483639","display_name":"Cloud computing","level":2,"score":0.19880974292755127},{"id":"https:\/\/openalex.org\/C184842701","wikidata":"https:\/\/www.wikidata.org\/wiki\/Q370563","display_name":"Cloud computing security","level":3,"score":0.16896647214889526},{"id":"https:\/\/openalex.org\/C17744445","wikidata":"https:\/\/www.wikidata.org\/wiki\/Q36442","display_name":"Political science","level":0,"score":0},{"id":"https:\/\/openalex.org\/C199539241","wikidata":"https:\/\/www.wikidata.org\/wiki\/Q7748","display_name":"Law","level":1,"score":0},{"id":"https:\/\/openalex.org\/C138885662","wikidata":"https:\/\/www.wikidata.org\/wiki\/Q5891","display_name":"Philosophy","level":0,"score":0},{"id":"https:\/\/openalex.org\/C111472728","wikidata":"https:\/\/www.wikidata.org\/wiki\/Q9471","display_name":"Epistemology","level":1,"score":0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145\/1278901.1278905","is_oa":false,"landing_page_url":"https:\/\/doi.org\/10.1145\/1278901.1278905","pdf_url":null,"source":{"id":"https:\/\/openalex.org\/S50071195","display_name":"ACM SIGOPS Operating Systems Review","issn_l":"0163-5980","issn":["0163-5980","1943-586X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https:\/\/openalex.org\/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https:\/\/openalex.org\/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM SIGOPS Operating Systems Review","raw_type":"journal-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.96.9096","is_oa":false,"landing_page_url":"http:\/\/citeseerx.ist.psu.edu\/viewdoc\/summary?doi=10.1.1.96.9096","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http:\/\/www.kiskeya.net\/ramon\/work\/pubs\/osr07.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6499999761581421,"id":"https:\/\/metadata.un.org\/sdg\/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":39,"referenced_works":["https:\/\/openalex.org\/W154231405","https:\/\/openalex.org\/W186541711","https:\/\/openalex.org\/W1519988981","https:\/\/openalex.org\/W1568755417","https:\/\/openalex.org\/W1606635928","https:\/\/openalex.org\/W1641762327","https:\/\/openalex.org\/W1970873125","https:\/\/openalex.org\/W1974101162","https:\/\/openalex.org\/W1991895580","https:\/\/openalex.org\/W1993163335","https:\/\/openalex.org\/W1994476536","https:\/\/openalex.org\/W2008418582","https:\/\/openalex.org\/W2040234252","https:\/\/openalex.org\/W2065076704","https:\/\/openalex.org\/W2066459581","https:\/\/openalex.org\/W2088402484","https:\/\/openalex.org\/W2098375905","https:\/\/openalex.org\/W2099137371","https:\/\/openalex.org\/W2103444363","https:\/\/openalex.org\/W2105480298","https:\/\/openalex.org\/W2117882778","https:\/\/openalex.org\/W2117898742","https:\/\/openalex.org\/W2121251946","https:\/\/openalex.org\/W2124936107","https:\/\/openalex.org\/W2131726714","https:\/\/openalex.org\/W2132185316","https:\/\/openalex.org\/W2147448476","https:\/\/openalex.org\/W2149684006","https:\/\/openalex.org\/W2160612883","https:\/\/openalex.org\/W2166004296","https:\/\/openalex.org\/W2168084064","https:\/\/openalex.org\/W2174103411","https:\/\/openalex.org\/W2339547367","https:\/\/openalex.org\/W2362831978","https:\/\/openalex.org\/W2914982603","https:\/\/openalex.org\/W4206796831","https:\/\/openalex.org\/W4238764625","https:\/\/openalex.org\/W4244704438","https:\/\/openalex.org\/W6707703378"],"related_works":["https:\/\/openalex.org\/W2148749405","https:\/\/openalex.org\/W2104105430","https:\/\/openalex.org\/W1515917392","https:\/\/openalex.org\/W2743348030","https:\/\/openalex.org\/W1973516247","https:\/\/openalex.org\/W2179519055","https:\/\/openalex.org\/W2050621158","https:\/\/openalex.org\/W4387237709","https:\/\/openalex.org\/W2013773577","https:\/\/openalex.org\/W2295390884"],"abstract_inverted_index":{"In":[0],"this":[1,146],"work,":[2],"we":[3],"show":[4,101],"how":[5],"the":[6,22,30,53,85,92,98,103,154],"abstraction":[7],"layer":[8,114],"created":[9],"by":[10],"a":[11,58,71,136,151,161],"hypervisor,":[12],"or":[13],"virtual":[14,75],"machine":[15],"monitor,":[16],"can":[17,115],"be":[18,116],"leveraged":[19],"to":[20,77,126,149],"reduce":[21],"complexity":[23],"of":[24,95,105,156],"mandatory":[25,62,157],"access":[26,34,63,158],"control":[27,35],"policies":[28,79,86,108,111,129],"throughout":[29],"system.":[31,99],"Policies":[32],"governing":[33],"decisions":[36],"in":[37],"today's":[38],"systems":[39],"are":[40,65],"complex":[41],"and":[42,73,87,130,167],"monolithic.":[43],"Achieving":[44],"strong":[45],"security":[46,96,128,166],"guarantees":[47],"often":[48],"means":[49],"restricting":[50],"usability":[51],"across":[52],"entire":[54],"system,":[55],"which":[56],"is":[57],"primary":[59],"reason":[60],"why":[61],"controls":[64,159],"rarely":[66],"deployed.":[67],"Our":[68,118],"architecture":[69],"uses":[70],"hypervisor":[72,162],"multiple":[74,81],"machines":[76],"decompose":[78],"into":[80,109],"layers.":[82],"This":[83],"simplifies":[84],"their":[88],"enforcement,":[89],"while":[90],"minimizing":[91],"overall":[93],"impact":[94],"on":[97],"We":[100,143],"that":[102,122,145],"overhead":[104],"decomposing":[106],"system":[107],"distinct":[110],"for":[112,163],"each":[113],"negligible.":[117],"initial":[119],"implementation":[120],"confirms":[121],"such":[123],"layering":[124],"leads":[125],"simpler":[127],"enforcement":[131],"mechanisms":[132],"as":[133,135],"well":[134],"more":[137],"robust":[138],"layered":[139],"trusted":[140],"computing":[141],"base.":[142],"hope":[144],"work":[147],"serves":[148],"start":[150],"dialog":[152],"regarding":[153],"use":[155],"within":[160],"both":[164],"increasing":[165],"improving":[168],"manageability.":[169]},"counts_by_year":[{"year":2020,"cited_by_count":1},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":2},{"year":2016,"cited_by_count":2},{"year":2015,"cited_by_count":4},{"year":2014,"cited_by_count":3},{"year":2013,"cited_by_count":3},{"year":2012,"cited_by_count":5}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}