Hypervisor-assisted usage control

Computer systems play an increasingly prominent role in our daily lives. Interacting with these systems in general and especially with services in the internet often involves the disclosing of data, like credit card information, social security numbers and tax information. Although immense work was done in the security area, many security problems are still unresolved. Usage control is an extension of access control that not only addresses who may access which data, but also what may or may not happen with the data afterwards. With the concept of monitors at di erent layers of abstraction observing events in the consumer's system and enforcing policies related to the future usage of the data, this issue can be handled. This work describes a necessary communication infrastructure for connection independently operating usage control monitors. Providing a bus system apart the consumer's operating system using virtualization technologies, an efficient and secure solution for the message exchange is designed and implemented. For the contribution required concepts and techniques are presented followed by a comparison of several existing virtualization environments with respect to their extendibility for the required communication framework. Thereafter the design and implementation of the software is discussed. Additionally a flexible communication protocol is specified allowing easy extensions for future demands. Finally the contributed solution is evaluated with respect to performance and security aspects.