Abstract
Currently virtualisation technology is being deployed widely and there is an increasing interest on virtualisation based security techniques. There is a need for securing the life cycle of the virtual machine based systems. In this paper, we propose an integrated security architecture that combines access control, intrusion detection and trust management. We demonstrate how this integrated security architecture can be used to secure the life cycle of virtual machines including dynamic hosting and allocation of resources as well as migration of virtual machines across different physical servers. We discuss the implementation aspects of the proposed architecture and show how the architecture can counteract attack scenarios involving malicious users exploiting vulnerabilities to achieve privilege escalation and then using the compromised machines to generate further attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ferraiolo, D., Kuhn, R.: Role-based access control. In: Proceedings of the 15th NIST- NCSC National Computer Security Conference, pp. 554–563 (1992)
Jajodia, S., Samarati, P., Subrahmanian, V.S.: A logical language for expressing authorizations. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy. IEEE Computer Society, Washington, DC (1997)
DeTreville, J.: Binder: A logic-based security language. In: SP 2002: Proceedings of the 2002 IEEE Symposium on Security and Privacy, p. 105. IEEE Computer Society, Washington, DC (2002)
Li, N., Mitchell, J.C.: Rt: A role-based trust-management framework. In: Proceedings of the Third DARPA Information Survivability Conference and Exposition, pp. 201–212. IEEE Computer Society (2003)
Herzberg, A., Mass, Y., Michaeli, J., Ravid, Y., Naor, D.: Access control meets public key infrastructure, or: Assigning roles to strangers. In: SP 2000: Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, Washington, DC (2000)
The Open Source Network Intrusion Detection System: Snort, http://www.snort.org/docs/iss-placement.pdf
Smith, J.E., Nair, R.: The Architecture of Virtual Machines. IEEE Internet Computing (May 2005)
Brewer, D.F.C., Nash, M.J.: The Chinese Wall security policy. In: Proc. of IEEE Sympoisum on Security and Privacy, pp. 206–214 (1989)
Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R., Berger, S., Griffin, J.L., van Doorn, L.: Building a MAC-based security architecture for the Xen open-source hypervisor. In: Proceedings of the 21st IEEE Annual Computer Security Applications Conference, Washington, DC, USA (2005)
Bell, D.E., La Padula, L.J.: Secure Computer Systems: Unified Exposition and Multics Interpretation. ESD-TR-75-306, MTR 2997 Rev. 1, The MITRE Corporation (March 1976)
Dunlap, G.W., King, S.T., Cinar, S., Basrai, M.A., Chen, P.M.: ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay. In: Proceedings of OSDI (2002)
Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings of NDSS (February 2003)
Jones, S.T., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H.: VMM-based hidden process detection and identification using Lycosid. In: Proc. of ACM VEE (March 2008)
Trusted Computing Group, TCG Specification, Architecture Overview, Specification Revision 1.2 (April 2004), http://www.trustedcomputinggroup.org
Newsome, J., Song, D.: Dynamic taint analysis: Automatic detection and generation of software exploit attacks. In: Proceedings of NDSS (February 2005)
Litchfield, D.: Threat Profiling Microsoft SQL Server, http://www.cgisecurity.com/lib/tp-SQL2000.pdf (last viewed: July 31, 2013)
Seungwon, S., Guofei, G.: Conficker and Beyond: A Large-Scale Empirical Study. In: Proceedings of the 26th Annual Computer Security Applications Conference, Austin, Texas, USA, December 6-10, pp. 151–160. ACM Press, New York (2010)
Stone-Gross, B., Cova, M., Gilbert, B., Kemmerer, R., Kruegel, C., Vigna, G.: Analysis of a Botnet Takeover. In: Proc. of IEEE Symposium on Security & Privacy, vol. 9(1), pp. 64–72 (2011)
Avira Antivirus Software for home and business, http://www.avira.com
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Varadharajan, V., Tupakula, U. (2013). Integrated Security Architecture for Virtual Machines. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds) Security and Privacy in Communication Networks. SecureComm 2013. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 127. Springer, Cham. https://doi.org/10.1007/978-3-319-04283-1_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-04283-1_9
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-04282-4
Online ISBN: 978-3-319-04283-1
eBook Packages: Computer ScienceComputer Science (R0)