Skip to main content
SpringerLink
Log in

Integrated Security Architecture for Virtual Machines

  • Conference paper
Security and Privacy in Communication Networks (SecureComm 2013)

  • 1971 Accesses

Abstract

Currently virtualisation technology is being deployed widely and there is an increasing interest on virtualisation based security techniques. There is a need for securing the life cycle of the virtual machine based systems. In this paper, we propose an integrated security architecture that combines access control, intrusion detection and trust management. We demonstrate how this integrated security architecture can be used to secure the life cycle of virtual machines including dynamic hosting and allocation of resources as well as migration of virtual machines across different physical servers. We discuss the implementation aspects of the proposed architecture and show how the architecture can counteract attack scenarios involving malicious users exploiting vulnerabilities to achieve privilege escalation and then using the compromised machines to generate further attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ferraiolo, D., Kuhn, R.: Role-based access control. In: Proceedings of the 15th NIST- NCSC National Computer Security Conference, pp. 554–563 (1992)

    Google Scholar 

  2. Jajodia, S., Samarati, P., Subrahmanian, V.S.: A logical language for expressing authorizations. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy. IEEE Computer Society, Washington, DC (1997)

    Google Scholar 

  3. DeTreville, J.: Binder: A logic-based security language. In: SP 2002: Proceedings of the 2002 IEEE Symposium on Security and Privacy, p. 105. IEEE Computer Society, Washington, DC (2002)

    Google Scholar 

  4. Li, N., Mitchell, J.C.: Rt: A role-based trust-management framework. In: Proceedings of the Third DARPA Information Survivability Conference and Exposition, pp. 201–212. IEEE Computer Society (2003)

    Google Scholar 

  5. Herzberg, A., Mass, Y., Michaeli, J., Ravid, Y., Naor, D.: Access control meets public key infrastructure, or: Assigning roles to strangers. In: SP 2000: Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, Washington, DC (2000)

    Google Scholar 

  6. The Open Source Network Intrusion Detection System: Snort, http://www.snort.org/docs/iss-placement.pdf

  7. Smith, J.E., Nair, R.: The Architecture of Virtual Machines. IEEE Internet Computing (May 2005)

    Google Scholar 

  8. Brewer, D.F.C., Nash, M.J.: The Chinese Wall security policy. In: Proc. of IEEE Sympoisum on Security and Privacy, pp. 206–214 (1989)

    Google Scholar 

  9. Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R., Berger, S., Griffin, J.L., van Doorn, L.: Building a MAC-based security architecture for the Xen open-source hypervisor. In: Proceedings of the 21st IEEE Annual Computer Security Applications Conference, Washington, DC, USA (2005)

    Google Scholar 

  10. Bell, D.E., La Padula, L.J.: Secure Computer Systems: Unified Exposition and Multics Interpretation. ESD-TR-75-306, MTR 2997 Rev. 1, The MITRE Corporation (March 1976)

    Google Scholar 

  11. Dunlap, G.W., King, S.T., Cinar, S., Basrai, M.A., Chen, P.M.: ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay. In: Proceedings of OSDI (2002)

    Google Scholar 

  12. Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings of NDSS (February 2003)

    Google Scholar 

  13. Jones, S.T., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H.: VMM-based hidden process detection and identification using Lycosid. In: Proc. of ACM VEE (March 2008)

    Google Scholar 

  14. Trusted Computing Group, TCG Specification, Architecture Overview, Specification Revision 1.2 (April 2004), http://www.trustedcomputinggroup.org

  15. Newsome, J., Song, D.: Dynamic taint analysis: Automatic detection and generation of software exploit attacks. In: Proceedings of NDSS (February 2005)

    Google Scholar 

  16. Litchfield, D.: Threat Profiling Microsoft SQL Server, http://www.cgisecurity.com/lib/tp-SQL2000.pdf (last viewed: July 31, 2013)

  17. Seungwon, S., Guofei, G.: Conficker and Beyond: A Large-Scale Empirical Study. In: Proceedings of the 26th Annual Computer Security Applications Conference, Austin, Texas, USA, December 6-10, pp. 151–160. ACM Press, New York (2010)

    Google Scholar 

  18. Stone-Gross, B., Cova, M., Gilbert, B., Kemmerer, R., Kruegel, C., Vigna, G.: Analysis of a Botnet Takeover. In: Proc. of IEEE Symposium on Security & Privacy, vol. 9(1), pp. 64–72 (2011)

    Google Scholar 

  19. LOIC, http://sourceforge.net/projects/loic/

  20. Avira Antivirus Software for home and business, http://www.avira.com

Download references

Author information

Authors and Affiliations

  1. Information and Networked Systems Security Research, Faculty of Science, Macquarie University, Sydney, Australia

    Vijay Varadharajan & Udaya Tupakula

Authors
  1. Vijay Varadharajan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Udaya Tupakula
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computing and Mathematics, Charles Sturt University, Wagga Wagga, NSW, Australia

    Tanveer Zia

  2. School of Information Technologies, University of Sydney, Darlington, NSW, Australia

    Albert Zomaya

  3. Department of Computing, Macquarie University, Australia, Australia

    Vijay Varadharajan

  4. Department of EECS, University of Michigan, Ann Arbor, MI, USA

    Morley Mao

Rights and permissions

Reprints and permissions

Copyright information

© 2013 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Varadharajan, V., Tupakula, U. (2013). Integrated Security Architecture for Virtual Machines. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds) Security and Privacy in Communication Networks. SecureComm 2013. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 127. Springer, Cham. https://doi.org/10.1007/978-3-319-04283-1_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-04283-1_9

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-04282-4

  • Online ISBN: 978-3-319-04283-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation