Abstract
Automated Trust Negotiation (ATN) is an important method to establish trust relationship between two strangers by exchanging their access control policies and credentials. Unfortunately, ATN is not widely adopted because of the complexity and multiformity of negotiation policies, especially in virtual computing environment, where the situation becomes worse than in traditional computing environment, due to the fact that a host with multiple virtual machines needs to be deployed with multiple negotiation policies. Moreover, all of these policies for each virtual machine must be upgraded and checked. To ease the burden on the administrator when deploying ATN access control policies and credentials in virtual computing environment, we propose an automated trusted negotiation architecture called virtual automated trust negotiation (VATN) to centralize ATN policies and credentials for multiple virtual machines in a physical node into a privileged virtual machine. VATN puts policy compliance checker and credential verification control in each virtual machine to improve the execution efficiency of trust negotiation. We implement VATN in Xen virtualization platform. Finally, we discuss the correctness of policy consistency checking and make performance analysis of VATN implemented in Xen.
Similar content being viewed by others
References
Garfinkel T, Pfaff B, Chow J, Rosenblum M, Boneh D (2003) Terra: a virtual machine-based platform for trusted computing. In: Proceedings of the 19th symposium on operating system principles, 2003, pp 193–206
Garfinkel T, Rosenblum M (2003) A virtual machine introspection based architecture for intrusion detection. In: Proceedings of the 10th annual network and distributed system security symposium, 2003
Nguyen AQ, Ruo A, Yoshiyasu T (2006) Centralized security policy support for virtual machine. In: Proceedings of the 20th large installation system administration conference, 2006, pp 79–87
Clark B, Deshane T, Dow E, Evanchik S, Finlayson M, Herne J, Matthews JN (2004) Xen and the art of repeated research. In: Proceedings of the USENIX annual technical conference, 2004, pp 135–144
Intel® (2009) Virtualization Technology (Intel® VT). http://www.intel.com/technology/virtualization/
AMD Virtualization™ (2000) (AMD-V™) technology. http://www.amd.com/us/products/technologies/virtualization/Pages/amd-v.aspx
William HW, Kent ES, Vicki EJ (2000) Automated trust negotiation. In: Proceedings of DARPA information survivability conference and exposition, vol 1, 2000, pp 88–102
Winsborough WH, Li N (2002) Towards practical automated trust negotiation. In: Proceedings of the 3rd international workshop on policies for distributed systems and networks, 2002, pp 92–103
Bertino E, Ferrari E, Squicciarini A (2004) Trust negotiations: concepts, systems, and languages. Comput Sci Eng 06(4):27–34
Liao Z, Jin H, Zou D (2007) A logic predicate based automated trust negotiation model. In: Proceedings of the 2nd international conference on communications and networking in China, 2007, pp 418–422
Liu Z, Xiu D (2005) Agent-based automated trust negotiation for pervasive computing. In: Proceedings of the 2nd international conference on embedded software and systems, 2005, p 8
Xen® hypervisor. http://www.xen.org/, (2009)
Vedvyas S, Ravi S, Uday S (2007) Virtualization enabled integrity services (VIS). In: Intel software and solutions group
Blaze M (1999) The keynote trust-management system. RFC 2704
Seamons KE, Chan T, Child E, Halcrow M, Hess A, Holt J, Jacobson J, Jarvis R, Patty A, Smith B, Sundelin T, Yu L (2003) TrustBuilder: negotiating trust in dynamic coalitions. In: Proceedings of DARPA information survivability conference and exposition, 2003, vol 2(2), pp 49–51
Winslett M, Yu T, Seamons KE, Hess A, Jacobson J, Jarvis R, Smith B, Yu L (2002) Negotiating trust on the Web. IEEE Internet Comput 6(6):30–37
Zou D, Liao Z (2008) A new approach for hiding policy and checking policy consistency. In: Proceedings of the 2nd information security and assurance international conference, 2008, pp 237–242
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Zou, D., Du, S., Zheng, W. et al. Building Automated Trust Negotiation architecture in virtual computing environment. J Supercomput 55, 69–85 (2011). https://doi.org/10.1007/s11227-009-0358-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-009-0358-6