Skip to main content

Advertisement

Log in

Building Automated Trust Negotiation architecture in virtual computing environment

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Automated Trust Negotiation (ATN) is an important method to establish trust relationship between two strangers by exchanging their access control policies and credentials. Unfortunately, ATN is not widely adopted because of the complexity and multiformity of negotiation policies, especially in virtual computing environment, where the situation becomes worse than in traditional computing environment, due to the fact that a host with multiple virtual machines needs to be deployed with multiple negotiation policies. Moreover, all of these policies for each virtual machine must be upgraded and checked. To ease the burden on the administrator when deploying ATN access control policies and credentials in virtual computing environment, we propose an automated trusted negotiation architecture called virtual automated trust negotiation (VATN) to centralize ATN policies and credentials for multiple virtual machines in a physical node into a privileged virtual machine. VATN puts policy compliance checker and credential verification control in each virtual machine to improve the execution efficiency of trust negotiation. We implement VATN in Xen virtualization platform. Finally, we discuss the correctness of policy consistency checking and make performance analysis of VATN implemented in Xen.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Garfinkel T, Pfaff B, Chow J, Rosenblum M, Boneh D (2003) Terra: a virtual machine-based platform for trusted computing. In: Proceedings of the 19th symposium on operating system principles, 2003, pp 193–206

  2. Garfinkel T, Rosenblum M (2003) A virtual machine introspection based architecture for intrusion detection. In: Proceedings of the 10th annual network and distributed system security symposium, 2003

  3. Nguyen AQ, Ruo A, Yoshiyasu T (2006) Centralized security policy support for virtual machine. In: Proceedings of the 20th large installation system administration conference, 2006, pp 79–87

  4. Clark B, Deshane T, Dow E, Evanchik S, Finlayson M, Herne J, Matthews JN (2004) Xen and the art of repeated research. In: Proceedings of the USENIX annual technical conference, 2004, pp 135–144

  5. Intel® (2009) Virtualization Technology (Intel® VT). http://www.intel.com/technology/virtualization/

  6. AMD Virtualization™ (2000) (AMD-V™) technology. http://www.amd.com/us/products/technologies/virtualization/Pages/amd-v.aspx

  7. William HW, Kent ES, Vicki EJ (2000) Automated trust negotiation. In: Proceedings of DARPA information survivability conference and exposition, vol 1, 2000, pp 88–102

  8. Winsborough WH, Li N (2002) Towards practical automated trust negotiation. In: Proceedings of the 3rd international workshop on policies for distributed systems and networks, 2002, pp 92–103

  9. Bertino E, Ferrari E, Squicciarini A (2004) Trust negotiations: concepts, systems, and languages. Comput Sci Eng 06(4):27–34

    Article  Google Scholar 

  10. Liao Z, Jin H, Zou D (2007) A logic predicate based automated trust negotiation model. In: Proceedings of the 2nd international conference on communications and networking in China, 2007, pp 418–422

  11. Liu Z, Xiu D (2005) Agent-based automated trust negotiation for pervasive computing. In: Proceedings of the 2nd international conference on embedded software and systems, 2005, p 8

  12. Xen® hypervisor. http://www.xen.org/, (2009)

  13. Vedvyas S, Ravi S, Uday S (2007) Virtualization enabled integrity services (VIS). In: Intel software and solutions group

  14. Blaze M (1999) The keynote trust-management system. RFC 2704

  15. Seamons KE, Chan T, Child E, Halcrow M, Hess A, Holt J, Jacobson J, Jarvis R, Patty A, Smith B, Sundelin T, Yu L (2003) TrustBuilder: negotiating trust in dynamic coalitions. In: Proceedings of DARPA information survivability conference and exposition, 2003, vol 2(2), pp 49–51

  16. Winslett M, Yu T, Seamons KE, Hess A, Jacobson J, Jarvis R, Smith B, Yu L (2002) Negotiating trust on the Web. IEEE Internet Comput 6(6):30–37

    Article  Google Scholar 

  17. Zou D, Liao Z (2008) A new approach for hiding policy and checking policy consistency. In: Proceedings of the 2nd information security and assurance international conference, 2008, pp 237–242

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Hai Jin.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Zou, D., Du, S., Zheng, W. et al. Building Automated Trust Negotiation architecture in virtual computing environment. J Supercomput 55, 69–85 (2011). https://doi.org/10.1007/s11227-009-0358-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-009-0358-6

Navigation