Remember Me
Or use your Academic/Social account:


Or use your Academic/Social account:


You have just completed your registration at OpenAire.

Before you can login to the site, you will need to activate your account. An e-mail will be sent to you with the proper instructions.


Please note that this site is currently undergoing Beta testing.
Any new content you create is not guaranteed to be present to the final version of the site upon release.

Thank you for your patience,
OpenAire Dev Team.

Close This Message


Verify Password:
Verify E-mail:
*All Fields Are Required.
Please Verify You Are Human:
fbtwitterlinkedinvimeoflicker grey 14rssslideshare1
Mihindu, Sas; UK's Unix & Open Systems User Group
Publisher: UKUUG
Languages: English
Types: Unknown
Subjects: other, T058.5
This paper provides technique for realising integrity and isolation in virtual systems. This is achieved by supporting a logical cages model, in particular for virtualised datacentres, based on a concept called Trusted Virtual Domains or TVDs. Based on previous work, paper describes a security management framework that helps to realise the abstraction of TVDs by guaranteeing reliable isolation and flow control between domain boundaries. The proposed framework employs networking and storage virtualisation technologies as well as Trusted Computing for policy verification. The main contributions are (1) combining these technologies to realise TVDs and (2) orchestrating them through a management framework that automatically enforces isolation among different zones. In particular, this solution aims at automating the verification, instantiation and deployment of the appropriate security mechanisms and virtualisation technologies based on an input security model, which specifies the required level of isolation and permitted information flows.
  • The results below are discovered through our pilot algorithms. Let us know how we are doing!

    • [1] M. J. Anderson,M. Moffie, and C. I. Dalton. Towards trustworthy virtualization environments: Xen library os security service infrastructure. Research report, HP Labs, Bristol, UK, 2007.
    • [2] F. Armknecht, Y. Gasmi, A.-R. Sadeghi, P. Stewin, M. Unger, G. Ramunno, and D. Vernizzi. An efficient implementation of Trusted Channels based on Openssl. In STC '08: Proceedings of the 3rd ACMworkshop on Scalable Trusted Computing, pages 41-50, New York, NY, USA, 2008. ACM Press.
    • [3] S. Berger, R. Cáceres, K. Goldman, R. Perez, R. Sailer, and L. van Doorn. vTPM: Virtualizing the Trusted Platform Module. In Proc. 15th USENIX Security Symposium, pages 21-21, Aug. 2006.
    • [4] S. Berger, R. Cáceres, D. Pendarakis, R. Sailer, E. Valdez, R. Perez, W. Schildhauer, and D. Srinivasan. TVDc: managing security in the trusted virtual datacenter. SIGOPS Operating Systems Review, 42(1):40-47, 2008.
    • [5] A. Bussani, J. L. Griffin, B. Jansen, K. Julisch, G. Karjoth, H. Maruyama, M. Nakamura, R. Perez, M. Schunter, A. Tanner, L. van Doorn, E. V. Herreweghen, M. Waidner, and S. Yoshihama. Trusted Virtual Domains: Secure foundation for business and IT services. Research Report RC 23792, IBM Research, Nov. 2005.
    • [6] S. Cabuk, C. Dalton, H. V. Ramasamy, and M. Schunter. Towards automated provisioning of secure virtualized networks. In Proc. 14th ACM Conference on Computer and Communications Security (CCS-2007), pages 235- 245, Oct. 2007.
    • [7] S. Cabuk, et al (2010) Towards automated security policy enforcement (Eds) Jan Camenisch, Javier Lopez, Fabio Massacci, Massimo Ciscato and Thomas Skordas, JCS special issue on EU-funded ICT research on Trust and Security, Journal of Computer Security 18 (2010) 89-121
    • [8] C. Clark, K. Fraser, S. Hand, J. G. Hansen, E. Jul, C. Limpach, I. Pratt, and A. Warfield. Live Migration of Virtual Machines. In Proc. 2nd Symposium on Networked Systems Design and Implementation (NSDI-2005), pages 273-286, May 2005.
    • [9] N. Dunlop, J. Indulska, and K. A. Raymond. A formal specification of conflicts in dynamic policy-based management systems. DSTC Technical Report, CRC for Enterprise Distributed Systems, University of Queensland, Australia, Aug. 2001.
    • [10] P. England, B. Lampson, J. Manferdelli, and B. Willman. A trusted open platform. Computer, 36(7):55-62, 2003.
    • [11] European Multilaterally Secure Computing Base (EMSCB) Project. Towards Trustworthy Systems with Open Standards and Trusted Computing, 2008. http://www.emscb.de.
    • [12] T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: a virtual machine-based platform for trusted computing. In ACM Symposium on Operating Systems Principles (ASOSP), pages 193-206. ACM Press, 2003.
    • [13] J. Griffin, T. Jaeger, R. Perez, R. Sailer, L. V. Doorn, and R. Caceres. Trusted Virtual Domains: Toward secure distributed services. In Proc. 1st Workshop on Hot Topics in System Dependability (Hotdep-2005), Yokohama, Japan, June 2005. IEEE Press.
    • [14] V. Haldar, D. Chandra, and M. Franz. Semantic Remote Attestation - virtual machine directed approach to Trusted Computing. In USENIX Virtual Machine Research and Technology Symposium, pages 29-41, 2004. also Technical Report No. 03-20, School of Information and Computer Science, University of California, Irvine.
    • [15] Y. Katsuno, M. Kudo, Y. Watanabe, S. Yoshihama, R. Perez, R. Sailer, and L. van Doorn. Towards MultiLayer Trusted Virtual Domains. In The Second Workshop on Advances in Trusted Computing (WATC '06 Fall), Tokyo, Japan,
    • [16] D. Kuhlmann, R. Landfermann, H. Ramasamy, M. Schunter, G. Ramunno, and D. Vernizzi. An Open Trusted Computing Architecture - Secure virtual machines enabling user-defined policy enforcement, 2006. http://www.opentc.net/images/otc_architecture_ high_level_overview.pdf.
    • [17] U. Kühn, M. Selhorst, and C. Stüble. Realizing property-based attestation and sealing with commonly available hard- and software. In STC '07: Proceedings of the 2007 ACM workshop on Scalable trusted computing, pages 50-57, New York, NY, USA, 2007. ACM.
    • [18] Open Trusted Computing (OpenTC) Project. The OpenTC Project Homepage, 2008. http://www.opentc.net/.
    • [19] OpenSSL Project. The OpenSSL Project Homepage, 2007. http://www.openssl.org/.
    • [20] OpenTCWorkpackage 05. Design of the cross-domain security services. Deliverable D05.4, The OpenTC Project www.opentc.net, 05/26/2008.
    • [21] A.-R. Sadeghi and C. Stüble. Property-based Attestation for Computing Platforms: Caring about Properties, not Mechanisms. In Proc. 2004 Workshop on New Security Paradigms (NSPW-2004), pages 67-77, New York, NY, USA, 2005. ACM Press.
    • [22] Trusted Computing Group (TCG). www.trustedcomputinggroup.org.
    • [23] Trusted Computing Group (TCG). TCG TPM specification version 1.2 revision 103. https://www.trustedcomputinggroup.org/specs/ TPM/, July 2007. See also [122] and http://www.trustedcomputing.org/.
    • [24] A.Westerinen (2001) Terminology for policy-based management. RFC 3198, November 2001.
  • No related research data.
  • No similar publications.

Share - Bookmark

Cite this article