A Multi-layer Virtual Network Isolation Detection Method for Cloud Platform

  • Bo Zhao
  • Rui GuoEmail author
  • Peiru Fan
  • Zhijun Wu
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 960)


In the trusted testing of cloud platforms, isolation testing of virtual networks is one of the important tasks. The traditional isolation detection method only extracts network configuration information from the database and reconstructs the network structure. However, these data do not necessarily reflect the current status of the virtual network and may affect the test results. To solve the above problems, this paper proposes a multi-layer virtual network isolation detection method based on trusted third party for distributed cloud platform environment. Firstly, The basic idea of the method is to extract the correct test input data from the database and each agent node, and then compare these data with the reference value, and then conduct a multi-layer evaluation of the isolation of the virtual network based on the comparison result. Then, a formal method is used to verify the effectiveness of the proposed scheme in detecting network isolation under both the policy updating and post-update scenarios. Finally, build a simulation experiment environment based on CloudSim4.0 to evaluate the performance of the multi-layer detection method, including the comparison with the traditional detection methods, and test the performance overhead of the test method on the test-end system. The experimental results show that the multi-layer detection method has less impact on the test-end system’s performance, and as the test scale increases, the gap with the traditional program’s overhead will gradually decrease.


Cloud computing Distributed system Network isolation Trusted test Trusted third party 



This work was supported in part by the National Key Basic Research Program of China (973 Program) under Grant 2014CB340600 and in part by the Wuhan FRONTIER Program of Application Foundation under Grant 2018010401011295.


  1. 1.
    Riddle, A.R., Chung, S.M.: A survey on the security of hypervisors in cloud computing. In: IEEE International Conference on Distributed Computing Systems Workshops, pp. 100–104. IEEE (2015)Google Scholar
  2. 2.
    Shahzad, F.: State-of-the-art survey on cloud computing security challenges, approaches and solutions. Procedia Comput. Sci. 37, 357–362 (2014)CrossRefGoogle Scholar
  3. 3.
    Saravanakumar, C., Arun, C.: Survey on interoperability, security, trust, privacy standardization of cloud computing. In: International Conference on Contemporary Computing and Informatics, pp. 977–982. IEEE (2015)Google Scholar
  4. 4.
    Common Criteria Project Sponsoring Organisations: Common Criteria for Information Technology Security Evaluation. ISO/IEC International Standard (IS) Version 2.1 1–3 (15408)Google Scholar
  5. 5.
    Trusted Computing Group (TCG), TCPA Main Specification, Version 1.1Google Scholar
  6. 6.
    IEEE Computer Society Technical Committee on Dependable Computing and Fault Tolerance.
  7. 7.
    Zech, P.: Risk-based security testing in cloud computing environments. In: IEEE International Conference on Software Testing, pp. 411–414. IEEE Computer Society (2011)Google Scholar
  8. 8.
    Khan, I., Rehman, H., Anwar, Z.: Design and deployment of a trusted eucalyptus cloud. In: 2011 IEEE International Conference on Cloud Computing (CLOUD), Washington, DC, USA, pp. 380–387, 4–9 July 2011Google Scholar
  9. 9.
    Pham, C., Chen, D., Kalbarczyk, Z., et al.: CloudVal: a framework for validation of virtualization environment in cloudGoogle Scholar
  10. 10.
    Zhao, Y., Cheng, S.Y., Jiang, F.: Testing system for cloud computing IaaS isolation properties. Comput. Syst. Appl. 26(1), 44–49 (2017)Google Scholar
  11. 11.
    Bleikertz, S., Vogel, C.: Cloud radar: near real-time detection of security failures in dynamic virtualized infrastructures. In: Computer Security Applications Conference, pp. 26–35. ACM (2014)Google Scholar
  12. 12.
    Whaiduzzaman, M., Gani, A.: Measuring security for cloud service provider: a third party approach. In: International Conference on Electrical Information and Communication Technology, pp. 1–6. IEEE (2014)Google Scholar
  13. 13.
    Majumdar, S., et al.: Proactive verification of security compliance for clouds through pre-computation: application to OpenStack. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016, Part I. LNCS, vol. 9878, pp. 47–66. Springer, Cham (2016). Scholar
  14. 14.
    Lopes, N.P., Godefroid, P., Jayaraman, K., et al.: Checking beliefs in dynamic networks. In: USENIX Conference on Networked Systems Design and Implementation, pp. 499–512. USENIX Association (2015)Google Scholar
  15. 15.
    Probst, T., Alata, E., Kaâniche, M., Nicomette, V.: An approach for the automated analysis of network access controls in cloud computing infrastructures. In: Au, M.H., Carminati, B., Kuo, C.-C.J. (eds.) NSS 2014. LNCS, vol. 8792, pp. 1–14. Springer, Cham (2014). Scholar
  16. 16.
    Majumdar, S., Wang, Y., Madi, T., et al.: TenantGuard: scalable runtime verification of cloud-wide VM-level network isolation. In: The Network and Distributed System Security Symposium (2017)Google Scholar
  17. 17.
    OpenStack: Nova network security group changes are not applied to running instances (2015). Accessed May 2016
  18. 18.
    OpenStack: Routers can be cross plugged by other tenants (2014). Accessed May 2016

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and EngineeringWuhan UniversityWuhanChina
  2. 2.Staff Room of Information Operation, Rocket Force Command CollegeWuhanChina

Personalised recommendations