Abstract
Cloud computing has changed the way of IT services; virtualization technology is the foundation of it, which directly affects the security and reliability of the cloud computing platform. From the point of virtualization technology security, we study to integrate mandatory access control mechanism into virtual machines deployment to control resources available for virtual machines, design and implement a lightweight MAC-based strong isolation and migration approach between virtual machines. Experiments show that our method is effective in isolation and migration, and with less performance overload.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Amazon Web Services. http://aws.amazon.com/cn/
Microsoft Azure. http://azure.microsoft.com/zh-cn/
Google Cloud. https://developers.google.com/cloud/
Grobauer, B., Walloschek, T., Stocker, E.: Understanding cloud computing vulnerabilities. IEEE Secur. Priv. 9, 50–57 (2011)
SMACK Project. http://schaufler-ca.com/
Xen project. http://www.xenproject.org/
https://www.vmware.com/cn/products/vsphere/features/esxi-hypervisor.html
KVM project. http://www.linux-kvm.org/
Vitrualbox project. https://www.virtualbox.org/
Elhage, N.: Virtunoid: Breaking out of KVM, Black Hat USA (2011)
Azab, A.M., Ning, P., Wang, Z., Jiang, X., Zhang, X., Skalsky, N.C.: HyperSentry: enabling stealthy in-context measurement of hypervisor integrity. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 38–49 (2010)
Wang, Z., Jiang, X.: HyperSafe: a lightweight approach to provide lifetime hypervisor control-flow integrity. In: Proceedings of the 2010 IEEE Symposium on Security and Privacy, pp. 380–395 (2010)
Zhang, F., Chen, J., Chen, H., Zang, B.: Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In: Proceedings of the 23th ACM Symposium on Operating Systems Principles, pp. 203–216 (2011)
Steinberg, U., Kauer, B.: NOVA: a microhypervisor-based secure virtualization architecture. In: Proceedings of the 5th European Conference on Computer Systems, pp. 209–222 (2010)
Keller, E., Szefer, J., Rexford, J., Lee, R.B.: NoHype: virtualized cloud infrastructure without the virtualization. ACM SIGARCH Comput. Archit. News 38, 350–361 (2010)
Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R., Berger, S., Griffin, J.L., van Doorn, L.: Building a MAC-based security architecture for the Xen open-source hypervisor. In: Proceedings of the 21st Annual Computer Security Applications Conference, pp. 276–285 (2005)
sVirt project. http://selinuxproject.org/page/SVirt/
Morris, J., Smalley, S., Kroah-Hartman, G.: Linux security modules: general security support for the linux kernel. In: USENIX Security Symposium (2002)
libvirt project. http://libvirt.org/
https://tools.ietf.org/id/draft-ietf-cipso-ipsecurity-01.txt
SELinuxproject. http://selinuxproject.org/page/Main_Page
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Liang, H., Han, C., Zhang, D., Wu, D. (2015). A Lightweight Security Isolation Approach for Virtual Machines Deployment. In: Lin, D., Yung, M., Zhou, J. (eds) Information Security and Cryptology. Inscrypt 2014. Lecture Notes in Computer Science(), vol 8957. Springer, Cham. https://doi.org/10.1007/978-3-319-16745-9_28
Download citation
DOI: https://doi.org/10.1007/978-3-319-16745-9_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-16744-2
Online ISBN: 978-3-319-16745-9
eBook Packages: Computer ScienceComputer Science (R0)