Abstract
With the growing population of networked devices, the potential risk of leaking sensitive data has been seriously increased. This paper proposes a novel approach named TransPro based on virtualization technology, which can provide mandatory protected transmission between different network hosts. Through TransPro, all output sensitive data is encrypted before sent to network, and all input network data is decrypted before handled by the sensitive application. TransPro works in the host OS and VMM, and it does not need to manually modify application code. We have evaluated TransPro using security analysis and attack tests. The results show that TransPro can offer a safe information transmission with a little overhead.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
It also can be allocated by the existing certification network. To simplify the implementation, the certification is manually allocated with self protocol, and TransPro can work in the LAN network for this design.
References
Zhou, M., Zhang, R., Xie, W., Qian, W., Zhou, A.: Security and privacy in cloud computing: a survey. In: 2010 Sixth International Conference on Semantics Knowledge and Grid, pp. 105–112 (2010)
Pang, D.Q., Zhang, A., Xie, C.: Realization proposal and security model of operating system based on credible computation. J. Liuzhou Vocat. Tech. Coll. 11(4), 51–54 (2011)
Chen, H., Mao, Y., Wang, X., Zhou, D., Zeldovich, N., Kaashoek, M.F.: Linux kernel vulnerabilities: state-of-the-art defenses and open problems. Second Asia-Pac. Workshop Syst. 5, 1–5 (2011)
Barrantes, G., Ackley, D.H., Palmer, T.S., Zovi, D.D., Forrest, S., Stefanovi, D.: Randomized instruction set emulation to disrupt binary code injection attacks. ACM Trans. Inf. Syst. Secur. 8(1), 3–40 (2005)
Sandhu, R.S., Edward, J.C., Hal, L.F., Charles, E.Y.: Role-based access control models. IEEE Comput. 2, 38–47 (1996)
Kyle, D., Brustoloni, J.C.: UCLinux: a linux security module for trusted-computing-based usage controls enforcement. In: ACM Workshop on Scalable Trusted Computing, pp. 63–70 (2007)
Yongjun, R., Jian, S., Jin, W., Jin, H., Sungyoung, L.: Mutual verifiable provable data auditing in public cloud storage. J. Internet Technol. 16(2), 317–323 (2015)
Jian, S., Sangman, M., Ilyong, C.: Enhanced secure sensor association and key management in wireless body area networks. J. Commun. Netw. 17(5), 453–462 (2015)
Ma, T., Zhou, J., Tang, M., Tian, Y., Al-Dhelaan, A., Al-Rodhaan, M., Lee, S.: Social network and tag sources based augmenting collaborative recommender system. IEICE Trans. Inf. Syst. E98–D(4), 902–910 (2015)
Fu, Z., Sun, X., Liu, Q., Zhou, L., Shu, J.: Achieving efficient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Trans. Commun. E98–B(1), 190–200 (2015)
Embleton, S., Sparks, S., Zou, C.C.: SMM rootkit: a new breed of OS independent malware. Secur. Commun. Netw. 6(12), 1590–1605 (2013)
Mann, C., Starostin, A.: A framework for static detection of privacy leaks in android applications. In: The 27th Annual ACM Symposium on Applied Computing, pp. 1457–1462 (2012)
Seifert, J., De Luca, A., Conradi, B., Hussmann, H.: TreasurePhone: context-sensitive user data protection on mobile phones. In: Floréen, P., Krüger, A., Spasojevic, M. (eds.) Pervasive 2010. LNCS, vol. 6030, pp. 130–137. Springer, Heidelberg (2010)
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. ACM SIGOPS Oper. Syst. Rev. 37(5), 193–206 (2003)
Tan, L., Chan, E.M., Farivar, R., Mallick, N.: iKernel: isolating buggy and malicious device drivers using hardware virtualization support. In: The 3rd IEEE International Symposium on Dependable, Autonomic and Secure Computing, pp. 134–144 (2007)
Perez, R., van Doorn, L., Sailer, R.: Virtualization and hardware-based security. IEEE Secur. Priv. 6(5), 24–31 (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Xie, XZ., Liu, HQ., Wang, YP. (2016). TransPro: Mandatory Sensitive Information Protection Based on Virtualization and Encryption. In: Sun, X., Liu, A., Chao, HC., Bertino, E. (eds) Cloud Computing and Security. ICCCS 2016. Lecture Notes in Computer Science(), vol 10039. Springer, Cham. https://doi.org/10.1007/978-3-319-48671-0_39
Download citation
DOI: https://doi.org/10.1007/978-3-319-48671-0_39
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-48670-3
Online ISBN: 978-3-319-48671-0
eBook Packages: Computer ScienceComputer Science (R0)