Deployment of Virtual Machines in Lock-Keeper

  • Feng Cheng
  • Christoph Meinel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4298)


As a remarkable realization of the simple idea ”Physical Separation”, the Lock-Keeper technology has been proven to be a practical approach to provide high-level security for a sensitive internal network by completely separating it with the less secure external network. The data exchange between the two separated networks is accomplished by the Lock-Keeper Secure Data Exchange software which is occupied by three PC-based Lock-Keeper components: INNER, OUTER and GATE. The SDE’s application modules on INNER and OUTER provide specific network services to the external world through normal network connections and organize the network traffic into Lock-Keeper-mode units which can be transferred through the Lock-Keeper by its SDE’s basic data exchange modules on INNER, OUTER and GATE. There is an extra data scanning module located on GATE to check the passing data contents. In this paper, a new implementation of the SDE software will be proposed based on the Virtual Machine technology. Application modules on INNER and OUTER are respectively replaced by some Virtual Machines. According to different requirements of corresponding applications, different configurations and resource assignments can be employed by these Virtual Machines. Such special-purpose Virtual Machines and their underlying host can be isolated from one another by the natural property of the Virtual Machine technology so that both the host and each single application can be easily restored in the case of destruction. In addition, a content scanning VM will be built on GATE to support offline scanning, configuration, updating and other useful extension.


Virtual Machine Application Module Virtual Machine Image Virtual Hardware Virtual Machine Community 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Cheng, F., Meinel, C.: Research on the Lock-Keeper Technology: Architectures, Applications and Advancements. International Journal of Computer & Information Science 5(3), 236–245 (2004)Google Scholar
  2. 2.
    Lock-Keeper Website of Siemens AG in Switzerland:
  3. 3.
    Lock-Keeper Website of Hasso-Plattner-Institute at University of Potsdam:
  4. 4.
    Varian, M.: VM and VM Community: Past, Present, and Future. SHARE 89 Sessions 9059-9061, pp. 3-25. Princeton University, NJ, USA (1997)Google Scholar
  5. 5.
    Smith, J.E.: The architecture of virtual machines. IEEE Computer 38(5), 32–38 (2005)Google Scholar
  6. 6.
    McEwan, W.: Virtual Machine Technologies and Their Application in the Delivery of ICT. In: Proceedings of the 15th Annual NACCQ (NACCQ’02), Hamilton, New Zealand, pp. 55–62 (2002)Google Scholar
  7. 7.
    Ing. Arjen C. Krap: Setting up a Virtual Network Laboratory with User-Mode Linux. In: Proceedings of the 4th International SANE Conference, Amsterdam, The Netherlands (2004)Google Scholar
  8. 8.
    Hing, G.: User-Mode Linux Virtual Honeynets: Design and Construction, Technical Report (2002)Google Scholar
  9. 9.
    Garfinkel, T., et al.: Terra: A Virtual Machine-Based Platform for Trusted Computing. In: Proceedings of ACM SOSP 2003, Bolton Landing, USA, pp. 193–206. ACM Press, New York (2003)Google Scholar
  10. 10.
    Dunlap, G.W., et al.: ReVir: Enabling Intrusion Anaysis through Virtual-Machine Logging and Replay. In: Proceedings of the 2002 Symposium on Operating Systems Design and Implementation (OSDI’02), Boston, USA (2002)Google Scholar
  11. 11.
    Edwards, M.J.: Internet Security with Windows NT. Duke Communications (1997)Google Scholar
  12. 12.
    Sugerman, J., et al.: Virtualizing I/O Devices on VMware Workstation’s Hosted Virtual Machine Monitor. In: Proceedings of the 5th USENIX Annual Technical Conference (USENIX’01), Boston, MA, USA (2001)Google Scholar
  13. 13.
    King, S.T., et al.: Operating system support for virtual machines. In: Proceedings of the 7th Annual USENIX Technical Conference (USENIX’03), Georgia, USA (2003)Google Scholar
  14. 14.
    Dike, J.: A User-Mode Port of the Linux Kernel. In: Proceedings of the 4th Annual Linux Showcase & Conference, Georgia, USA (2000)Google Scholar
  15. 15.
    Dike, J.: User-Mode Linux. In: Proceedings of the 5th Annual Linux Showcase & Conference, Oakland, California, USA (2001)Google Scholar
  16. 16.
    Website of VMware, Inc.:
  17. 17.
    Microsoft Corporation: Microsoft Virtual Server 2005 Technical Overview, White Paper (2004), available from:
  18. 18.
    User mode linux core team User Mode Linux HOWTO (2005), available from:

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Feng Cheng
    • 1
  • Christoph Meinel
    • 1
  1. 1.Hasso-Plattner-Institute, University of Potsdam, Postfach 900460, 14440, PotsdamGermany

Personalised recommendations