Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
ACM SIGOPS Operating Systems Review - OSDI '02: Proceedings of the 5th symposium on Operating systems design and implementation
A Case For Grid Computing On Virtual Machines
ICDCS '03 Proceedings of the 23rd International Conference on Distributed Computing Systems
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Poly2 Paradigm: A Secure Network Service Architecture
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
PlanetLab: an overlay testbed for broad-coverage services
ACM SIGCOMM Computer Communication Review
Attestation-based policy enforcement for remote access
Proceedings of the 11th ACM conference on Computer and communications security
ACM Transactions on Computer Systems (TOCS)
Intel Virtualization Technology
Computer
SVGrid: a secure virtual environment for untrusted grid applications
MGC '05 Proceedings of the 3rd international workshop on Middleware for grid computing
A distributed host-based worm detection system
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Detecting Conflicts of Interest
RE '06 Proceedings of the 14th IEEE International Requirements Engineering Conference
A case for high performance computing with virtual machines
Proceedings of the 20th annual international conference on Supercomputing
vTPM: virtualizing the trusted platform module
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
VTDC '06 Proceedings of the 2nd International Workshop on Virtualization Technology in Distributed Computing
Trusted virtual domains: toward secure distributed services
HotDep'05 Proceedings of the First conference on Hot topics in system dependability
Enhancing grid security using trusted virtualization
ATC'07 Proceedings of the 4th international conference on Autonomic and Trusted Computing
Hi-index | 0.00 |
Virtual Interacting Network CommunIty(Vinci) is a software architecture that exploits virtualization to share in a secure way an information and communication technology infrastructure among a set of users with distinct security levels and reliability requirements. To this purpose, Vinci decomposes users into communities, each consisting of a set of users, their applications, a set of services and of shared resources. Users with distinct privileges and applications with distinct trust levels belong to distinct communities. Each community is supported by a virtual network, i.e. a structured and highly parallel overlay that interconnects virtual machines (VMs), each built by instantiating one of a predefined set of VM templates. Some VMs of a virtual network run user applications, some protect shared resources, and some others control traffic among communities to discover malware or worms. Further VMs manage the infrastructure resources and configure the VMs at start-up. The adoption of several VM templates enables Vinci to minimize the complexity of each VM and increases the robustness of both the VMs and of the overall infrastructure. Moreover, the security policy that a VM applies depends upon the community a user belongs to. As an example, discretionary access control policies may protect files shared within a community, whereas mandatory policies may rule access to files shared among communities. After describing the overall architecture of Vinci, we present the VM templates and the performance results of a first prototype.