Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Virtual Appliances for Deploying and Maintaining Software
LISA '03 Proceedings of the 17th USENIX conference on System administration
From virtualized resources to virtual computing grids: the In-VIGO system
Future Generation Computer Systems - Special section: Complex problem-solving environments for grid computing
Virtual workspaces: Achieving quality of service and quality of life in the Grid
Scientific Programming - Dynamic Grids and Worldwide Computing
Operating system support for planetary-scale network services
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Sharing networked resources with brokered leases
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
AmazonIA: when elasticity snaps back
Proceedings of the 18th ACM conference on Computer and communications security
Hi-index | 0.00 |
A virtual computing utility hosts guest virtual machines on server provider sites. Each VM is an instantiation of some image or virtual appliance, which might be supplied by the VM owner or a third-party image provider. This paper addresses the problem of establishing a secure channel between a VM and an automated controller running on behalf of the VM's authorized owner. A secure channel is an essential toehold for post-install actions by the controller to adapt the VM to its local environment, join it to an application service, and/or monitor and control its execution. A simple and practical solution is to modify an image for a particular site or owner, e.g., by pre-installing keys or tokens onto the image. That approach compromises the portability of images, and could interfere with image sharing, use of new operating systems on image appliances, or endorsement of standard images by image providers. This paper presents an alternative solution that preserves the portability of images. The solution employs a standard keymaster service on the images. The keymaster and controller conduct a one-round binding protocol for mutual authentication and key exchange, seeded by secure tokens passed from the utility boot authority. The binding protocol relies only on security mechanisms at the transport layer and above, so it is suitable for use with remote controllers.