Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Block-Level Security for Network-Attached Disks
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Geiger: monitoring the buffer cache in a virtual machine environment
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Practical taint-based protection using demand emulation
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
vTPM: virtualizing the trusted platform module
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
PVFS: a parallel file system for linux clusters
ALS'00 Proceedings of the 4th annual Linux Showcase & Conference - Volume 4
A layered approach to simplified access control in virtualized systems
ACM SIGOPS Operating Systems Review
VirtualPower: coordinated power management in virtualized enterprise systems
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Policy enforcement and compliance proofs for Xen virtual machines
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Protectit: trusted distributed services operating on sensitive data
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
O2S2: enhanced object-based virtualized storage
ACM SIGOPS Operating Systems Review
| Hi-index | 0.00 |
Today's virtualized platforms enable virtualization services (VSs) that can offer enhanced functionalities to guest virtual machines (VMs) based on behavioral monitoring. One such set of functionality concerns protected service access, by having a VS impose access controls that can be altered and refined at runtime. Changes are made in accordance with the levels of "trust" associated with certain VMs - where VSs use runtime monitoring to derive current "trust" levels from observed guest VM behavior. This paper develops and evaluates implementation methods for trust enhancements of virtualization services and demonstrates their utility for a storage virtualization service, termed protected object store (POS). An implementation of POS based on the PVFS file system as a backend and using the Xen VMM as a virtualization infrastructure is shown effective in its ability to enforce fine-grained, role-based access controls on storage usage based on the VM's dynamic level of "trust", while minimally impacting the overall performance of the storage service.