Security for the cloud infrastructure: trusted virtual data center implementation

Authors:
S. Berger;R. Cáceres;K. Goldman;D. Pendarakis;R. Perez;J. R. Rao;E. Rom;R. Sailer;W. Schildhauer;D. Srinivasan;S. Tal;E. Valdez
Affiliations:
IBM Research Division, Thomas J. Watson Research Center, Hawthorne, New York;AT&T Labs, Park, New Jersey;IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, New York;IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, New York;IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, New York;IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, New York;IBM Research Division, Haifa Research Labs, Haifa, Israel;IBM Research Division, Thomas J. Watson Research Center, Hawthorne, New York;IBM Systems and Technology Group, North Carolina;IBM Systems and Technology Group, North Carolina;IBM Research Division, Haifa Research Labs, Haifa, Israel;IBM Research Division, Thomas J. Watson Research Center, Hawthorne, New York
Venue:
IBM Journal of Research and Development
Year:
2009

Citing 12
Cited 7

A Retrospective on the VAX VMM Security Kernel

IEEE Transactions on Software Engineering
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
PRIMA: policy-reduced integrity measurement architecture

Proceedings of the eleventh ACM symposium on Access control models and technologies
Daonity: grid security with behaviour conformity from trusted computing

Proceedings of the first ACM workshop on Scalable trusted computing
Shamon: A System for Distributed Mandatory Access Control

ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Design and implementation of a TCG-based integrity measurement architecture

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
vTPM: virtualizing the trusted platform module

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Capability based Secure Access Control to Networked Storage Devices

MSST '07 Proceedings of the 24th IEEE Conference on Mass Storage Systems and Technologies
Towards automated provisioning of secure virtualized networks

Proceedings of the 14th ACM conference on Computer and communications security
TVDc: managing security in the trusted virtual datacenter

ACM SIGOPS Operating Systems Review
Implementing IBM Systems Director 6.1

Implementing IBM Systems Director 6.1
Trusted virtual domains: toward secure distributed services

HotDep'05 Proceedings of the First conference on Hot topics in system dependability

RC2-a living lab for cloud computing

LISA'10 Proceedings of the 24th international conference on Large installation system administration
Trusted virtual domains on OKL4: secure information sharing on smartphones

Proceedings of the sixth ACM workshop on Scalable trusted computing
Semantics-enabled policies for information sharing and protection in the cloud

SocInfo'11 Proceedings of the Third international conference on Social informatics
Integrated assessment and mitigation of physical and digital security threats: Case studies on virtualization

Information Security Tech. Report
SocialClouds: concept, security architecture and some mechanisms

INTRUST'09 Proceedings of the First international conference on Trusted Systems
Trusted virtual domains – design, implementation and lessons learned

INTRUST'09 Proceedings of the First international conference on Trusted Systems
Much ado about security appeal: cloud provider collaborations and their risks

ESOCC'12 Proceedings of the First European conference on Service-Oriented and Cloud Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

The trusted virtual data center (TVDc) is a technology developed to address the need for strong isolation and integrity guarantees in virtualized environments. In this paper, we extend previous work on the TVDc by implementing controlled access to networked storage based on security labels and by implementing management prototypes that demonstrate the enforcement of isolation constraints and integrity checking. In addition, we extend the management paradigm for the TVDc with a hierarchical administration model based on trusted virtual domains and describe the challenges for future research.