Proceedings of the workshop on virtual computer systems
Detecting past and present intrusions through vulnerability-specific predicates
Proceedings of the twentieth ACM symposium on Operating systems principles
PRIMA: policy-reduced integrity measurement architecture
Proceedings of the eleventh ACM symposium on Access control models and technologies
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
Copilot - a coprocessor-based kernel runtime integrity monitor
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Coordinating Multiple Autonomic Managers to Achieve Specified Power-Performance Tradeoffs
ICAC '07 Proceedings of the Fourth International Conference on Autonomic Computing
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Energy management for hypervisor-based virtual machines
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Lares: An Architecture for Secure Active Monitoring Using Virtualization
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
PowerNap: eliminating server idle power
Proceedings of the 14th international conference on Architectural support for programming languages and operating systems
Future Generation Computer Systems
KvmSec: a security extension for Linux kernel virtual machines
Proceedings of the 2009 ACM symposium on Applied Computing
An Efficient Resource Management System for On-Line Virtual Cluster Provision
CLOUD '09 Proceedings of the 2009 IEEE International Conference on Cloud Computing
HIMA: A Hypervisor-Based Integrity Measurement Agent
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
A secure collaboration service for dynamic virtual organizations
Information Sciences: an International Journal
Server workload analysis for power minimization using consolidation
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
Hybrid Computing-Where HPC meets grid and Cloud Computing
Future Generation Computer Systems
Addressing cloud computing security issues
Future Generation Computer Systems
Editorial: Special section: Green computing
Future Generation Computer Systems
Virtual machine power measuring technique with bounded error in cloud environments
Journal of Network and Computer Applications
Controllable privacy preserving search based on symmetric predicate encryption in cloud storage
Future Generation Computer Systems
Design and implementation of a trusted monitoring framework for cloud platforms
Future Generation Computer Systems
HotSnap: a hot distributed snapshot system for virtual machine cluster
LISA'13 Proceedings of the 27th international conference on Large Installation System Administration
Editorial: The management of cloud systems
Future Generation Computer Systems
Resource allocation with multi-factor node ranking in data center networks
Future Generation Computer Systems
CloRExPa: Cloud resilience via execution path analysis
Future Generation Computer Systems
Hi-index | 0.00 |
As the sizes of IT infrastructure continue to grow, cloud computing is a natural extension of virtualisation technologies that enable scalable management of virtual machines over a plethora of physically connected systems. The so-called virtualisation-based cloud computing paradigm offers a practical approach to green IT/clouds, which emphasise the construction and deployment of scalable, energy-efficient network software applications (NetApp) by virtue of improved utilisation of the underlying resources. The latter is typically achieved through increased sharing of hardware and data in a multi-tenant cloud architecture/environment and, as such, accentuates the critical requirement for enhanced security services as an integrated component of the virtual infrastructure management strategy. This paper analyses the key security challenges faced by contemporary green cloud computing environments, and proposes a virtualisation security assurance architecture, CyberGuarder, which is designed to address several key security problems within the 'green' cloud computing context. In particular, CyberGuarder provides three different kinds of services; namely, a virtual machine security service, a virtual network security service and a policy based trust management service. Specifically, the proposed virtual machine security service incorporates a number of new techniques which include (1) a VMM-based integrity measurement approach for NetApp trusted loading, (2) a multi-granularity NetApp isolation mechanism to enable OS user isolation, and (3) a dynamic approach to virtual machine and network isolation for multiple NetApp's based on energy-efficiency and security requirements. Secondly, a virtual network security service has been developed successfully to provide an adaptive virtual security appliance deployment in a NetApp execution environment, whereby traditional security services such as IDS and firewalls can be encapsulated as VM images and deployed over a virtual security network in accordance with the practical configuration of the virtualised infrastructure. Thirdly, a security service providing policy based trust management is proposed to facilitate access control to the resources pool and a trust federation mechanism to support/optimise task privacy and cost requirements across multiple resource pools. Preliminary studies of these services have been carried out on our iVIC platform, with promising results. As part of our ongoing research in large-scale, energy-efficient/green cloud computing, we are currently developing a virtual laboratory for our campus courses using the virtualisation infrastructure of iVIC, which incorporates the important results and experience of CyberGuarder in a practical context.