Integrated assessment and mitigation of physical and digital security threats: Case studies on virtualization

Authors:
André van Cleeff;Wolter Pieters;Roel Wieringa;Frits van Tiel
Affiliations:
University of Twente, Enschede, The Netherlands;University of Twente, Enschede, The Netherlands;University of Twente, Enschede, The Netherlands;TUNIX Internet Security, Nijmegen, The Netherlands
Venue:
Information Security Tech. Report
Year:
2011

Citing 10
Cited 0

The Emperor's old armor

NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Preventing bots from playing online games

Computers in Entertainment (CIE) - Theoretical and Practical Computer Applications in Entertainment
The Ontological Interpretation of Informational Privacy

Ethics and Information Technology
Secure Control: Towards Survivable Cyber-Physical Systems

ICDCSW '08 Proceedings of the 2008 The 28th International Conference on Distributed Computing Systems Workshops
Virtualization Sparks Security Concerns

Computer
Virtualization and Hardware-Based Security

IEEE Security and Privacy
Security Implications of Virtualization: A Literature Study

CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03
Security for the cloud infrastructure: trusted virtual data center implementation

IBM Journal of Research and Development
Benefits of Location-Based Access Control: A Literature Study

GREENCOM-CPSCOM '10 Proceedings of the 2010 IEEE/ACM Int'l Conference on Green Computing and Communications & Int'l Conference on Cyber, Physical and Social Computing
Virtualisation: Seven steps to a secure virtual environment

Network Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Virtualization is one of the enabling technologies of cloud computing. It turns once dedicated physical computing resources such as servers into digital resources that can be provisioned on demand. Cloud computing thus tends to replace physical with digital security controls, and cloud security must be understood in this context. In spite of extensive research on new hardware-enabled solutions such as trusted platforms, not enough is known about the actual physical-digital security trade-off in practice. In this paper, we review what is currently known about security aspects of the physical-digital trade-off, and then report on three case studies of private clouds that use virtualization technology, with the purpose of identifying generalizable guidelines for security trade-off analysis. We identify the important security properties of physical and digital resources, analyze how these have been traded off against each other in these cases, and what the resulting security properties were, and we identify limits to virtualization from a security point of view. The case studies show that physical security mechanisms all work through inertness and visibility of physical objects, whereas digital security mechanisms require monitoring and auditing. We conclude with a set of guidelines for trading off physical and digital security risks and mitigations. Finally, we show how our findings can be used to combine physical and digital security in new ways to improve virtualization and therefore also cloud security.