SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
The design and implementation of Zap: a system for migrating computing environments
ACM SIGOPS Operating Systems Review - OSDI '02: Proceedings of the 5th symposium on Operating systems design and implementation
The Confused Deputy: (or why capabilities might have been invented)
ACM SIGOPS Operating Systems Review
Computer security strength and risk: a quantitative approach
Computer security strength and risk: a quantitative approach
Solaris Zones: Operating System Support for Consolidating Commercial Workloads
LISA '04 Proceedings of the 18th USENIX conference on System administration
SELinux: NSA's Open Source Security Enhanced Linux
SELinux: NSA's Open Source Security Enhanced Linux
Ensuring data integrity in storage: techniques and applications
Proceedings of the 2005 ACM workshop on Storage security and survivability
Are virtual-machine monitors microkernels done right?
ACM SIGOPS Operating Systems Review
Reducing TCB size by using untrusted components: small kernels versus virtual-machine monitors
Proceedings of the 11th workshop on ACM SIGOPS European workshop
Automated detection of persistent kernel control-flow attacks
Proceedings of the 14th ACM conference on Computer and communications security
IBM scale out file services: reinventing network-attached storage
IBM Journal of Research and Development
The Eucalyptus Open-Source Cloud-Computing System
CCGRID '09 Proceedings of the 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid
Mandatory Access Control implantation against potential NFS vulnerabilities
CTS '09 Proceedings of the 2009 International Symposium on Collaborative Technologies and Systems
Cloud security is not (just) virtualization security: a short paper
Proceedings of the 2009 ACM workshop on Cloud computing security
A survey of confidential data storage and deletion methods
ACM Computing Surveys (CSUR)
GPFS: a shared-disk file system for large computing clusters
FAST'02 Proceedings of the 1st USENIX conference on File and storage technologies
| Hi-index | 0.00 |
A filesystem-level storage cloud offers network-filesystem access to multiple customers at low cost over the Internet. In this paper, we investigate two alternative architectures for achieving multi-tenancy securely and efficiently in such storage cloud services. They isolate customers in virtual machines at the hypervisor level and through mandatory access-control checks in one shared operating-system kernel, respectively. We compare and discuss the practical security guarantees of these architectures. We have implemented both approaches and compare them using performance measurements we obtained.