A high-efficient inter-domain data transferring system for virtual machines
Proceedings of the 3rd International Conference on Ubiquitous Information Management and Communication
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
Building Automated Trust Negotiation architecture in virtual computing environment
The Journal of Supercomputing
Improving disk I/O performance in a virtualized system
Journal of Computer and System Sciences
Hi-index | 0.01 |
For decades, researchers have pointed out that Mandatory Access Control (MAC) is an effective method to protect computer systems from being misused. Unfortunately, MAC is still not widely deployed because of its complexity. The problem is even worse in a virtual machine environment, because the current architecture is not designed to support MAC in a site-wide manner: machines with multiple virtual hosts needs to have multiple MAC security policies, and each of these policies must be updated and managed separately inside each virtual host. In order to ease the burden on administrators when deploying security policies in a virtual environment, this paper proposes an architecture named Virtual Mandatory Access Control (VMAC) to centralize security policies, so that all policy management can easily be done from a central machine. VMAC securely centralizes the security logging information from all virtual hosts into a central machine so intrusion detection analysis on the logging data is straightforward. To arrive at the architecture presented here, we have investigated various popular MAC schemes, and implemented several schemes with VMAC on the Xen Virtual Machine. This paper presents our experiences in the development process.