Towards automated security policy enforcement in multi-tenant virtual data centers

Journal of Computer Security

Volumn 18, Issue 1, 2010, Pages 89-121

  Cabuk, Serdar ^a   Dalton, Chris I ^a   Eriksson, Konrad ^b   Kuhlmann, Dirk ^a   Ramasamy, Harigovind V ^c   Ramunno, Gianluca ^d   Sadeghi, Ahmad Reza ^e   Schunter, Matthias ^b   Stüble, Christian ^f  

^a HEWLETT PACKARD LABORATORIES   (United Kingdom)

^b IBM RESEARCH ZURICH   (Switzerland)

^c IBM T J WATSON RESEARCH CENTER   (United States)

^d POLITECNICO DI TORINO   (Italy)

^e RUHR UNIVERSITY BOCHUM   (Germany)

^f Sirrix AG   (Germany)

Author keywords

Trusted computing; Trusted virtual domain; Virtual data center; Virtual networks; Virtualization

Indexed keywords

HYPERVISOR; MULTIPLE MACHINE; SECURITY ARCHITECTURE; SECURITY MECHANISM; SECURITY OBJECTIVES; SECURITY POLICY; SECURITY POLICY ENFORCEMENT; SHARED RESOURCES; TRUSTED COMPUTING; TRUSTED COMPUTING TECHNOLOGY; VIRTUAL DATA; VIRTUAL INFRASTRUCTURES; VIRTUAL NETWORKS; VIRTUALIZATIONS;

COMPUTER SCIENCE; CUSTOMER SATISFACTION; INFORMATION TECHNOLOGY; SALES; SATELLITE COMMUNICATION SYSTEMS; SECURITY SYSTEMS;

NETWORK SECURITY;

EID: 71749093343     PISSN: 0926227X     EISSN: None     Source Type: Journal    
DOI: 10.3233/JCS-2010-0376     Document Type: Article

References (44)

1. Aufs - Another Unionfs, http://aufs.sourceforge.net/.
2. dm-crypt: A device-mapper crypto target, http://www.saout.de/misc/dm- crypt/.
3. TrustedGRUB, http://sourceforge.net/projects/trustedgrub.
4. Unionfs: A stackable unification file system, http://www.am-utils.org/ project-unionfs.html.
5. F. Armknecht, Y. Gasmi, A.-R. Sadeghi, P. Stewin, M. Unger, G. Ramunno and D. Vernizzi, An efficient implementation of Trusted Channels based on Openssl, in: STC'08: Proceedings of the 3rd ACMWorkshop on Scalable Trusted Computing, ACM Press, New York, NY, USA, 2008, pp. 41-50.
6. P.T. Barham, B. Dragovic, K. Fraser, S. Hand, T.L. Harris, A. Ho, R. Neugebauer, I. Pratt and A. Warfield, Xen and the art of virtualization, in: Proc. 19th ACM Symposium on Operating Systems Principles (SOSP-2003), ACM Press, New York, NY, USA, October 2003, pp. 164-177.
7. S. Berger, R. Cáceres, D. Pendarakis, R. Sailer, E. Valdez, R. Perez, W. Schildhauer and D. Srinivasan, TVDc: Managing security in the trusted virtual datacenter, SIGOPS Operating Systems Review 42(1) (2008), 40-47.
8. A. Bussani, J.L. Griffin, B. Jansen, K. Julisch, G. Karjoth, H. Maruyama, M. Nakamura, R. Perez, M. Schunter, A. Tanner, L. van Doorn, E.V. Herreweghen, M. Waidner and S. Yoshihama, Trusted Virtual Domains: Secure foundation for business and IT services, Research Report RC 23792, IBM Research, November 2005.
9. A. Cappadonia, C. Basile and A. Lioy, Algebraic models to detect and solve policy conflicts, in: MMM-ACNS 2007, I. Kotenko, V. Gorodetsky and V.A. Skormin, eds, CCIS, vol.1, Springer, 2007, pp. 242-247.
10. S. Cabuk, C. Dalton, H.V. Ramasamy and M. Schunter, Towards automated provisioning of secure virtualized networks, in: Proc. 14th ACM Conference on Computer and Communications Security (CCS-2007), ACM Press, New York, NY, USA, October 2007, pp. 235-245.
11. D.E. Clarke, G.E. Suh, B. Gassend, A. Sudan, M. van Dijk and S. Devadas, Towards constant bandwidth overhead integrity checking of untrusted data, in: IEEE Symposium on Security and Privacy, IEEE Computer Society, 2005, pp. 139-153.
12. T. Dierks and E. Rescorla, The Transport Layer Security (TLS) protocol version 1.1. Internet engineering task force: http://www.ietf.org/rfc/rfc4346. txt, Network Working Group RFC 4346, April 2006.
13. N. Dunlop, J. Indulska and K.A. Raymond, A formal specification of conflicts in dynamic policybased management systems, DSTC Technical report, CRC for Enterprise Distributed Systems, University of Queensland, Australia, August 2001.
14. H. Hamed, E. Al-Shaer, R. Boutaba and M. Hasan, Conflict classification and analysis of distributed firewall policies, IEEE Journal on Selected Areas in Communications 23(10) (2005), 2069-2084.
15. Z. Fu, S.F. Wu, H. Huang, K. Loh, F. Gong, I. Baldine and C. Xu, IPSec/VPN security policy: Correctness, conflict detection, and resolution, in: POLICY, Springer-Verlag, 2001, pp. 39-56.
16. Y. Gasmi, A.-R. Sadeghi, P. Stewin, M. Unger and N. Asokan, Beyond secure channels, in: STC '07: Proceedings of the 2nd ACM Workshop on Scalable Trusted Computing, ACM Press, 2007, pp. 30-40.
17. J. Griffin, T. Jaeger, R. Perez, R. Sailer, L. Van Doorn and R. Caceres, Trusted Virtual Domains: Toward secure distributed services, in: Proc. 1st Workshop on Hot Topics in System Dependability (Hotdep-2005), Yokohama, Japan, June 2005, IEEE Press, 2005.
18. V. Haldar, D. Chandra and M. Franz, Semantic Remote Attestation - virtual machine directed approach to Trusted Computing, in: USENIX Virtual Machine Research and Technology Symposium, 2004, pp. 29-41. Also Technical Report No. 03-20, School of Information and Computer Science, University of California, Irvine.
19. IEEE, Standards for local and metropolitan area networks: Virtual bridged local area networks, Technical Report ISBN 0-7381-3662-X, IEEE, 1998.
20. IETF, EtherIP: Tunneling Ethernet frames in IP datagrams, RFC 3378, 2002.
21. B. Jansen, H. Ramasamy and M. Schunter, Policy enforcement and compliance proofs for Xen virtual machines, in: 4th International ACM SIGPLAN/SIGOPS Conference on Virtual Execution Environments (VEE-2008), ACM Press, New York, 2008, pp. 101-110.
22. Y. Katsuno, M. Kudo, Y. Watanabe, S. Yoshihama, R. Perez, R. Sailer and L. van Doorn, Towards multi-layer trusted virtual domains, in: The 2nd Workshop on Advances in Trusted Computing (WATC'06 Fall), Tokyo, Japan, November 2006; http://www.trl.ibm.com/projects/watc/ program.htm.
23. S. Kent and K. Seo, Security architecture for the Internet Protocol, Internet engineering task force: http://www.ietf.org/rfc/rfc4301.txt, Network Working Group RFC 4346, Obsoletes: RCF2401, December 2005.
24. U. Kühn, M. Selhorst and C. Stüble, Realizing property-based attestation and sealing with commonly available hard- and software, in: STC'07: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, ACM, New York, NY, USA, 2007, pp. 50-57.
25. P. Leach, M. Mealling and R. Salz, A universally unique IDentifier (UUID) URN namespace, Internet engineering task force, RFC 4122, July 2005.
26. E. Lupu and M. Sloman, Conflicts in policy-based distributed system management, IEEE Transaction on Software Engineering 25(6) (1999), 852-869.
27. R. MacDonald, S. Smith, J. Marchesini and O. Wild, Bear: An open-source virtual secure coprocessor based on TCPA, Technical Report TR2003-471, Department of Computer Science, Dartmouth College, Hanover, NH, USA, 2003.
28. J. Marchesini, S.W. Smith, O. Wild and R. MacDonald, Experimenting with TCPA/TCG hardware, or: How I learned to stop worrying and love the bear, Technical Report TR2003-476, Department of Computer Science, Dartmouth College, Hanover, NH, USA, 2003.
29. J. Marchesini, S.W. Smith, O.Wild, J. Stabiner and A. Barsamian, Open-source applications of TCPA hardware, in: 20th Annual Computer Security Applications Conference, December 2004, ACM, IEEE Computer Society, Washington, DC, USA, 2004, pp. 294-303.
30. C. Mundie, P. de Vries, P. Haynes and M. Corwine, Trustworthy computing, White paper, Microsoft Corporation, October 2002.
31. D.G. Murray, G. Milos and S. Hand, Improving Xen security through disaggregation, in: 4th International ACM SIGPLAN/SIGOPS Conference on Virtual Execution Environments (VEE-2008), ACM Press, New York, 2008, pp. 151-160.
32. Open Trusted Computing (OpenTC) Project, The OpenTC Project Homepage, http://www.opentc. net/, 2008.
33. A. Oprea, M.K. Reiter and K. Yang, Space-efficient block storage integrity, in: Proceedings of the Symposium on Network and Distributed Systems Security (NDSS 2005), Internet Society, San Diego, CA, February 2005.
34. J. Poritz, M. Schunter, E. Van Herreweghen and M. Waidner, Property attestation - scalable and privacy-friendly security assessment of peer computers, Technical Report RZ 3548, IBM Research, May 2004.
35. D. Pendarakis, R. Yavatkar and R. Guerin, A framework for policy-based admission control, RFC 2753, January 2000.
36. A.-R. Sadeghi and C. Stüble, Property-based attestation for computing platforms: Caring about properties, not mechanisms, in: Proc. 2004 Workshop on New Security Paradigms (NSPW-2004), ACM Press, New York, NY, USA, 2005, pp. 67-77.
37. D. Safford, Clarifying misinformation on TCPA, White paper, IBM Research, http://www.research. ibm.com/gsal/tcpa/tcpa-rebuttal.pdf, October 2002; see also [38] and http://www.research.ibm.com/ gsal/tcpa/.
38. D. Safford, The need for TCPA, White paper, IBM Research, http://www.research. ibm.com/gsal/tcpa/why-tcpa.pdf, October 2002; see also [37] and http://www.research.ibm.com/ gsal/tcpa/.
39. R. Sailer, X. Zhang, T. Jaeger and L. van Doorn, Design and implementation of a TCG-based integrity measurement architecture, in: SSYM'04: Proceedings of the 13th Conference on USENIX Security Symposium, USENIX Association, Berkeley, CA, USA, 2004, pp. 16-16
40. Trusted Computing Group (TCG), www.trustedcomputinggroup.org.
41. Trusted Computing Group (TCG), TCG TPM specification version 1.2 revision 103, https://www. trustedcomputinggroup.org/specs/TPM/, July 2007; see also [43] and http://www.trustedcomputing. org/.
42. Trusted Computing Group (TCG), About us, https://www. trustedcomputinggroup.org/about/, May 2008.
43. Trusted Computing Platform Alliance (TCPA). Main specification version 1.1b, https://www. trustedcomputinggroup. org/specs/TPM/, February 2002; see also [41] and http://www.trustedcomputing. org/.
44. A. Westerinen, Terminology for policy-based management, RFC 3198, November 2001.