Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Issue title: EU-Funded ICT Research on Trust and Security
Guest editors: Jan CamenischGuest-Editor, Javier LopezGuest-Editor, Fabio MassacciGuest-Editor, Massimo CiscatoGuest-Editor and Thomas SkordasGuest-Editor
Article type: Research Article
Authors: Cabuk, Serdara | Dalton, Chris I.a | Eriksson, Konradb | Kuhlmann, Dirka | Ramasamy, HariGovind V.c | Ramunno, Gianlucad | Sadeghi, Ahmad-Rezae | Schunter, Matthiasb | Stüble, Christianf
Affiliations: [a] Hewlett–Packard Labs, Bristol, UK. E-mails: serdar.cabuk@gmail.com, cid@hp.com, dirk.kuhlmann@hp.com | [b] IBM Zurich Research Laboratory, Rüschlikon, Switzerland. E-mails: kon@zurich.ibm.com, mts@zurich.ibm.com | [c] IBM T. J. Watson Research Center, Hawthorne, NY, USA. E-mail: hvramasa@us.ibm.com | [d] Politecnico di Torino, Turin, Italy. E-mail: ramunno@polito.it | [e] Ruhr-University Bochum, Germany. E-mail: ahmad.sadeghi@trust.rub.de | [f] Sirrix AG Security Technologies, Bochum, Germany. E-mail: stueble@sirrix.com
Abstract: Virtual data centers allow the hosting of virtualized infrastructures (networks, storage, machines) that belong to several customers on the same physical infrastructure. Virtualization theoretically provides the capability for sharing the infrastructure among different customers. In reality, however, this is rarely (if ever) done because of security concerns. A major challenge in allaying such concerns is the enforcement of appropriate customer isolation as specified by high-level security policies. At the core of this challenge is the correct configuration of all shared resources on multiple machines to achieve this overall security objective. To address this challenge, this paper presents a security architecture for virtual data centers based on virtualization and Trusted Computing technologies. Our architecture aims at automating the instantiation of a virtual infrastructure while automatically deploying the corresponding security mechanisms. This deployment is driven by a global isolation policy, and thus guarantees overall customer isolation across all resources. We have implemented a prototype of the architecture based on the Xen hypervisor.
Keywords: Virtualization, virtual networks, trusted computing, trusted virtual domain, virtual data center
DOI: 10.3233/JCS-2010-0376
Journal: Journal of Computer Security, vol. 18, no. 1, pp. 89-121, 2010
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl