An Access Control Model for Preventing Virtual Machine Escape Attack
نویسندگان
چکیده
With the rapid development of Internet, the traditional computing environment is making a big migration to the cloud-computing environment. However, cloud computing introduces a set of new security problems. Aiming at the virtual machine (VM) escape attack, we study the traditional attack model and attack scenarios in the cloud-computing environment. In addition, we propose an access control model that can prevent virtual machine escape (PVME) by adapting the BLP (Bell-La Padula) model (an access control model developed by D. Bell and J. LaPadula). Finally, the PVME model has been implemented on full virtualization architecture. The experimental results show that the PVME module can effectively prevent virtual machine escape while only incurring 4% to 8% time overhead.
منابع مشابه
A combination of semantic and attribute-based access control model for virtual organizations
A Virtual Organization (VO) consists of some real organizations with common interests, which aims to provide inter organizational associations to reach some common goals by sharing their resources with each other. Providing security mechanisms, and especially a suitable access control mechanism, which enforces the defined security policy is a necessary requirement in VOs. Since VO is a complex ...
متن کاملAn Effective Attack-Resilient Kalman Filter-Based Approach for Dynamic State Estimation of Synchronous Machine
Kalman filtering has been widely considered for dynamic state estimation in smart grids. Despite its unique merits, the Kalman Filter (KF)-based dynamic state estimation can be undesirably influenced by cyber adversarial attacks that can potentially be launched against the communication links in the Cyber-Physical System (CPS). To enhance the security of KF-based state estimation, in this paper...
متن کاملAn Architecture for Security and Protection of Big Data
The issue of online privacy and security is a challenging subject, as it concerns the privacy of data that are increasingly more accessible via the internet. In other words, people who intend to access the private information of other users can do so more efficiently over the internet. This study is an attempt to address the privacy issue of distributed big data in the context of cloud computin...
متن کاملCloudRand: Building Heterogeneous and Moving-target Port Interfaces for Networked Systems
Some fundamental reasons why our networked systems are still vulnerable to network attacks are: (1) they are more open than necessary; (2) they are homogeneous, i.e., the same way to exploit a vulnerability on one machine is easily applicable to many other machines (which is particularly a severe concern in cloud computing environments when virtual machines images are heavily reused/cloned); (3...
متن کاملRisk-aware Virtual Resource Management for Access Control-based Cloud Datacenters
Multitenancy and virtualization features of cloud computing enhance resource utilization and lower the cloud provider total cost of hosting customers data for big data applications. However, the cloud computing has many security challenges that are exacerbated by virtual resource sharing. In particular, sharing of resources among potentially untrusted tenants can result in an increased risk of ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Future Internet
دوره 9 شماره
صفحات -
تاریخ انتشار 2017