CyberGuarder: A virtualization security assurance architecture for green cloud computing

With energy and power costs increasing as the size of IT infrastructures grows, virtualization technologies enable scalable management for large scale of virtual machines running on physical systems, and virtualizationbased green cloud computing paradigm is springing up to provide a scalable and energy-efficient network software application (NetApp in short) supplement, consumption, delivery mode. However, the security problems will become more serious because data and infrastructures are fully shared among multi-tenant in a green cloud computing environment. Moreover security services generally affect the system's energy consumption and computing power. The success or failure of a practical application of a green cloud computing infrastructure strongly relies on its security solution. In this paper, we analyze the key security challenges faced by existing green cloud computing environments, and design a virtualization security assurance architecture named CyberGuarder to address the security problems with consideration of energy efficiency. In CyberGuarder, we provide three kinds of services from different security aspects. First, we propose a novel virtual machine security service incorporating a number of new techniques including 1) a VMM-based integrity measurement approach for a NetApp trusted loading, 2) a multi-granularity NetApps isolation mechanism for OS user isolation, 3) VM (Virtual Machine) isolation and virtual network isolation of multiple NetApps according to dynamic energyefficiency and security needs. Second, we successfully developed a virtual network security service which provides an adaptive virtual security appliance deployment in the NetApp execution environment, and traditional security systems such as IDS, firewall etc. can be encapsulated into VM images and deployed into a virtual network in accordance with the utilization of virtualization infrastructure. Last, a security policy based trust management mechanism is proposed for access control to a resource pool and a trust federation mechanism across multiple resource pools to optimize the tradeoff between task privacy and computing cost requirements. We have studied these approaches in our iVIC platform, and some preliminary implementation experiments show that our approaches are effective and useful. Currently, we are building a virtual lab for our campus courses experiment based on our green cloud computing infrastructure iVIC, and CyberGuarder is an important virtualization security assurance system for the practical operation of iVIC platform. Index Terms — Cloud Computing, Green Computing, Virtualization, Virtual Security Appliance, Security Isolation.