For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
A QoS-Aware Scheduling Algorithm Based on Service Type for LTE Downlink
p.2468
A User Selection Algorithm Based on the Combination of Block Diagonalization and SLNR Maximization
p.2474
An Approach of Web Page Information Extraction
p.2479
The Research and Application of Heterogeneous Database Based on XML in Distance Education
p.2483
Protecting the Security and Privacy of the Virtual Machine through Privilege Separation
p.2488
A New Scale Free Evolving Network Model with Community Structure
p.2495
A Method for Generating the Timetable of Double-Track Railway Line
p.2501
Design and Implementation of Distributed Crawler System for Opinion Mining
p.2506
Internet of Things Key Technologies and Architectures Research in Information Processing
p.2511

Protecting the Security and Privacy of the Virtual Machine through Privilege Separation

Article Preview

Abstract:

Virtual machine security issues have been the focus of attention. The permissions of traditional administrative domain Dom0 are too large, so that the user's privacy is threatened. Once the attacker compromises Dom0, it can threaten the entire virtualization platform. This paper introduces a privilege separation virtual machine security model (PSVM). Dom0s privileges are split into two parts: the operations about the user's privacy form a DomU management domain, responsible for managing the user's privacy; remaining forms Thin Dom0. Users and virtualization platform for server-side need mutual authentication. It can prevent unauthorized users and counterfeiting Virtualization platform invading system. The user's privacy is under its own management to prevent the Virtualization platform snooping. However, it affects only one user, even if the management domain is compromised. Combined with the model, the prototype system is implemented and security analysis and performance testing is done.

You might also be interested in these eBooks
Instruments, Measurement, Electronics and Information Engineering View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 347-350)

Pages:

2488-2494

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.347-350.2488

Citation:

Cite this paper

Online since:

August 2013

Authors:

Cong Yu, Li Xin Li, Kui Wang, Wen Tao Yu

Keywords:

Mutual Trust, Security Model, Separation of Privilege, Virtual Machine Security

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2013 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

References

[1] CVE-2012-3433。HVM destroy p2mhost Dos Xen HVM Guest p2mTeardown Denial of Service Vulnerability.

Google Scholar

[2] CVE-2007-5497. Integer overflows in libext2fs in e2fsprogs.

Google Scholar

[3] CVE-2008-1943. Buffer overflow in the backend of XenSource Xen paravirtualized frame buffer.

Google Scholar

[4] CVE-2007-4993. Xen guest root escapes to dom0 via pygrub.

Google Scholar

[5] IBM Corporation. Xen Users' Manual [EB/OL]. 63-64.

Google Scholar

[6] Chunxiao Li, Anand Raghunathan, Niraj K. Jha. Secure Virtual Machine Execution under an Untrusted Management OS [C]. 2010 IEEE 3rd International Conference on Cloud Computing. (2010).

DOI: 10.1109/cloud.2010.29

Google Scholar

[7] Zhang, F., Chen, J., Chen, H. and Zang, B. CloudVisor: Retrofitting Protection of Virtual Machines in Multi-tenant Cloud with Nested Virtualization. In ACM SOSP, (2011).

DOI: 10.1145/2043556.2043576

Google Scholar

[8] Trusted Computing Group: TPM Main Specification Version 1. 2. http: /www. trustedcomputinggroup. org.

Google Scholar

[9] S. Berger, R. Caceres, K. Goldman vTPM: Virtualizing the Trusted Platform Module. In USENIX Security, (2006).

Google Scholar

[10] Applied Data Security Group. What is Trusted GRUB [DB/OL]. http: /www. prosec. de/trusted_grub. html.

Google Scholar

[11] George Coker. Xen Security Modules (XSM) [EB/OL]. National Information Assurance Research Lab. National Security Agency (NSA). (2007).

Google Scholar

[12] D. Williams, H. Jamjoom, and H. Weatherspoon. The Xen-Blanket: Virtualize Once, Run Everywhere. ACM EuroSys, (2012).

DOI: 10.1145/2168836.2168849

Google Scholar

[13] Hidekazu Tadokoro, Kenichi Kourai, Shigeru Chiba. Preventing Information Leakage from Virtual Machines' Memory in IaaS Clouds. IPSJ Transactions on Advanced Computing Systems Vol. 5 No. 4 101–111. (2012).

DOI: 10.2197/ipsjtrans.5.156

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.