Integrated Security Architecture for Virtual Machines

Vijay Varadharajan; Udaya Tupakula

Integrated Security Architecture for Virtual Machines

Vijay Varadharajan^*, Udaya Tupakula

^*Corresponding author for this work

Department of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution

Abstract

Currently virtualisation technology is being deployed widely and there is an increasing interest on virtualisation based security techniques. There is a need for securing the life cycle of the virtual machine based systems. In this paper, we propose an integrated security architecture that combines access control, intrusion detection and trust management. We demonstrate how this integrated security architecture can be used to secure the life cycle of virtual machines including dynamic hosting and allocation of resources as well as migration of virtual machines across different physical servers. We discuss the implementation aspects of the proposed architecture and show how the architecture can counteract attack scenarios involving malicious users exploiting vulnerabilities to achieve privilege escalation and then using the compromised machines to generate further attacks.

Original language	English
Title of host publication	Security and privacy in communication networks
Subtitle of host publication	9th International ICST Conference, SecureComm 2013 Sydney, NSW Australia, September 2013 Revised Selected Papers
Editors	Tanveer Zia, Albert Zomaya, Vijay Varadharajan, Morley Mao
Place of Publication	Cham
Publisher	Springer, Springer Nature
Pages	140-153
Number of pages	14
ISBN (Print)	9783319042824
Publication status	Published - 2013
Event	9th International ICST Conference on Security and Privacy in Communication Networks (SecureComm) - Sydney, Australia Duration: 25 Sep 2013 → 28 Sep 2013

Publication series

Name	Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering
Publisher	SPRINGER
Volume	127
ISSN (Print)	1867-8211

Conference

Conference	9th International ICST Conference on Security and Privacy in Communication Networks (SecureComm)
Country	Australia
City	Sydney
Period	25/09/13 → 28/09/13

Keywords

Virtualisation
Trusted computing
Access Control
Intrusion detection
Security attacks

Cite this

Varadharajan, V., & Tupakula, U. (2013). Integrated Security Architecture for Virtual Machines. In T. Zia, A. Zomaya, V. Varadharajan, & M. Mao (Eds.), Security and privacy in communication networks: 9th International ICST Conference, SecureComm 2013 Sydney, NSW Australia, September 2013 Revised Selected Papers (pp. 140-153). (Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering; Vol. 127). Cham: Springer, Springer Nature.

Varadharajan, Vijay ; Tupakula, Udaya. / Integrated Security Architecture for Virtual Machines. Security and privacy in communication networks: 9th International ICST Conference, SecureComm 2013 Sydney, NSW Australia, September 2013 Revised Selected Papers. editor / Tanveer Zia ; Albert Zomaya ; Vijay Varadharajan ; Morley Mao. Cham : Springer, Springer Nature, 2013. pp. 140-153 (Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering).

@inproceedings{c06d678eddef488dba2402cb3bd524e1,

title = "Integrated Security Architecture for Virtual Machines",

abstract = "Currently virtualisation technology is being deployed widely and there is an increasing interest on virtualisation based security techniques. There is a need for securing the life cycle of the virtual machine based systems. In this paper, we propose an integrated security architecture that combines access control, intrusion detection and trust management. We demonstrate how this integrated security architecture can be used to secure the life cycle of virtual machines including dynamic hosting and allocation of resources as well as migration of virtual machines across different physical servers. We discuss the implementation aspects of the proposed architecture and show how the architecture can counteract attack scenarios involving malicious users exploiting vulnerabilities to achieve privilege escalation and then using the compromised machines to generate further attacks.",

keywords = "Virtualisation, Trusted computing, Access Control, Intrusion detection, Security attacks",

author = "Vijay Varadharajan and Udaya Tupakula",

year = "2013",

language = "English",

isbn = "9783319042824",

series = "Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering",

publisher = "Springer, Springer Nature",

pages = "140--153",

editor = "Tanveer Zia and Albert Zomaya and Vijay Varadharajan and Morley Mao",

booktitle = "Security and privacy in communication networks",

address = "United States",

}

Varadharajan, V & Tupakula, U 2013, Integrated Security Architecture for Virtual Machines. in T Zia, A Zomaya, V Varadharajan & M Mao (eds), Security and privacy in communication networks: 9th International ICST Conference, SecureComm 2013 Sydney, NSW Australia, September 2013 Revised Selected Papers. Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering, vol. 127, Springer, Springer Nature, Cham, pp. 140-153, 9th International ICST Conference on Security and Privacy in Communication Networks (SecureComm), Sydney, Australia, 25/09/13.

Integrated Security Architecture for Virtual Machines. / Varadharajan, Vijay ; Tupakula, Udaya.

Security and privacy in communication networks: 9th International ICST Conference, SecureComm 2013 Sydney, NSW Australia, September 2013 Revised Selected Papers. ed. / Tanveer Zia; Albert Zomaya; Vijay Varadharajan; Morley Mao. Cham : Springer, Springer Nature, 2013. p. 140-153 (Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering; Vol. 127).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution

TY - GEN

T1 - Integrated Security Architecture for Virtual Machines

AU - Varadharajan, Vijay

AU - Tupakula, Udaya

PY - 2013

Y1 - 2013

N2 - Currently virtualisation technology is being deployed widely and there is an increasing interest on virtualisation based security techniques. There is a need for securing the life cycle of the virtual machine based systems. In this paper, we propose an integrated security architecture that combines access control, intrusion detection and trust management. We demonstrate how this integrated security architecture can be used to secure the life cycle of virtual machines including dynamic hosting and allocation of resources as well as migration of virtual machines across different physical servers. We discuss the implementation aspects of the proposed architecture and show how the architecture can counteract attack scenarios involving malicious users exploiting vulnerabilities to achieve privilege escalation and then using the compromised machines to generate further attacks.

AB - Currently virtualisation technology is being deployed widely and there is an increasing interest on virtualisation based security techniques. There is a need for securing the life cycle of the virtual machine based systems. In this paper, we propose an integrated security architecture that combines access control, intrusion detection and trust management. We demonstrate how this integrated security architecture can be used to secure the life cycle of virtual machines including dynamic hosting and allocation of resources as well as migration of virtual machines across different physical servers. We discuss the implementation aspects of the proposed architecture and show how the architecture can counteract attack scenarios involving malicious users exploiting vulnerabilities to achieve privilege escalation and then using the compromised machines to generate further attacks.

KW - Virtualisation

KW - Trusted computing

KW - Access Control

KW - Intrusion detection

KW - Security attacks

M3 - Conference proceeding contribution

SN - 9783319042824

T3 - Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering

SP - 140

EP - 153

BT - Security and privacy in communication networks

A2 - Zia, Tanveer

A2 - Zomaya, Albert

A2 - Varadharajan, Vijay

A2 - Mao, Morley

PB - Springer, Springer Nature

CY - Cham

ER -

Varadharajan V , Tupakula U. Integrated Security Architecture for Virtual Machines. In Zia T, Zomaya A, Varadharajan V, Mao M, editors, Security and privacy in communication networks: 9th International ICST Conference, SecureComm 2013 Sydney, NSW Australia, September 2013 Revised Selected Papers. Cham: Springer, Springer Nature. 2013. p. 140-153. (Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering).