In this paper, we propose an integrated security architecture which combines policy based access control with intrusion detection techniques and trusted computing technologies for securing distributed applications running on virtualised systems. Our security architecture incorporates access control security policies for secure interactions between applications and virtual machines in different physical virtualized servers. It provides intrusion detection and trusted attestation techniques to detect and counteract dynamic attacks in an efficient manner. We demonstrate how this integrated security architecture is used to secure the life cycle of virtual machines including dynamic hosting and allocation of resources as well as migration of virtual machines across different physical servers. We discuss the implementation of the developed architecture and show how the architecture can counteract attack scenarios involving malicious users exploiting vulnerabilities to achieve privilege escalation and then using the compromised machines to generate further attacks. The feedback between the various security components of our security architecture plays a critical role in detecting sophisticated, dynamically changing attacks, thereby increasing the resilience of the overall secure system.
- access control
- Integrated security architecture
- intrusion detection
- trusted computing