A Trusted Virtual Domain (TVD) is a coalition of virtual machines and resources (e.g., network, storage) that are distributed over multiple physical platforms and share a common security policy. The concept of TVDs and their usage scenarios have been studied extensively. However, details on certain implementation aspects have not been explored in depth yet, such as secure policy deployment and integration of heterogeneous virtualization and trusted computing technologies. In this paper, we present implementation aspects of the life cycle management of TVDs. We describe the components and protocols necessary to realize the TVD design on a cross-platform architecture and present our prototype implementation for the Xen and L4 microkernel platforms. In particular, we discuss the need for and the realization of intra-TVD access control, a hypervisor abstraction layer for simplified TVD management, necessary components of a TVD policy and revocation issues. We believe that these integration details are essential and helpful inputs for any large-scale real-world deployment of TVD.

Trusted Virtual Domains - Design, Implementation and Lessons Learned / Catuogno, L.; Dmitrienko, A.; Eriksson, K.; Kuhlmann, D.; Ramunno, Gianluca; Sadeghi, A. R.; Schulz, S.; Schunter, M.; Winandy, M.; Zhan, J.. - STAMPA. - 6163:(2010), pp. 156-179. (Intervento presentato al convegno First International Conference, INTRUST 2009 tenutosi a Beijing (CN) nel December 17-19, 2009) [10.1007/978-3-642-14597-1_10].

Trusted Virtual Domains - Design, Implementation and Lessons Learned

RAMUNNO, GIANLUCA;
2010

Abstract

A Trusted Virtual Domain (TVD) is a coalition of virtual machines and resources (e.g., network, storage) that are distributed over multiple physical platforms and share a common security policy. The concept of TVDs and their usage scenarios have been studied extensively. However, details on certain implementation aspects have not been explored in depth yet, such as secure policy deployment and integration of heterogeneous virtualization and trusted computing technologies. In this paper, we present implementation aspects of the life cycle management of TVDs. We describe the components and protocols necessary to realize the TVD design on a cross-platform architecture and present our prototype implementation for the Xen and L4 microkernel platforms. In particular, we discuss the need for and the realization of intra-TVD access control, a hypervisor abstraction layer for simplified TVD management, necessary components of a TVD policy and revocation issues. We believe that these integration details are essential and helpful inputs for any large-scale real-world deployment of TVD.
2010
9783642145964
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2298000
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo