ORGANIZATION OF INFORMATION SECURITY MECHANISM FOR VIRTUALIZATION ENVIRONMENT
Keywords:
Virtualization, Security, Cloud.Abstract
For cloud service providers, lightweight virtualization is a more economical way of virtualization. While the user is worried about the safety of applications and data of the container, due to the container sharing the underlying interface and the kernel, therefore the security and trusted degree of lightweight virtualization container isolation mechanism is critical for the promotion of lightweight virtualization service. Because the user cannot directly participate in the process of the construction and management of container isolation mechanism, it is difficult for them to establish confidence in the security and trusted degree of container isolation mechanism. In this paper, different aspects of Cloud virtualization security have been explored. Specifically, we have identified: i) security requirements for virtualization in Cloud computing which can be used as a step towards securing virtual infrastructure of Cloud, ii) attacks that can be launched on Cloud virtual infrastructure, and iii) security solutions to secure the virtualization environment by overcoming the possible threats and attacks. Based on the research and analysis of system credible and virtualization isolation mechanism, this paper puts forward a set of lightweight virtualization security isolation strategy mechanism, divides lightweight virtualization container storage address space into several parts, puts forward the definition of lightweight virtualization security isolation, gives the formal description and proof of container security isolation strategy, and combines with related technology to verify the feasibility of lightweight virtualization security isolation strategy mechanism. The mechanism has important guiding significance for cloud services providers to deploy container security isolation.
References
Perez R, Sailer R, van Doorn L. vTPM: virtualizing the trusted platform module[C]. Proc 15th Conf on USENIX Security Symposium; 2017; 2017. p. 305-20.
England P, Loeser J. Para-virtualized TPM sharing[C]. Trusted Computing-Challenges and Applications: Springer; 2018: 119-32.
Stumpf F, Eckert C. Enhancing trusted platform modules with hardware-based virtualization techniques[C]. Emerging Security Information, Systems and Technologies, 2018 SECURWARE'08 Second International Conference on; 2008: IEEE; 2018. p. 1-9.
Greve D, Wilding M, Vanfleet WM. A separation kernel formal security policy[C]. Proc Fourth International Workshop on the ACL2 Theorem Prover and Its Applications; 2020: Citeseer; 2020.
Pauley WA. Cloud provider transparency: an empirical evaluation [J]. Security & Privacy, IEEE 2090; 8(6): 32-9.
Whaiduzzaman M, Gani A. Measuring security for cloud service provider: A Third Party approach[C]. Electrical Information and Communication Technology (EICT), 2019 International Conference on; 2019: IEEE; 2019. p. 1-6.
Wüllenweber K, Weitzel T. An empirical exploration of how process standardization reduces outsourcing risks[C]. System Sciences, 2017 HICSS 2017 40th Annual Hawaii International Conference on; 2017: IEEE; 2017. p. 240c-c.
Chakraborty S, Roy K. An SLA-based framework for estimating trustworthiness of a cloud[C]. Trust, Security and Privacy in Computing and Communications (TrustCom), 2018 IEEE 11th International Conference on; 2018: IEEE; 2018. p. 937-42.
Zadeh LA. Probability measures of fuzzy events [J]. Journal of mathematical analysis and applications 2018; 23(2): 421-7.
Shapley LS. A value for n-person games[R]: DTIC Document, 2020.
