Title :
A practical Chinese wall security model in cloud computing
Author :
Tsai, Tien-Hao ; Chen, Yen-Chung ; Huang, Hsiu-Chuan ; Huang, Pei-Ming ; Chou, Kuo-Sen
Author_Institution :
Inf. & Commun. Security Lab., Chunghwa Telecom Labs., Taoyuan, Taiwan
Abstract :
Virtualization technology is widely adopted in clouds to meet the requirements of rapid provision and on-demand scalability in cloud computing. Although virtualization improves the usage of hardware devices and flexibility, it brings new security challenges. Users face a new type of attacks, called inter-VM attack, which targets at the VMs running on the same physical machine. To eliminate the possible inter-VM attacks from competitors, we propose a centralized control mechanism based on the Chinese Wall security policy to forbid deploying and running the competitors´ VMs on the same physical machines so that physical isolation is achieved. We build the Chinese Wall Central Management System (CWCMS) with the proposed centralized control mechanism in an internal-built experimental cloud. CWCMS effectively manages the VMs and enforce the Chinese Wall security policy in the cloud. Furthermore, CWCMS employs the graph coloring algorithm to achieve the better utilization of cloud resources.
Keywords :
cloud computing; graph colouring; security of data; virtual machines; virtualisation; centralized control mechanism; cloud computing; cloud resources; graph coloring algorithm; interVM attacks; on demand scalability; practical Chinese wall security model; virtualization technology; Centralized control; Cloud computing; Color; Hardware; Security; Servers; Virtual machine monitors; Chinese Wall security policy; Cloud; Virtualization;
Conference_Titel :
Network Operations and Management Symposium (APNOMS), 2011 13th Asia-Pacific
Conference_Location :
Taipei
Print_ISBN :
978-1-4577-1668-3
DOI :
10.1109/APNOMS.2011.6076992
