Enforcing virtualized systems security

Enforcing virtualized systems security

Show other versions (1)

Virtual machine technology is rapidly gaining acceptance as a fundamental building block in enterprise data centers. It is most known for improving efficiency and ease of management. However, the central issue of this technology is security. We propose in this thesis to enforce the security of virtu...

Full description

Bibliographic Details
Main Author: Benzina, Hedi
Language:ENG
Published: École normale supérieure de Cachan - ENS Cachan 2012
Subjects:
[INFO:INFO_OH] Computer Science/Other
[INFO:INFO_OH] Informatique/Autre
Sécurity
Virtualization
Security policies
Intrusion detection
Formal languages
Temporal languages
Online Access:http://tel.archives-ouvertes.fr/tel-00846513
http://tel.archives-ouvertes.fr/docs/00/84/65/13/PDF/Benzina2012.pdf
id ndltd-CCSD-oai-tel.archives-ouvertes.fr-tel-00846513
record_format oai_dc
spelling ndltd-CCSD-oai-tel.archives-ouvertes.fr-tel-008465132014-01-11T03:27:11Z http://tel.archives-ouvertes.fr/tel-00846513 2012DENS0085 http://tel.archives-ouvertes.fr/docs/00/84/65/13/PDF/Benzina2012.pdf Enforcing virtualized systems security Benzina, Hedi [INFO:INFO_OH] Computer Science/Other [INFO:INFO_OH] Informatique/Autre Sécurity Virtualization Security policies Intrusion detection Formal languages Temporal languages Virtual machine technology is rapidly gaining acceptance as a fundamental building block in enterprise data centers. It is most known for improving efficiency and ease of management. However, the central issue of this technology is security. We propose in this thesis to enforce the security of virtualized systems and introduce new approaches that deal with different security aspects related not only to the technology itself but also to its deployment and maintenance. We first propose a new architecture that offers real-time supervision of a complete virtualized architecture. The idea is to implement decentralized supervision on one single physical host. We study the advantages and the limits of this architecture and show that it is unable to react according to some new stealthy attacks. As a remedy, we introduce a new procedure that permits to secure the sensitive resources of a virtualized system and make sure that families of attacks can not be run at all. We introduce a variant of the LTL language with new past operators and show how policies written in this language can be easily translated to attack signatures that we use to detect attacks on the system. We also analyse the impact that an insecure network communication between virtual machines can have on the global security of the virtualized system. We propose a multilevel security policy model that covers almost all the network operations that can be performed by a virtual machine. We also deal with some management operations and introduce the related constraints that must be satisfied when an operation is performed. 2012-12-17 ENG PhD thesis École normale supérieure de Cachan - ENS Cachan
collection NDLTD
language ENG
sources NDLTD
topic [INFO:INFO_OH] Computer Science/Other
[INFO:INFO_OH] Informatique/Autre
Sécurity
Virtualization
Security policies
Intrusion detection
Formal languages
Temporal languages
spellingShingle [INFO:INFO_OH] Computer Science/Other
[INFO:INFO_OH] Informatique/Autre
Sécurity
Virtualization
Security policies
Intrusion detection
Formal languages
Temporal languages
Benzina, Hedi
Enforcing virtualized systems security
description Virtual machine technology is rapidly gaining acceptance as a fundamental building block in enterprise data centers. It is most known for improving efficiency and ease of management. However, the central issue of this technology is security. We propose in this thesis to enforce the security of virtualized systems and introduce new approaches that deal with different security aspects related not only to the technology itself but also to its deployment and maintenance. We first propose a new architecture that offers real-time supervision of a complete virtualized architecture. The idea is to implement decentralized supervision on one single physical host. We study the advantages and the limits of this architecture and show that it is unable to react according to some new stealthy attacks. As a remedy, we introduce a new procedure that permits to secure the sensitive resources of a virtualized system and make sure that families of attacks can not be run at all. We introduce a variant of the LTL language with new past operators and show how policies written in this language can be easily translated to attack signatures that we use to detect attacks on the system. We also analyse the impact that an insecure network communication between virtual machines can have on the global security of the virtualized system. We propose a multilevel security policy model that covers almost all the network operations that can be performed by a virtual machine. We also deal with some management operations and introduce the related constraints that must be satisfied when an operation is performed.
author Benzina, Hedi
author_facet Benzina, Hedi
author_sort Benzina, Hedi
title Enforcing virtualized systems security
title_short Enforcing virtualized systems security
title_full Enforcing virtualized systems security
title_fullStr Enforcing virtualized systems security
title_full_unstemmed Enforcing virtualized systems security
title_sort enforcing virtualized systems security
publisher École normale supérieure de Cachan - ENS Cachan
publishDate 2012
url http://tel.archives-ouvertes.fr/tel-00846513
http://tel.archives-ouvertes.fr/docs/00/84/65/13/PDF/Benzina2012.pdf
work_keys_str_mv AT benzinahedi enforcingvirtualizedsystemssecurity
_version_ 1716623432626470912

Similar Items