Security and Integrity of a Distributed File Storage in a Virtual Environment

Virtual environment secure file system (VSFS) is a software architecture for secure file sharing among applications with different trust levels that consists of a set of interconnected virtual machines (VMs). Application VMs (APP-VMs) run the application processes that transparently access remote shared files hosted by file system VMs (FS-VMs). Each FS-VM implements a mandatory access control (MAC) security policy to control file sharing. To define and enforce this policy, VSFS uses SELinux. Each APP-VM is labeled with a security context paired with the IP address of the VM. FS-VMs use this context to check access rights of the APP-VMs with respect to the requested files and operations. A third set of VMs, the administrative VMs (A-VMs), provides assurance about the integrity of the FS-VMs and implements anti-spoofing techniques to authenticate each file request sent by the APP-VMs. After describing the overall architecture, we discuss the security and performance results of a first prototype. These first results show that the overhead due to mandatory access control is fairly acceptable.



Titolo: Security and Integrity of a Distributed File Storage in a Virtual Environment
Autori interni: 
BAIARDI, FABRIZIO
mostra contributor esterni 
Anno del prodotto: 2007
Abstract: Virtual environment secure file system (VSFS) is a software architecture for secure file sharing among applications with different trust levels that consists of a set of interconnected virtual machines (VMs). Application VMs (APP-VMs) run the application processes that transparently access remote shared files hosted by file system VMs (FS-VMs). Each FS-VM implements a mandatory access control (MAC) security policy to control file sharing. To define and enforce this policy, VSFS uses SELinux. Each APP-VM is labeled with a security context paired with the IP address of the VM. FS-VMs use this context to check access rights of the APP-VMs with respect to the requested files and operations. A third set of VMs, the administrative VMs (A-VMs), provides assurance about the integrity of the FS-VMs and implements anti-spoofing techniques to authenticate each file request sent by the APP-VMs. After describing the overall architecture, we discuss the security and performance results of a first prototype. These first results show that the overhead due to mandatory access control is fairly acceptable.
Handle: http://hdl.handle.net/11568/113679
ISBN: 9780769530529
Appare nelle tipologie:4.1 Contributo in Atti di convegno

File in questo prodotto:
Non ci sono file associati a questo prodotto.
Utilizza questo identificativo per citare o creare un link a questo documento:
http://hdl.handle.net/11568/113679
  • Citazioni
  • ND
  • ND
  • ND

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
 
 
 
Powered by IRIS-about IRIS-Utilizzo dei cookie
Logo CINECA  Copyright © 2020