Virtual environment secure file system (VSFS) is a software architecture for secure file sharing among applications with different trust levels that consists of a set of interconnected virtual machines (VMs). Application VMs (APP-VMs) run the application processes that transparently access remote shared files hosted by file system VMs (FS-VMs). Each FS-VM implements a mandatory access control (MAC) security policy to control file sharing. To define and enforce this policy, VSFS uses SELinux. Each APP-VM is labeled with a security context paired with the IP address of the VM. FS-VMs use this context to check access rights of the APP-VMs with respect to the requested files and operations. A third set of VMs, the administrative VMs (A-VMs), provides assurance about the integrity of the FS-VMs and implements anti-spoofing techniques to authenticate each file request sent by the APP-VMs. After describing the overall architecture, we discuss the security and performance results of a first prototype. These first results show that the overhead due to mandatory access control is fairly acceptable.
Security and Integrity of a Distributed File Storage in a Virtual Environment
BAIARDI, FABRIZIO;G. SALA
2007-01-01
Abstract
Virtual environment secure file system (VSFS) is a software architecture for secure file sharing among applications with different trust levels that consists of a set of interconnected virtual machines (VMs). Application VMs (APP-VMs) run the application processes that transparently access remote shared files hosted by file system VMs (FS-VMs). Each FS-VM implements a mandatory access control (MAC) security policy to control file sharing. To define and enforce this policy, VSFS uses SELinux. Each APP-VM is labeled with a security context paired with the IP address of the VM. FS-VMs use this context to check access rights of the APP-VMs with respect to the requested files and operations. A third set of VMs, the administrative VMs (A-VMs), provides assurance about the integrity of the FS-VMs and implements anti-spoofing techniques to authenticate each file request sent by the APP-VMs. After describing the overall architecture, we discuss the security and performance results of a first prototype. These first results show that the overhead due to mandatory access control is fairly acceptable.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.