Policy Driven Virtual Machine Monitor for Protected Grids

This paper advocates virtualization technology as a methodology to solve the security problems that an organization has to face when contributes with its resources to a grid. In particular, this technology makes it possible to increase the overall security of any system by inserting a set of controls into the code that implements one virtual machine. In this way, a secure cooperation among virtual machine can be implemented. This generalizes the current approach that exploits virtualization only for the confinement of alternative programming environments resulting from the partitioning of a physical machine into a set of non cooperating virtual machines. The ability to support cooperation among virtual machines may be used to define networks of cooperating virtual machines to execute distributed applications. The paper describes a general purpose approach to security based upon virtual networks of cooperating virtual machines and applies it to one of the most challenging problems: that of securing a grid environment.