Using a virtual machine to protect sensitive Grid resources
dc.contributor.author | Zhao, Xin | en_US |
dc.contributor.author | Borders, Kevin R. | en_US |
dc.contributor.author | Prakash, Atul | en_US |
dc.date.accessioned | 2007-09-20T19:12:38Z | |
dc.date.available | 2008-10-01T18:44:41Z | en_US |
dc.date.issued | 2007-09-25 | en_US |
dc.identifier.citation | Zhao, Xin; Borders, Kevin; Prakash, Atul (2007)."Using a virtual machine to protect sensitive Grid resources." Concurrency and Computation: Practice and Experience 19(14): 1917-1935. <http://hdl.handle.net/2027.42/56163> | en_US |
dc.identifier.issn | 1532-0626 | en_US |
dc.identifier.issn | 1532-0634 | en_US |
dc.identifier.uri | https://hdl.handle.net/2027.42/56163 | |
dc.description.abstract | Most Grid systems rely on their operating systems (OSs) to protect their sensitive files and networks. Unfortunately, modern OSs are very complex and it is difficult to completely avoid intrusions. Once intruders compromise the OS and gain system privilege, they can easily disable or bypass the OS security protections. This paper proposes a secure virtual Grid system, SVGrid, to protect sensitive system resources. SVGrid works by isolating Grid applications in Grid virtual machines. The Grid virtual machines' filesystem and network services are moved into a dedicated monitor virtual machine. All file and network accesses are forced to go through this monitor virtual machine, where SVGrid checks request parameters and only accepts the requests that comply with security rules. Because SVGrid enforces security policy in the isolated monitor virtual machine, it can continue to protect sensitive files and networks even if a Grid virtual machine is compromised. We tested SVGrid against attacks on Grid virtual machines. SVGrid was able to prevent all of them from accessing files and networks maliciously. We also evaluated the performance of SVGrid and found that performance cost was reasonable considering the security benefits of SVGrid. Furthermore, the experimental results show that the virtual remote procedure call mechanism proposed in this paper significantly improves system performance. Copyright © 2006 John Wiley & Sons, Ltd. | en_US |
dc.format.extent | 252261 bytes | |
dc.format.extent | 3118 bytes | |
dc.format.mimetype | application/pdf | |
dc.format.mimetype | text/plain | |
dc.publisher | John Wiley & Sons, Ltd. | en_US |
dc.subject.other | Computer Science | en_US |
dc.title | Using a virtual machine to protect sensitive Grid resources | en_US |
dc.type | Article | en_US |
dc.rights.robots | IndexNoFollow | en_US |
dc.subject.hlbsecondlevel | Computer Science | en_US |
dc.subject.hlbtoplevel | Engineering | en_US |
dc.description.peerreviewed | Peer Reviewed | en_US |
dc.contributor.affiliationum | University of Michigan, 2260 Hayward, Ann Arbor, MI 48109-2121, U.S.A. ; University of Michigan, 2260 Hayward, Ann Arbor, MI 48109-2121, U.S.A. | en_US |
dc.contributor.affiliationum | University of Michigan, 2260 Hayward, Ann Arbor, MI 48109-2121, U.S.A. | en_US |
dc.contributor.affiliationum | University of Michigan, 2260 Hayward, Ann Arbor, MI 48109-2121, U.S.A. | en_US |
dc.description.bitstreamurl | http://deepblue.lib.umich.edu/bitstream/2027.42/56163/1/1134_ftp.pdf | en_US |
dc.identifier.doi | http://dx.doi.org/10.1002/cpe.1134 | en_US |
dc.identifier.source | Concurrency and Computation: Practice and Experience | en_US |
dc.owningcollname | Interdisciplinary and Peer-Reviewed |
Files in this item
Remediation of Harmful Language
The University of Michigan Library aims to describe library materials in a way that respects the people and communities who create, use, and are represented in our collections. Report harmful or offensive language in catalog records, finding aids, or elsewhere in our collections anonymously through our metadata feedback form. More information at Remediation of Harmful Language.
Accessibility
If you are unable to use this file in its current format, please select the Contact Us link and we can modify it to make it more accessible to you.