Providing Security for Virtual Datacentres

This paper provides technique for realising integrity and isolation in virtual systems. This is achieved by supporting a logical cages model, in particular for virtualised datacentres, based on a concept called Trusted Virtual Domains or TVDs [5]. Based on previous work, paper describes a security management framework that helps to realise the abstraction of TVDs by guaranteeing reliable isolation and flow control between domain boundaries. The proposed framework employs networking and storage virtualisation technologies as well as Trusted Computing for policy verification. The main contributions are (1) combining these technologies to realise TVDs and (2) orchestrating them through a management framework that automatically enforces isolation among different zones. In particular, this solution aims at automating the verification, instantiation and deployment of the appropriate security mechanisms and virtualisation technologies based on an input security model, which specifies the required level of isolation and permitted information flows.