Towards Multi–Layer Trusted Virtual Domains

We address the fine-grained control of information flow between distributed applications to protect transactions. Confining transactions in distributed untrusted environments is crucial for Web services, distributed computing, and most e-commerce applications relying on those technologies. Applications must be protected from rogue peer applications but at the same time applications need to communicate to selected peer applications to implement transactions and distributed services. We propose a solution based on Trusted Virtual Domains (TVD), which represent a new model for achieving IT and business security. TVDs are designed to satisfy business-level goals by simplifying management and providing explicit infrastructure-level containment and trust guarantees. TVDs can be applied to different layers within a system. We consider here TVDs for the virtual machine monitor (VMM) as well as at the application level. Combining protection in those layers is especially useful for systems that intersect multiple virtual machines and need to separate information flow at the applications level. In this contribution, we briefly describe the design and the prototype implementations of TVDs at the application and VMM levels. We focus on implications of the layering of these two TVDs to achieve consistent trust and confinement properties across distributed applica-