XNetMon: Uma Arquitetura com Segurança para Redes Virtuais

Natalia Castro FernandesOtto Carlos Muniz Bandeira Duarte

Isolation is essential to secure any virtualized environment sharing a common resource, and virtual networks are no different. Resource sharing with isolation prevents malicious virtual routers from consuming all physical resources and disturbing the performance of other virtual networks sharing the same machine. We propose a new architecture for Xen that provides isolation during the access of shared resources. A secure mechanism is designed to monitor the access of shared resources and to punish virtual routers that misbehave, guaranteeing an isolated operation of the virtual networks. In order to secure the control of virtual networks, we propose a communication protocol between the virtual routers and the administrative domain that prevents malicious virtual routers from affecting the forwarding table of other virtual routers. We developed a prototype and our experiments show that the proposed architecture guarantees the availability of the virtual-network control service, and provides a better resource sharing than known mechanisms, allowing complete isolation among virtual networks.

Caso o link acima esteja inválido, faça uma busca pelo texto completo na Web: Buscar na Web

Biblioteca Digital Brasileira de Computação - Contato:
     Mantida por: