Virtualization technology is widely adopted in clouds to meet the requirements of rapid provision and on-demand scalability in cloud computing. Although virtualization improves the usage of hardware devices and flexibility, it brings new security challenges. Users face a new type of attacks, called inter-VM attack, which targets at the VMs running on the same physical machine. To eliminate the possible inter-VM attacks from competitors, we propose a centralized control mechanism based on the Chinese Wall security policy to forbid deploying and running the competitors' VMs on the same physical machines so that physical isolation is achieved. We build the Chinese Wall Central Management System (CWCMS) with the proposed centralized control mechanism in an internal-built experimental cloud. CWCMS effectively manages the VMs and enforce the Chinese Wall security policy in the cloud. Furthermore, CWCMS employs the graph coloring algorithm to achieve the better utilization of cloud resources.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.