Abstract
As a remarkable realization of the simple idea ”Physical Separation”, the Lock-Keeper technology has been proven to be a practical approach to provide high-level security for a sensitive internal network by completely separating it with the less secure external network. The data exchange between the two separated networks is accomplished by the Lock-Keeper Secure Data Exchange software which is occupied by three PC-based Lock-Keeper components: INNER, OUTER and GATE. The SDE’s application modules on INNER and OUTER provide specific network services to the external world through normal network connections and organize the network traffic into Lock-Keeper-mode units which can be transferred through the Lock-Keeper by its SDE’s basic data exchange modules on INNER, OUTER and GATE. There is an extra data scanning module located on GATE to check the passing data contents. In this paper, a new implementation of the SDE software will be proposed based on the Virtual Machine technology. Application modules on INNER and OUTER are respectively replaced by some Virtual Machines. According to different requirements of corresponding applications, different configurations and resource assignments can be employed by these Virtual Machines. Such special-purpose Virtual Machines and their underlying host can be isolated from one another by the natural property of the Virtual Machine technology so that both the host and each single application can be easily restored in the case of destruction. In addition, a content scanning VM will be built on GATE to support offline scanning, configuration, updating and other useful extension.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Cheng, F., Meinel, C.: Research on the Lock-Keeper Technology: Architectures, Applications and Advancements. International Journal of Computer & Information Science 5(3), 236–245 (2004)
Lock-Keeper Website of Siemens AG in Switzerland: http://www.siemens.ch/
Lock-Keeper Website of Hasso-Plattner-Institute at University of Potsdam: http://www.hpi.uni-potsdam.de/~meinel/projects/lock-keeper.html
Varian, M.: VM and VM Community: Past, Present, and Future. SHARE 89 Sessions 9059-9061, pp. 3-25. Princeton University, NJ, USA (1997)
Smith, J.E.: The architecture of virtual machines. IEEE Computer 38(5), 32–38 (2005)
McEwan, W.: Virtual Machine Technologies and Their Application in the Delivery of ICT. In: Proceedings of the 15th Annual NACCQ (NACCQ’02), Hamilton, New Zealand, pp. 55–62 (2002)
Ing. Arjen C. Krap: Setting up a Virtual Network Laboratory with User-Mode Linux. In: Proceedings of the 4th International SANE Conference, Amsterdam, The Netherlands (2004)
Hing, G.: User-Mode Linux Virtual Honeynets: Design and Construction, Technical Report (2002)
Garfinkel, T., et al.: Terra: A Virtual Machine-Based Platform for Trusted Computing. In: Proceedings of ACM SOSP 2003, Bolton Landing, USA, pp. 193–206. ACM Press, New York (2003)
Dunlap, G.W., et al.: ReVir: Enabling Intrusion Anaysis through Virtual-Machine Logging and Replay. In: Proceedings of the 2002 Symposium on Operating Systems Design and Implementation (OSDI’02), Boston, USA (2002)
Edwards, M.J.: Internet Security with Windows NT. Duke Communications (1997)
Sugerman, J., et al.: Virtualizing I/O Devices on VMware Workstation’s Hosted Virtual Machine Monitor. In: Proceedings of the 5th USENIX Annual Technical Conference (USENIX’01), Boston, MA, USA (2001)
King, S.T., et al.: Operating system support for virtual machines. In: Proceedings of the 7th Annual USENIX Technical Conference (USENIX’03), Georgia, USA (2003)
Dike, J.: A User-Mode Port of the Linux Kernel. In: Proceedings of the 4th Annual Linux Showcase & Conference, Georgia, USA (2000)
Dike, J.: User-Mode Linux. In: Proceedings of the 5th Annual Linux Showcase & Conference, Oakland, California, USA (2001)
Website of VMware, Inc.: http://www.vmware.com/
Microsoft Corporation: Microsoft Virtual Server 2005 Technical Overview, White Paper (2004), available from: http://www.microsoft.com/
User mode linux core team User Mode Linux HOWTO (2005), available from: http://user-mode-linux.sourceforge.net/UserModeLinux-HOWTO.html
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Cheng, F., Meinel, C. (2007). Deployment of Virtual Machines in Lock-Keeper. In: Lee, J.K., Yi, O., Yung, M. (eds) Information Security Applications. WISA 2006. Lecture Notes in Computer Science, vol 4298. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71093-6_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-71093-6_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71092-9
Online ISBN: 978-3-540-71093-6
eBook Packages: Computer ScienceComputer Science (R0)