| The development of cloud computing relies on virtualization. Virtualization is an abstract layer of the physical resources and provides interfaces for the OS to access the physical resources, which enables running multiple virtual machines on a single physical machine. Virtualization improves the utilization of physical resources and makes it easier for developers to test their applications. Furthermore, flexible resource allocation and the ability to auto-scale guarantee the availability of the system.That being said, virtualization also brings security concerns. For instance, sharing physical resources is prone to information leakage. The clone and rollback operations of virtual machines make the life cycle of data more complex. And network traffic within one physical machine is invisible to traditional network appliances such as firewalls.In this paper, we mainly study the access control of virtual network and we choose Xen as the virtualization platform. We analyze the mechanism and drawbacks of Xen virtual network and then we use Open vSwitch to replace Xen’s virtual bridge. We propose a framework for network access control in virtualized environment, which allows different administrators to write policies independently. Open vSwitch is modified to implement our framework. Then we propose a method to use physical devices to reduce the overhead of access control and experimental results show that this method can improve the performance of virtual network. Finally, we study how to update the access control policies when VM migration occurs so that the policies remain in effect after the VM has migrated to a different physical machine. |
PDF Full Text Request