VNSS: A network security sandbox for virtual computing environment

Abstract

With the number of applications running upon the virtualized system increased, the virtual network circumstance becomes more and more complicated; the consequent security problems thereby have been a concern for industrial and academic fields. However, the current solutions are mostly confined to the enforcement of several patchy-works on system which still requires proficient hacking skills for administrators and cannot ensure continuous protection for VM, resulting in potential security risks. In this paper we present a framework (VNSS) which provides both guarantee of distinct security level requirement and full-lifecycle protection for VM. We have implemented a prototype system based on Xen hypervisor to evaluate our framework. The experiment results demonstrate that our framework can provide continuous protection for virtual network environment.