A Network Access Security Scheme for Virtual Machine

Abstract

AbstractVirtual machines have been widely adopted as servers nowadays. They have essential difference with physical machine. We can utilize the feature of virtual machine to let them be safer and resist an attack from Trojan and hackers. This paper introduces a kind of network access security scheme, which deploys the execution of security strategy outside virtual machine and monitors virtual machine’s access to security-sensitive device. The measurements above can transfer the control for key hardware from upper Guest OS to host a platform. Even if Guest OS is affected by virus or Trojan, host can still effectively monitor the network communication of upper virtual machine. In this project, software running in Host OS is programmed to realize the scheme introduced above, it monitors the network communication of virtual machine according to the rules written in XML format. The software can prevent Guest OS or an application running on the virtual machine from communicating with designated domain or IP address successfully, which verifies the effectiveness of the proposed security scheme.KeywordsVirtual MachineData PacketNetwork AccessNetwork Address TranslationPacket ProcessThese keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.