Secure Control Mechanism of Internal and External Data-flow Oriented to Virtual-desktop

Abstract

Abstract: The data interaction of desktop virtualization between internal application data and external user operation platform are realized by virtual desktop protocol.Because of the deficiency of the data flow control mechanism in this kind of protocol,it may lead to the illegal interaction.In order to resolve this problem,based on gateway,this paper proposed a secure control mechanism of internal and external data-flow oriented to virtual-desktop.It not only has the overall control of virtual channel,avoiding modifying lots of transport protocols or terminals,but also has high compatibilities,expansibilities and usability.Deploying it at the gateway to protect from boundaries attack can reduce the server load and safety concerns significantly.Experiments prove that this mechanism can control the direction of data flow effectively.Meanwhile,it has little impact on existing desktop session.

Key words: Desktop virtualization,Virtual desktop protocol,Secure control mechanism,Internal and external dataflow

DENG Xiao-xiao, LU Chuan and MA Wei. Secure Control Mechanism of Internal and External Data-flow Oriented to Virtual-desktop[J].Computer Science, 2016, 43(4): 122-126.

References

[1] The Greaves Group.Virtualization in education[M].USA:IBM,October 2007
[2] Cloud Security Alliance.Security guidance for critical areas offocus in cloud computing v3.0[EB/OL].2014-11.http://www.cloudsecurityalliance.org/csaguide.pdf
[3] Zheng Xing-yan.The Design and Implementation of SecurityVirtual Desktop System[D].Beijing:Beijing Jiaotong University,2012(in Chinese) 郑兴艳.安全虚拟桌面系统的设计与实现[D].北京:北京交通大学,2012
[4] Wu Jie-wei,Wang Jia-jun,Qi Zheng-wei,et al.SRIDesk:A St-reaming based Remote Interactivity Architecture for Desktop Virtualization System[C]∥IEEE Symposium on Computers and Communications (ISCC).2013:281-286
[5] Zhang Yu-meng,Ren Feng-yuan.Congestion Integrated Control in Virtualized Cloud[C]∥International Conference on Progress in Informatics and Computing (PIC).2014:486-492
[6] Liu Su-na.Research and Implementation of BLP Based Network Accesss Control Mechanism on Virtualization Platform[D].Shanghai:Shanghai Jiaotong University,2011(in Chinese) 刘苏娜.虚拟化平台下基于BLP的网络访问控制机制研究与实现[D].上海:上海交通大学,2011
[7] Lai Ying-xu,Hu Shao-long,Yang Zhen.Research of securitytechnology based on virtualization[J].Journal of University of Science and Technology of China,2014,1(10):907-914(in Chinese) 赖英旭,胡少龙,杨震.基于虚拟机的安全技术研究[J].中国科学技术大学学报,2011,1(10):907-914
[8] Wang Xiao-rui,Wang Qing-xian,Guo Yu-dong.Design of Information Flow in Collaborative-VMM[C]∥4th IEEE InternationalConference on Software Engineering and Service Science (ICSESS).2013:124-129
[9] Wu Yue,Liu Xiao-dong,Duan Yi-zhen.Design and implementation of secure access control architecture of desktop virtualization[J].Computer Engineering and Design,2014,5(5):1572-1577(in Chinese) 武越,刘向东,段翼真.桌面虚拟化安全访问控制架构的设计与实现[J].计算机工程与设计,2014,5(5):1572-1577
[10] Cokder G.Xen Security Modules(XSM)[C]∥The Xen Summit of 2007.New York,2007
[11] Sailer R,Valdez E,Jaeger T,et al.sHype:Secure Hypervisor Ap-proach to Trusted Virtualized Systems:RC23511(W0502-006)[R].IBM,2005
[12] Bellovin S M.Virtual machines,virtual security[J].Communications of the ACM,2006,9(10):104-106
[13] Chen Da,Ma Wei,Li Xiao-yong.One-way Communication Me-chanism for Network Security Isolation and Information Exchange[J].Netinfo Security,2014,6(6):48-52(in Chinese) 陈达,马威,李晓勇.一种单向安全隔离与信息交换机制[J].信息网络安全,2014,6(6):48-52
[14] Bhatkalkar B J,Ramegowda.A unidirectional data-flow modelfor cloud data security with user involvement during data transit[C]∥International Conference on Communications and Signal Processing (ICCSP).2014:458-462
[15] Luo Xuan,Ma Sai,Jin Yao-hui.HADES:A compatible SDNbased network virtualization architecture[C]∥International Conference on Optical Internet 2014 (COIN).2014:1-2
[16] Battula L R.Network Security Function Virtualization(NSFV) towards Cloud computing with NFV Over Openflow infrastructure Challenges and novel approaches[C]∥International Conference on Advances in Computing,Communications and Informatics (ICACCI).2014:1622-1628
[17] Cen Zhi-song.Research and application design of RDP protocol[D].Guangzhou:South China University of Technology,2004(in Chinese) 岑志松.RDP协议的研究及其应用设计[D].广州:华南理工大学,2004
[18] Red Hat.Spice remote computing protocol definition v1.0 [EB/EL].2014-12.http://www.spice-space.org/docs/spice_protocol.pdf.2009
[19] Abrams M,LaPadula L,Eggers K.A generalized framework foraccess control[C]∥The 13th National Computer Security Conf.1990:36-42

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed

Comments

Recommended 0

No Suggested Reading articles found!