Integrated assessment and mitigation of physical and digital security threats: Case studies on virtualization

Virtualization is one of the enabling technologies of cloud computing. It turns once dedicated physical computing resources such as servers into digital resources that can be provisioned on demand. Cloud computing thus tends to replace physical with digital security controls, and cloud security must be understood in this context. In spite of extensive research on new hardware-enabled solutions such as trusted platforms, not enough is known about the actual physical-digital security trade-off in practice. In this paper, we review what is currently known about security aspects of the physical-digital trade-off, and then report on three case studies of private clouds that use virtualization technology, with the purpose of identifying generalizable guidelines for security trade-off analysis. We identify the important security properties of physical and digital resources, analyze how these have been traded off against each other in these cases, and what the resulting security properties were, and we identify limits to virtualization from a security point of view. The case studies show that physical security mechanisms all work through inertness and visibility of physical objects, whereas digital security mechanisms require monitoring and auditing. We conclude with a set of guidelines for trading off physical and digital security risks and mitigations. Finally, we show how our findings can be used to combine physical and digital security in new ways to improve virtualization and therefore also cloud security.

[1]  M. Jacob A personal communication , 1989 .

[2]  Dorothy E. Denning,et al.  Location-based authentication: Grounding cyberspace for better security , 1996 .

[3]  Philippe Golle,et al.  Preventing bots from playing online games , 2005, CIE.

[4]  S. Shankar Sastry,et al.  Secure Control: Towards Survivable Cyber-Physical Systems , 2008, 2008 The 28th International Conference on Distributed Computing Systems Workshops.

[5]  L. Floridi The Ontological Interpretation of Informational Privacy , 2005, Ethics and Information Technology.

[6]  Roel Wieringa,et al.  Security Implications of Virtualization: A Literature Study , 2009, 2009 International Conference on Computational Science and Engineering.

[7]  Bob Blakley,et al.  The Emperor's old armor , 1996, NSPW '96.

[8]  Roel Wieringa,et al.  Benefits of Location-Based Access Control: A Literature Study , 2010, 2010 IEEE/ACM Int'l Conference on Green Computing and Communications & Int'l Conference on Cyber, Physical and Social Computing.

[9]  Leendert van Doorn,et al.  Virtualization and Hardware-Based Security , 2008, IEEE Security & Privacy.

[10]  Stefan Berger,et al.  Security for the cloud infrastructure: Trusted virtual data center implementation , 2009, IBM J. Res. Dev..

[11]  Steven J. Vaughan-Nichols,et al.  Virtualization Sparks Security Concerns , 2008, Computer.

[12]  Michael T. Hoesing Virtualization Security Assessment , 2009, Inf. Secur. J. A Glob. Perspect..

[13]  Gene Kim Virtualisation: Seven steps to a secure virtual environment , 2008 .

[14]  G. B. Varnado,et al.  Critical Infrastructure Systems of Systems Assessment Methodology , 2006 .

[15]  A. Daneels,et al.  Современные SCADA-системы , 2017 .