Protectit

Abstract

Protecting shared sensitive information is a key requirement for today's distributed applications. Our research uses virtualization technologies to create and maintain trusted data paths across distributed machines, for the services being run and their information exchanges. For trusted data paths, runtime protection methods control what data is visible to which distributed services operating on it, guided by online monitoring that determines the levels of trust inherent in the paths' machines, services, and service actions. This paper presents a key functional element of trusted data paths, which is the ProtectIT interception mechanism for controlling the data exchanges between the different virtual machines running trusted services. ProtectIT can be applied to any communication and/or I/O performed by virtual machines, and because ProtectIT does not require application, middleware, or operating system modifications, it can be used to construct trusted data paths without the knowledge or consent of such entities. Further, since ProtectIT operates in virtual machines isolated from those used by applications, it is not subject to the attacks faced by services exposed to the open Internet. ProtectIT's functionality consists of dynamic protection rules represented as data filters applied to virtual machines' communications. Examples presented in this paper include email services for which ProtectIT's filters control data visibility to mail servers and clients, and unsecured virtual machine communications morphed into secure ones via ProtectIT-based message interception.