Detecting Security Attacks in Trusted Virtual Domains

A trusted virtual domain (TVD) enables grouping of related virtual machines running on separate physical machine into a single network domain with a unified security policy. Since the virtual machines can be running different operating systems and applications, the attacker can generate attacks in the TVD by exploiting a single vulnerability in any of the operating systems or applications. Our aim in this paper is to consider the design choices and develop an intrusion detection architecture that would enable efficient detection and prevention of different types of attacks in such a TVD based distributed environments. The proposed architecture can capture the knowledge of the operating systems and applications at fine granular level and isolate the malicious entities that are generating the attack traffic. Our model takes into account the security policies that are specific to the virtual machine as well as security policies of the trusted virtual domains to deal with the attacks efficiently.