More Web Proxy on the site http://driver.im/

research-article

Effects of virtualization on information security

Authors:

Shih-Chih Chen,

Patrick S. Chen,

Chien-Chuan ChoAuthors Info & Claims

Computer Standards & Interfaces, Volume 42, Issue C

Pages 1 - 8

https://doi.org/10.1016/j.csi.2015.03.001

Published: 01 November 2015 Publication History

Abstract

Virtualization provides the essential assistance to save energy & resources and also simplify the required information management. However, the information security issues have increasingly become a serious concern. This study investigates the post-virtualization business security landscape related to system security. A questionnaire is developed based on 133 control management principles of ISO/IEC 27001 standard and a sampling technique is employed to collect responses from IT professionals with an understanding of virtualization information environment. The obtained findings suggest that virtualization may be beneficial to certain industrial sectors in handling the issues of information security. To investigates the post-virtualization business security landscapeImplementation of virtualization may be beneficial to information security.Virtualization may securely benefit certain industrial sectors.For the IT and automobile industries, virtualization also has a significant influence.

References

[1]

D. Ary, L. Jacobs, A. Razavieh, Introduction to Research in Education, Wadsworth Publishing, New York, NY, 2005.

[2]

M. Bogicevic, I. Milenkovic, D. Simic, Identity management-a survey, 2014.

[3]

A. Calder, Implementing Information Security Based on ISO 27001/ISO 27002, Van Haren Publishing, Zaltbommel, NL, 2012.

[4]

T. Carlson, Understanding ISO 27001. http://www.orangeparachute.com/documents/Understanding_ISO_27001.pdf

[5]

M. Carpenter, Integrated security risk management solution is a key to protecting government networks, Homel. Def. J., 5 (2007) 40-41.

[6]

E. Casey, G.J. Stellatos, The impact of full disk encryption on digital forensics, ACM SIGOPS Oper. Syst. Rev., 42 (2008) 93-98.

Digital Library

[7]

Q. Chen, R. Xin, Optimizing enterprise IT infrastructure through virtual server consolidation, in: Proc. 2005 Inf. Sci. IT Educ. Joint Conf., 19, 2005.

[8]

R.M. Chen, K.T. Hsieh, Effective allied network security system based on designed scheme with conditional legitimate probability against distributed network attacks and intrusions, Int. J. Commun. Syst., 25 (2012) 672-688.

Digital Library

[9]

S. Chiasson, C. Deschamps, E. Stobert, M. Hlywa, B.F. Machado, A. Forget, R. Biddle, The MVP Web-based Authentication Framework. Financial Cryptography and Data Security (pp. 16-24), Springer, Berlin, DE, 2012.

[10]

N.M. Chowdhury, R. Boutaba, A survey of network virtualization, Comput. Netw., 54 (2010) 862-876.

Digital Library

[11]

M. Christodorescu, R. Sailer, D.L. Schales, D. Sgandurra, D. Zamboni, Cloud security is not (just) virtualization security: a short paper, in: Proc. 2009 ACM Wkshp. Cloud Comput. Secur, 2009, pp. 97-102.

Digital Library

[12]

S. De Haes, W. Van Grembergen, R.S. Debreceny, COBIT 5 and enterprise governance of information technology: building blocks and research opportunities, J. Inf. Syst., 27 (2013) 307-324.

[13]

M. Egele, T. Scholte, E. Kirda, C. Kruegel, A survey on automated dynamic malware-analysis techniques and tools, ACM Comput. Surv. (CSUR), 44 (2012) 6.

Digital Library

[14]

B. Elisa, S. Ravi, Database security-concepts, approaches, and challenges, IEEE Trans. Dependable Secur. Comput., 2 (2005) 2-19.

Digital Library

[15]

Enterprise Strategy Group, ESG Research Brief: 2011 Virtualization Software Spending Trends. http://www.enterprisestrategygroup.com/2011/02/esg-research-brief-2011- virtualization-software-spending-trends/

[16]

D.G. Feng, M. Zhang, Y. Zhang, Z. Xu, Study on cloud computing security, J. Softw., 22 (2011) 71-83.

[17]

B. Grobauer, T. Walloschek, E. Stocker, Understanding cloud computing vulnerabilities, IEEE Secur. Priv., 9 (2011) 50-57.

Digital Library

[18]

J.F. Hair, W.C. Black, B.J. Babin, R.E. Anderson, Multivariate Data Analysis: A Global Perspective, Pearson Prentice Hall, Upper Saddle River, NJ, 2010.

[19]

D.A. Haworth, L.R. Pietron, Sarbanes-Oxley: achieving compliance by starting with ISO 17799, Inf. Syst. Manag., 23 (2006) 73-87.

[20]

S.N. Haynes, D.C.S. Richard, E.S. Kubany, Content validity in psychological assessment: a functional approach to concepts and methods, Psychol. Assess., 7 (1995) 238-247.

[21]

K.J. Higgins, VMs create potential risks. http://www.darkreading.com/security/security-management/208804369/index.html

[22]

M.T. Hoesing, Virtualization security assessment, Inf. Secur. J.: Glob. Perspect., 18 (2009) 124-130.

[23]

C.T. Hsieh, Strategies for successfully implementing a virtualization project: a case with VMware, Commun. IIMA, 8 (2014) 1.

[24]

Y.L. Huang, B. Chen, M.W. Shih, C.Y. Lai, Security impacts of virtualization on a network testbed, in: Proc. SERE 2012, 2012, pp. 71-77.

[25]

S. Iizuka, K. Ogawa, S. Nakajima, Factors affecting user reassurance when handling information in a public work environment, Int. J. Hum. Comput. Interact., 23 (2007) 163-183.

[26]

International Organization for Standardization, ISO/IEC 27001: 2005. http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=42103

[27]

B. Johnson, L. Christensen, Educational Research: Quantitative, Qualitative, and Mixed Approaches, Pearson, New York, NY, 2004.

[28]

T.A. Johnson, Server virtualization: information security considerations, in: Information Security Management Handbook, 6, 2012, pp. 101.

[29]

T. Jones, Discover the Linux Kernel Virtual Machine. http://www-128.ibm.com/developerworks/linux/library/l-linux-kvm/

[30]

M. Kallahalla, M. Uysal, D. Swaminathan, E. Nigel, C.I. Dalton, F. Gittler, SoftUDC: a software-based data center for utility computing, IEEE Comput. Soc., 37 (2004) 38-46.

Digital Library

[31]

G. Khanna, Y. Beaty, G. Kar, A. Kochut, Application performance management in virtualized server environments, in: Proc. 10th IEEE/IFIP Netw. Oper. Manage. Symp, 2006, pp. 373-381.

[32]

M.A. Khoshkholghi, A. Abdullah, R. Latip, S. Subramaniam, M. Othman, Disaster recovery in cloud computing: a survey, Comput. Inf. Sci., 7 (2014) 39.

[33]

G. Kovacich, ISSO career development, Comput. Secur., 16 (1997) 455-468.

Digital Library

[34]

C.H. Lawshe, A quantitative approach to content validity, Pers. Psychol., 28 (1975) 563-575.

[35]

G. Lawton, Virus wars: fewer attacks, new threats, Computer, 35 (2002) 22-24.

Digital Library

[36]

J. Li, B. Li, T. Wo, C. Hu, J. Huai, L. Liu, K.P. Lam, CyberGuarder: a virtualization security assurance architecture for green cloud computing, Futur. Gener. Comput. Syst., 28 (2012) 379-390.

Digital Library

[37]

Q. Li, C. Yang, Development trends of MIS based on cloud computing environment, in: 2010 Int. Symp. Inf. Sci. Eng. (ISISE), 2010, pp. 145-148.

[38]

T.E. Lindquist, K.A. Gary, H.E. Koehnemann, H. Naccache, Component framework for web-based learning environments, Front. Educ. Conf., 2 (1999) 23-28.

[39]

W. Liu, Software protection with encryption and verification, Springer, Berlin, DE, 2012.

[40]

P.Y. Logan, S.W. Logan, Bitten by a bug: a case study in malware infection, J. Inf. Syst. Educ., 14 (2003) 301-305.

[41]

F. Lombardi, R. Di Pietro, Secure virtualization for cloud computing, J. Netw. Comput. Appl., 34 (2011) 1113-1122.

Digital Library

[42]

R.M. Magalhaes, Security and virtualization. http://www.windowsecurity.com/articles/Security-Virtualization.html

[43]

D. Marshall, Top 10 benefits of server virtualization, InfoWorld, 2 (2011).

[44]

A. Menon, A.L. Cox, W. Zwaenepoel, Optimizing network virtualization in Xen, in: Proc. USENIX Annual Tech. Conf, 2006, pp. 15-28.

[45]

I. Mevag, Towards Automatic Management and Live Migration of Virtual Machines, University of Oslo, Norway, 2007.

[46]

Personnel system identifies commendable actions and problematic trends, in: TechBeat Dated: Winter 2013, 2013, pp. 14.

[47]

J.C. Nunnally, I.H. Bernstein, Psychometric Theory, McGraw-Hill, New York, NY, 1994.

[48]

M. Nyanchama, Enterprise vulnerability management and its role in information security management, Inf. Secur. J.: A Glob. Perspect., 14 (2005) 29-56.

[49]

R. Oppliger, Internet security: firewalls and beyond, Commun. ACM, 40 (1997) 92-102.

Digital Library

[50]

J. Park, B. Noh, Web attack detection: classifying parameter information according to dynamic web page, Int. J. Web Serv. Pract., 2 (2006) 68-74.

Digital Library

[51]

J. Pauli, The Basics of Web Hacking: Tools and Techniques to Attack the Web, Elsevier, Amsterdam, NL, 2013.

[52]

C.L. Pritchard, Risk Management: Concepts and Guidance, ESI International, Arlington, VA, 2010.

[53]

Y. Qi, B. Yang, B. Xu, J. Li, Towards system-level optimization for high performance unified threat management, Int. Conf. Netw. Serv. (INCS), 7 (2007).

[54]

E. Ray, E. Schultz, Virtualization security, in: Proc. 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, 2009.

[55]

K. Renauda, Quantifying the quality of web authentication mechanisms: a usability perspective, J. Web Eng., 3 (2004) 95-123.

[56]

G. Ridley, J. Young, P. Carroll, COBIT and its utilization: a framework from the literature, in: Proc. 37th Annu. Hawaii Int. Conf. Syst. Sci., 8, 2004.

[57]

F. Sabahi, Virtualization-level security in cloud computing, in: Proc. IEEE 3rd International Conference on Communication Software and Networks (ICCSN), 2011, pp. 250-254.

[58]

D. Shackleford, Virtualization Security: Protecting Virtualized Environments, John Wiley & Sons, New York, NY, 2012.

[59]

D.H. Shin, The dynamic user activities in massive multiplayer online role-playing games, Int. J Human-Comput. Interact., 26 (2010) 317-344.

[60]

D.H. Shin, Y.J. Shin, Consumers' trust in virtual mall shopping: the role of social presence and perceived security, Int. J Human-Comput. Interact., 27 (2011) 450-475.

[61]

H. Shiravi, A. Shiravi, A.A. Ghorbani, A survey of visualization systems for network security, IEEE Trans. Vis. Comput. Graph., 18 (2012) 1313-1329.

Digital Library

[62]

E. Shmueli, R. Vaisenberg, Y. Elovici, C. Glezer, Database encryption: an overview of contemporary challenges and design considerations, ACM SIGMOD Rec., 38 (2010) 29-34.

Digital Library

[63]

A. Singh, An introduction to virtualization. http://www.kernelthread.com/publications/virtualization/

[64]

A. Singh, M. Korupolu, D. Mohapatra, Server-storage virtualization: integration and load balancing in data centers, in: Conf. High Perform. Netw. Comput, 2008.

[65]

J.C. Song, J.W. Ryu, B.J. Moon, H.K. Jung, Strategy for adopting server virtualization in the public sector, J. Inf. Commun. Converg. Eng., 10 (2012) 61-65.

[66]

Symantec, Information security trends forecast. http://protectyoursecrets.symantec.com/zh/tw/about/news/release/article.jsp?prid=20090202_02

[67]

C.W. Thompson, D.R. Thompson, Identity management, IEEE Internet Comput., 11 (2007) 82-85.

Digital Library

[68]

H.N. Van, F.D. Tran, J.M. Menaud, Performance and power management for cloud infrastructures, in: Proc. IEEE 3rd International Conference on Cloud Computing, 2010, pp. 329-336.

Digital Library

[69]

S.J. Vaughan-Nichols, Virtualization sparks security concerns, Computer, 41 (2008) 13-15.

Digital Library

[70]

Q. Wang, W. Wu, Y. Gu, The application of Lucene in information leakage monitoring and querying system, in: IEEE 2010 2nd International Conference on Information Engineering and Computer Science (ICIECS, 2010, pp. 1-4.

[71]

X. Wang, J. Luo, M. Yang, Z. Ling, A potential HTTP-based application-level attack against Tor, Futur. Gener. Comput. Syst., 27 (2011) 67-77.

Digital Library

[72]

T. Yokoyama, M. Hanaoka, M. Shimamura, K. Kono, Simplifying security policy descriptions for internet servers in secure operating systems, in: Proc. 2009 ACM Symp. Appl. Comput, 2009, pp. 326-333.

[73]

G.U.I. Yong-Hong, Study and Applications of Operation System Security Baseline, 2011.

[74]

O. Yoshihiko, Y. Tetsu, Server virtualization technology and its latest trends, Fujitsu Sci. Tech. J., 44 (2008) 46-52.

[75]

I.X. Zhang, Economic consequences of the Sarbanes-Oxley Act of 2002, J. Account. Econ., 44 (2007) 74-115.

[76]

D. Zissis, D. Lekkas, Addressing cloud computing security issues, Futur. Gener. Comput. Syst., 28 (2012) 583-592.

Digital Library

[77]

ISO 27001, "Information Technology, Security Techniques, Information Security Management Systems, Requirements,", International Organization for Standardization ISO, Geneve, 2005.

Cited By

Hamdani SAbbas HJanjua AShahid WAmjad MMalik JMurtaza MAtiquzzaman MKhan A(2021)Cybersecurity Standards in the Context of Operating SystemACM Computing Surveys10.1145/344248054:3(1-36)Online publication date: 8-May-2021
https://dl.acm.org/doi/10.1145/3442480
Dwiardhika DTachibana TKotulski Z(2019)Virtual Network Embedding Based on Security Level with VNF PlacementSecurity and Communication Networks10.1155/2019/56401342019Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1155/2019/5640134
Patil RModi C(2019)Designing an efficient framework for vulnerability assessment and patching (VAP) in virtual environment of cloud computingThe Journal of Supercomputing10.1007/s11227-018-2698-675:5(2862-2889)Online publication date: 1-May-2019
https://dl.acm.org/doi/10.1007/s11227-018-2698-6

Effects of virtualization on information security
1. Social and professional topics
  1. Computing / technology policy

Recommendations

Information security management: An information security retrieval and awareness model for industry

The purpose of this paper is to present a conceptual view of an Information Security Retrieval and Awareness (ISRA) model that can be used by industry to enhance information security awareness among employees. A common body of knowledge for information ...
Information Security Awareness at Saudi Arabians' Organizations: An Information Technology Employee's Perspective

Information security awareness is human and organizational attitudes which can be described as a behavior or an attitude of an organization and/or its members towards protecting the organization's information assets. The goal of this paper is to ...
Embedding information security curricula in existing programmes
InfoSecCD '04: Proceedings of the 1st annual conference on Information security curriculum development

There is a need for educators of information technology professionals to monitor the demands of the market and to adjust their programmes and curriculum accordingly. A number of universities and colleges have sought opportunities to extend their ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Computer Standards & Interfaces

Computer Standards & Interfaces Volume 42, Issue C

November 2015

182 pages

ISSN:0920-5489

Issue’s Table of Contents

Copyright © Elsevier B.V.

Publisher

Elsevier Science Publishers B. V.

Netherlands

Publication History

Published: 01 November 2015

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 04 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Hamdani SAbbas HJanjua AShahid WAmjad MMalik JMurtaza MAtiquzzaman MKhan A(2021)Cybersecurity Standards in the Context of Operating SystemACM Computing Surveys10.1145/344248054:3(1-36)Online publication date: 8-May-2021
https://dl.acm.org/doi/10.1145/3442480
Dwiardhika DTachibana TKotulski Z(2019)Virtual Network Embedding Based on Security Level with VNF PlacementSecurity and Communication Networks10.1155/2019/56401342019Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1155/2019/5640134
Patil RModi C(2019)Designing an efficient framework for vulnerability assessment and patching (VAP) in virtual environment of cloud computingThe Journal of Supercomputing10.1007/s11227-018-2698-675:5(2862-2889)Online publication date: 1-May-2019
https://dl.acm.org/doi/10.1007/s11227-018-2698-6

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents