Visible to the public Biblio

Found 127 results

Filters: Keyword is virtualization  [Clear All Filters]
2023-07-13
Veremey, Anastasiya, Kustov, Vladimir, Ravi, Renjith V.  2022.  Security Research and Design of Hierarchical Embedded Information Security System. 2022 Second International Conference on Computer Science, Engineering and Applications (ICCSEA). :1–6.
In this paper, the reader’s attention is directed to the problem of inefficiency of the add-on information security tools, that are installed in operating systems, including virtualization systems. The paper shows the disadvantages, that significantly affect the maintenance of an adequate level of security in the operating system. The results allowing to control all areas hierarchical of protection of the specialized operating system are presented.
2023-03-03
Nolte, Hendrik, Sabater, Simon Hernan Sarmiento, Ehlers, Tim, Kunkel, Julian.  2022.  A Secure Workflow for Shared HPC Systems. 2022 22nd IEEE International Symposium on Cluster, Cloud and Internet Computing (CCGrid). :965–974.
Driven by the progress of data and compute-intensive methods in various scientific domains, there is an in-creasing demand from researchers working with highly sensitive data to have access to the necessary computational resources to be able to adapt those methods in their respective fields. To satisfy the computing needs of those researchers cost-effectively, it is an open quest to integrate reliable security measures on existing High Performance Computing (HPC) clusters. The fundamental problem with securely working with sensitive data is, that HPC systems are shared systems that are typically trimmed for the highest performance - not for high security. For instance, there are commonly no additional virtualization techniques employed, thus, users typically have access to the host operating system. Since new vulnerabilities are being continuously discovered, solely relying on the traditional Unix permissions is not secure enough. In this paper, we discuss a generic and secure workflow that can be implemented on typical HPC systems allowing users to transfer, store and analyze sensitive data. In our experiments, we see an advantage in the asynchronous execution of IO requests, while reaching 80 % of the ideal performance.
2023-02-17
Alyas, Tahir, Ateeq, Karamath, Alqahtani, Mohammed, Kukunuru, Saigeeta, Tabassum, Nadia, Kamran, Rukshanda.  2022.  Security Analysis for Virtual Machine Allocation in Cloud Computing. 2022 International Conference on Cyber Resilience (ICCR). :1–9.
A huge number of cloud users and cloud providers are threatened of security issues by cloud computing adoption. Cloud computing is a hub of virtualization that provides virtualization-based infrastructure over physically connected systems. With the rapid advancement of cloud computing technology, data protection is becoming increasingly necessary. It's important to weigh the advantages and disadvantages of moving to cloud computing when deciding whether to do so. As a result of security and other problems in the cloud, cloud clients need more time to consider transitioning to cloud environments. Cloud computing, like any other technology, faces numerous challenges, especially in terms of cloud security. Many future customers are wary of cloud adoption because of this. Virtualization Technologies facilitates the sharing of recourses among multiple users. Cloud services are protected using various models such as type-I and type-II hypervisors, OS-level, and unikernel virtualization but also offer a variety of security issues. Unfortunately, several attacks have been built in recent years to compromise the hypervisor and take control of all virtual machines running above it. It is extremely difficult to reduce the size of a hypervisor due to the functions it offers. It is not acceptable for a safe device design to include a large hypervisor in the Trusted Computing Base (TCB). Virtualization is used by cloud computing service providers to provide services. However, using these methods entails handing over complete ownership of data to a third party. This paper covers a variety of topics related to virtualization protection, including a summary of various solutions and risk mitigation in VMM (virtual machine monitor). In this paper, we will discuss issues possible with a malicious virtual machine. We will also discuss security precautions that are required to handle malicious behaviors. We notice the issues of investigating malicious behaviors in cloud computing, give the scientific categorization and demonstrate the future headings. We've identified: i) security specifications for virtualization in Cloud computing, which can be used as a starting point for securing Cloud virtual infrastructure, ii) attacks that can be conducted against Cloud virtual infrastructure, and iii) security solutions to protect the virtualization environment from DDOS attacks.
Maddamsetty, Saketh, Tharwani, Ayush, Mishra, Debadatta.  2022.  MicroBlind: Flexible and Secure File System Middleware for Application Sandboxes. 2022 IEEE International Conference on Cloud Engineering (IC2E). :221–232.
Virtual machine (VM) based application sandboxes leverage strong isolation guarantees of virtualization techniques to address several security issues through effective containment of malware. Specifically, in end-user physical hosts, potentially vulnerable applications can be isolated from each other (and the host) using VM based sandboxes. However, sharing data across applications executing within different sandboxes is a non-trivial requirement for end-user systems because at the end of the day, all applications are used by the end-user owning the device. Existing file sharing techniques compromise the security or efficiency, especially considering lack of technical expertise of many end-users in the contemporary times. In this paper, we propose MicroBlind, a security hardened file sharing framework for virtualized sandboxes to support efficient data sharing across different application sandboxes. MicroBlind enables a simple file sharing management API for end users where the end user can orchestrate file sharing across different VM sandboxes in a secure manner. To demonstrate the efficacy of MicroBlind, we perform comprehensive empirical analysis against existing data sharing techniques (augmented for the sandboxing setup) and show that MicroBlind provides improved security and efficiency.
Yang, Jin, Liu, Yunqing.  2022.  Countermeasure Against Anti-Sandbox Technology Based on Activity Recognition. 2022 3rd International Conference on Computer Vision, Image and Deep Learning & International Conference on Computer Engineering and Applications (CVIDL & ICCEA). :834–839.
In order to prevent malicious environment, more and more applications use anti-sandbox technology to detect the running environment. Malware often uses this technology against analysis, which brings great difficulties to the analysis of applications. Research on anti-sandbox countermeasure technology based on application virtualization can solve such problems, but there is no good solution for sensor simulation. In order to prevent detection, most detection systems can only use real device sensors, which brings great hidden dangers to users’ privacy. Aiming at this problem, this paper proposes and implements a sensor anti-sandbox countermeasure technology for Android system. This technology uses the CNN-LSTM model to identify the activity of the real machine sensor data, and according to the recognition results, the real machine sensor data is classified and stored, and then an automatic data simulation algorithm is designed according to the stored data, and finally the simulation data is sent back by using the Hook technology for the application under test. The experimental results show that the method can effectively simulate the data characteristics of the acceleration sensor and prevent the triggering of anti-sandbox behaviors.
2023-01-13
Krishna, P. Vamsi, Matta, Venkata Durga Rao.  2022.  A Unique Deep Intrusion Detection Approach (UDIDA) for Detecting the Complex Attacks. 2022 International Conference on Edge Computing and Applications (ICECAA). :557—560.
Intrusion Detection System (IDS) is one of the applications to detect intrusions in the network. IDS aims to detect any malicious activities that protect the computer networks from unknown persons or users called attackers. Network security is one of the significant tasks that should provide secure data transfer. Virtualization of networks becomes more complex for IoT technology. Deep Learning (DL) is most widely used by many networks to detect the complex patterns. This is very suitable approaches for detecting the malicious nodes or attacks. Software-Defined Network (SDN) is the default virtualization computer network. Attackers are developing new technology to attack the networks. Many authors are trying to develop new technologies to attack the networks. To overcome these attacks new protocols are required to prevent these attacks. In this paper, a unique deep intrusion detection approach (UDIDA) is developed to detect the attacks in SDN. Performance shows that the proposed approach is achieved more accuracy than existing approaches.
2022-09-29
Wei, Song, Zhang, Kun, Tu, Bibo.  2021.  Performance Impact of Host Kernel Page Table Isolation on Virtualized Servers. 2021 IEEE Asia-Pacific Conference on Image Processing, Electronics and Computers (IPEC). :912–919.
As Meltdown mitigation, Kernel Page Table I solation (KPTI) was merged into Linux kernel mainline, and the performance impact is significant on x86 processors. Most of the previous work focuses on how KPTI affects Linux kernel performance within the scope of virtual machines or physical machines on x86. However, whether host KPTI affects virtual machines has not been well studied. What's more, there is relatively little research on ARM CPUs. This paper presents an in-depth study of how KPTI on the host affects the virtualized server performance and compares ARMv8 and x86. We first run several application benchmarks to demonstrate the performance impact does exist. The reason is that with a para-virtual I/O scheme, guest offloads I/O requests to the host side, which may incur user/kernel transitions. For the network I/O, when using QEMU as the back-end device, we saw a 1.7% and 5.5% slowdown on ARMv8 and x86, respectively. vhost and vhost-user, originally proposed to optimize performance, inadvertently mitigate the performance impact introduced by host KPTI. For CPU and memory-intensive benchmarks, the performance impact is trivial. We also find that virtual machines on ARMv8 are less affected by KPTI. To diagnose the root cause, we port HyperBench to the ARM virtualization platform. The final results show that swapping the translation table pointer register on ARMv8 is about 3.5x faster than x86. Our findings have significant implications for tuning the x86 virtualization platform's performance and helping ARMv8 administrators enable KPTI with confidence.
Suresh, V., Ramesh, M.K., Shadruddin, Sheikh, Paul, Tapobrata, Bhattacharya, Anirban, Ahmad, Abrar.  2021.  Design and Application of Converged Infrastructure through Virtualization Technology in Grid Operation Control Center in North Eastern Region of India. 2020 3rd International Conference on Energy, Power and Environment: Towards Clean Energy Technologies. :1–5.
Modern day grid operation requires multiple interlinked applications and many automated processes at control center for monitoring and operation of grid. Information technology integrated with operational technology plays a critical role in grid operation. Computing resource requirements of these software applications varies widely and includes high processing applications, high Input/Output (I/O) sensitive applications and applications with low resource requirements. Present day grid operation control center uses various applications for load despatch schedule management, various real-time analytics & optimization applications, post despatch analysis and reporting applications etc. These applications are integrated with Operational Technology (OT) like Data acquisition system / Energy management system (SCADA/EMS), Wide Area Measurement System (WAMS) etc. This paper discusses various design considerations and implementation of converged infrastructure through virtualization technology by consolidation of servers and storages using multi-cluster approach to meet high availability requirement of the applications and achieve desired objectives of grid control center of north eastern region in India. The process involves weighing benefits of different architecture solution, grouping of application hosts, making multiple clusters with reliability and security considerations, and designing suitable infrastructure to meet all end objectives. Reliability, enhanced resource utilization, economic factors, storage and physical node selection, integration issues with OT systems and optimization of cost are the prime design considerations. Modalities adopted to minimize downtime of critical systems for grid operation during migration from the existing infrastructure and integration with OT systems of North Eastern Regional Load Despatch Center are also elaborated in this paper.
Casini, Daniel, Biondi, Alessandro, Cicero, Giorgiomaria, Buttazzo, Giorgio.  2021.  Latency Analysis of I/O Virtualization Techniques in Hypervisor-Based Real-Time Systems. 2021 IEEE 27th Real-Time and Embedded Technology and Applications Symposium (RTAS). :306–319.
Nowadays, hypervisors are the standard solution to integrate different domains into a shared hardware platform, while providing safety, security, and predictability. To this end, a hypervisor virtualizes the physical platform and orchestrates the access to each component. When the system needs to comply with certification requirements for safety-critical systems, virtualization latencies need to be analytically bounded for providing off-line guarantees. This paper presents a detailed modeling of three I/O virtualization techniques, providing analytical bounds for each of them under different metrics. Experimental results compare the bounds for a case study and quantify the contribution due to different sources of delay.
2022-09-09
Khadhim, Ban Jawad, Kadhim, Qusay Kanaan, Khudhair, Wijdan Mahmood, Ghaidan, Marwa Hameed.  2021.  Virtualization in Mobile Cloud Computing for Augmented Reality Challenges. 2021 2nd Information Technology To Enhance e-learning and Other Application (IT-ELA). :113—118.
Mobile cloud computing has suggested as a viable technology as a result of the fast growth of mobile applications and the emergence of the cloud computing idea. Mobile cloud computing incorporates cloud computing into the mobile environment and addresses challenges in mobile cloud computing applications like (processing capacity, battery storage capacity, privacy, and security). We discuss the enabling technologies and obstacles that we will face when we transition from mobile computing to mobile cloud computing to develop next-generation mobile cloud applications. This paper provides an overview of the processes and open concerns for mobility in mobile cloud computing for augmented reality service provisioning. This paper outlines the concept, system architecture, and taxonomy of virtualization technology, as well as research concerns related to virtualization security, and suggests future study fields. Furthermore, we highlight open challenges to provide light on the future of mobile cloud computing and future development.
2022-06-13
Wang, Fengling, Wang, Han, Xue, Liang.  2021.  Research on Data Security in Big Data Cloud Computing Environment. 2021 IEEE 5th Advanced Information Technology, Electronic and Automation Control Conference (IAEAC). 5:1446–1450.
In the big data cloud computing environment, data security issues have become a focus of attention. This paper delivers an overview of conceptions, characteristics and advanced technologies for big data cloud computing. Security issues of data quality and privacy control are elaborated pertaining to data access, data isolation, data integrity, data destruction, data transmission and data sharing. Eventually, a virtualization architecture and related strategies are proposed to against threats and enhance the data security in big data cloud environment.
2022-06-08
Ma, Yingjue, Ni, Hui-jun, Li, Yanping.  2021.  Information Security Practice of Intelligent Knowledge Ecological Communities with Cloud Computing. 2021 IEEE International Conference on Consumer Electronics and Computer Engineering (ICCECE). :242–245.
With powerful ability to organize, retrieve and share information, cloud computing technology has effectively improved the development of intelligent learning ecological Communities. The study finds development create a security atmosphere with all homomorphic encryption technology, virtualization technology to prevent the leakage and loss of information data. The result provided a helpful guideline to build a security environment for intelligent ecological communities.
2022-05-24
Chan, Matthew.  2021.  Bare-metal hypervisor virtual servers with a custom-built automatic scheduling system for educational use. 2021 Fourth International Conference on Electrical, Computer and Communication Technologies (ICECCT). :1–5.
In contrast to traditional physical servers, a custom-built system utilizing a bare-metal hypervisor virtual server environment provides advantages of both cost savings and flexibility in terms of systems configuration. This system is designed to facilitate hands-on experience for Computer Science students, particularly those specializing in systems administration and computer networking. This multi-purpose and functional system uses an automatic advanced virtual server reservation system (AAVSRsv), written in C++, to schedule and manage virtual servers. The use of such a system could be extended to additional courses focusing on such topics as cloud computing, database systems, information assurance, as well as ethical hacking and system defense. The design can also be replicated to offer training sessions to other information technology professionals.
2022-05-12
Morbitzer, Mathias, Proskurin, Sergej, Radev, Martin, Dorfhuber, Marko, Salas, Erick Quintanar.  2021.  SEVerity: Code Injection Attacks against Encrypted Virtual Machines. 2021 IEEE Security and Privacy Workshops (SPW). :444–455.

Modern enterprises increasingly take advantage of cloud infrastructures. Yet, outsourcing code and data into the cloud requires enterprises to trust cloud providers not to meddle with their data. To reduce the level of trust towards cloud providers, AMD has introduced Secure Encrypted Virtualization (SEV). By encrypting Virtual Machines (VMs), SEV aims to ensure data confidentiality, despite a compromised or curious Hypervisor. The SEV Encrypted State (SEV-ES) extension additionally protects the VM’s register state from unauthorized access. Yet, both extensions do not provide integrity of the VM’s memory, which has already been abused to leak the protected data or to alter the VM’s control-flow. In this paper, we introduce the SEVerity attack; a missing puzzle piece in the series of attacks against the AMD SEV family. Specifically, we abuse the system’s lack of memory integrity protection to inject and execute arbitrary code within SEV-ES-protected VMs. Contrary to previous code execution attacks against the AMD SEV family, SEVerity neither relies on a specific CPU version nor on any code gadgets inside the VM. Instead, SEVerity abuses the fact that SEV-ES prohibits direct memory access into the encrypted memory. Specifically, SEVerity injects arbitrary code into the encrypted VM through I/O channels and uses the Hypervisor to locate and trigger the execution of the encrypted payload. This allows us to sidestep the protection mechanisms of SEV-ES. Overall, our results demonstrate a success rate of 100% and hence highlight that memory integrity protection is an obligation when encrypting VMs. Consequently, our work presents the final stroke in a series of attacks against AMD SEV and SEV-ES and renders the present implementation as incapable of protecting against a curious, vulnerable, or malicious Hypervisor.

Şengül, Özkan, Özkılıçaslan, Hasan, Arda, Emrecan, Yavanoğlu, Uraz, Dogru, Ibrahim Alper, Selçuk, Ali Aydın.  2021.  Implementing a Method for Docker Image Security. 2021 International Conference on Information Security and Cryptology (ISCTURKEY). :34–39.
Containers that can be easily created, transported and scaled with the use of container-based virtualization technologies work better than classical virtualization technologies and provide efficient resource usage. The Docker platform is one of the most widely used solutions among container-based virtualization technologies. The OS-level virtualization of the Docker platform and the container’s use of the host operating system kernel may cause security problems. In this study, a method including static and dynamic analysis has been proposed to ensure Docker image and container security. In the static analysis phase of the method, the packages of the images are scanned for vulnerabilities and malware. In the dynamic analysis phase, Docker containers are run for a certain period of time, after the open port scanning, network traffic is analyzed with the Snort3. Seven Docker images are analyzed and the results are shared.
Ntambu, Peter, Adeshina, Steve A.  2021.  Machine Learning-Based Anomalies Detection in Cloud Virtual Machine Resource Usage. 2021 1st International Conference on Multidisciplinary Engineering and Applied Science (ICMEAS). :1–6.
Cloud computing is one of the greatest innovations and emerging technologies of the century. It incorporates networks, databases, operating systems, and virtualization technologies thereby bringing the security challenges associated with these technologies. Security Measures such as two-factor authentication, intrusion detection systems, and data backup are already in place to handle most of the security threats and vulnerabilities associated with these technologies but there are still other threats that may not be easily detected. Such a threat is a malicious user gaining access to the Virtual Machines (VMs) of other genuine users and using the Virtual Machine resources for their benefits without the knowledge of the user or the cloud service provider. This research proposes a model for proactive monitoring and detection of anomalies in VM resource usage. The proposed model can detect and pinpoint the time such anomaly occurred. Isolation Forest and One-Class Support Vector Machine (OCSVM) machine learning algorithms were used to train and test the model on sampled virtual machine workload trace using a combination of VM resource metrics together. OCSVM recorded an average F1-score of 0.97 and 0.89 for hourly and daily time series respectively while Isolation Forest has an average of 0.93 and 0.80 for hourly and daily time series. This result shows that both algorithms work for the model however OCSVM had a higher classification success rate than Isolation Forest.
2022-04-18
Li, Shuai, Dang, Fangfang, Yang, Ying, Liu, Han, Song, Yifan.  2021.  Research on Computer Network Security Protection System Based on Level Protection in Cloud Computing Environment. 2021 IEEE International Conference on Advances in Electrical Engineering and Computer Applications (AEECA). :428–431.
With the development of cloud computing technology, cloud services have been used by more and more traditional applications and products because of their unique advantages such as virtualization, high scalability and universality. In the cloud computing environment, computer networks often encounter security problems such as external attacks, hidden dangers in the network and hidden dangers in information sharing. The network security level protection system is the basic system of national network security work, which is the fundamental guarantee for promoting the healthy development of informatization and safeguarding national security, social order and public interests. This paper studies cloud computing security from the perspective of level protection, combining with the characteristics of cloud computing security. This scheme is not only an extension of information system level protection, but also a study of cloud computing security, aiming at cloud computing security control from the perspective of level protection.
2022-02-07
Xi, Feng, Dejian, Li, Hui, Wang, Xiaoke, Tang, Guojin, Liu.  2021.  TrustZone Based Virtual Architecture of Power Intelligent Terminal. 2021 9th International Conference on Intelligent Computing and Wireless Optical Communications (ICWOC). :33–36.
Three issues should be addressed in ubiquitous power Internet of things (IoT) terminals, such as lack of terminal standardization, high business coupling and weak local intelligent processing ability. The application of operating system in power IoT terminals provides the possibility to solve the above problems, but needs to address the real-time and security problems. In this paper, TrustZone based virtualization architecture is used to tackle the above real-time and security problems, which adopts the dual system architecture of real-time operating system (FreeRTOS) to run real-time tasks, such as power parameter acquisition and control on the real-time operating system, to solve the real-time problem; And non real-time tasks are run on the general operating system(Linux) to solve the expansibility problem of power terminals with hardware assisted virtualization technology achieving the isolation of resources, ensuring the safety of power related applications. The scheme is verified on the physical platform. The results show that the dual operating system power IoT terminal scheme based on ARM TrustZone meets the security requirements and has better real-time performance, with unifying terminal standards, business decoupling and enhancing local processing capacity.
2022-01-11
Rahmansyah, Reyhan, Suryani, Vera, Arif Yulianto, Fazmah, Hidayah Ab Rahman, Nurul.  2021.  Reducing Docker Daemon Attack Surface Using Rootless Mode. 2021 International Conference on Software Engineering Computer Systems and 4th International Conference on Computational Science and Information Management (ICSECS-ICOCSIM). :499–502.
Containerization technology becomes one of alternatives in virtualization. Docker requires docker daemon to build, distribute and run the container and this makes the docker vulnerable to an attack surface called Docker daemon Attack Surface - an attack against docker daemon taking over the access (root). Using rootless mode is one way to prevent the attack. Therefore, this research demonstrates the attack prevention by making and running the docker container in the rootless mode. The success of the attack can be proven when the user is able to access the file /etc/shadow that is supposed to be only accessible for the rooted users. Findings of this research demonstrated that the file is inaccessible when the docker is run using the rootless mode. CPU usage is measured when the attack is being simulated using the docker run through root privileges and rootless mode, to identify whether the use of rootless mode in the docker adds the load of CPU usage and to what extent its increased. Results showed that the CPU use was 39% when using the docker with the rootless mode. Meanwhile, using the docker with the right of the root access was only 0%. The increase of 39% is commensurate with the benefit that can prevent the docker daemon attack surface.
2022-01-10
Jianhua, Xing, Jing, Si, Yongjing, Zhang, Wei, Li, Yuning, Zheng.  2021.  Research on Malware Variant Detection Method Based on Deep Neural Network. 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP). :144–147.
To deal with the increasingly serious threat of industrial information malicious code, the simulations and characteristics of the domestic security and controllable operating system and office software were implemented in the virtual sandbox environment based on virtualization technology in this study. Firstly, the serialization detection scheme based on the convolution neural network algorithm was improved. Then, the API sequence was modeled and analyzed by the improved convolution neural network algorithm to excavate more local related information of variant sequences. Finally the variant detection of malicious code was realized. Results showed that this improved method had higher efficiency and accuracy for a large number of malicious code detection, and could be applied to the malicious code detection in security and controllable operating system.
2021-11-29
AlShiab, Ismael, Leivadeas, Aris, Ibnkahla, Mohamed.  2021.  Virtual Sensing Networks and Dynamic RPL-Based Routing for IoT Sensing Services. ICC 2021 - IEEE International Conference on Communications. :1–6.
IoT applications are quickly evolving in scope and objectives while their focus is being shifted toward supporting dynamic users’ requirements. IoT users initiate applications and expect quick and reliable deployment without worrying about the underlying complexities of the required sensing and routing resources. On the other hand, IoT sensing nodes, sinks, and gateways are heterogeneous, have limited resources, and require significant cost and installation time. Sensing network-level virtualization through virtual Sensing Networks (VSNs) could play an important role in enabling the formation of virtual groups that link the needed IoT sensing and routing resources. These VSNs can be initiated on-demand with the goal to satisfy different IoT applications’ requirements. In this context, we present a joint algorithm for IoT Sensing Resource Allocation with Dynamic Resource-Based Routing (SRADRR). The SRADRR algorithm builds on the current distinguished empowerment of sensing networks using recent standards like RPL and 6LowPAN. The proposed algorithm suggests employing the RPL standard concepts to create DODAG routing trees that dynamically adapt according to the available sensing resources and the requirements of the running and arriving applications. Our results and implementation of the SRADRR reveal promising enhancements in the overall applications deployment rate.
2021-09-30
Khalid, Fatima, Masood, Ammar.  2020.  Hardware-Assisted Isolation Technologies: Security Architecture and Vulnerability Analysis. 2020 International Conference on Cyber Warfare and Security (ICCWS). :1–8.
Hardware-assisted isolation technology provide a Trusted Execution Environment (TEE) for the Trusted Computing Base (TCB) of a system. Since there is no standardization for such systems, many technologies using different approaches have been implemented over time. Before selecting or implementing a TEE, it is essential to understand the security architecture, features and analyze the technologies with respect to the new security vulnerabilities (i.e. Micro-architectural class of vulnerabilities). These technologies can be divided into two main types: 1) Isolation by software virtualization and 2) Isolation by hardware. In this paper, we discuss technology implementation of each type i.e. Intel SGX and ARM TrustZone for type-1; Intel ME and AMD Secure Processor for type-2. We also cover the vulnerability analysis against each technology with respect to the latest discovered attacks. This would enable a user to precisely appreciate the security capabilities of each technology.
Lina, Zhu, Dongzhao, Zhu.  2020.  A New Network Security Architecture Based on SDN / NFV Technology. 2020 International Conference on Computer Engineering and Application (ICCEA). :669–675.
The new network based on software-defined network SDN and network function virtualization NFV will replace the traditional network, so it is urgent to study the network security architecture based on the new network environment. This paper presents a software - defined security SDS architecture. It is open and universal. It provides an open interface for security services, security devices, and security management. It enables different network security vendors to deploy security products and security solutions. It can realize the deployment, arrangement and customization of virtual security function VSFs. It implements fine-grained data flow control and security policy management. The author analyzes the different types of attacks that different parts of the system are vulnerable to. The defender can disable the network attacks by changing the server-side security configuration scheme. The future research direction of network security is put forward.
Denzler, Patrick, Ruh, Jan, Kadar, Marine, Avasalcai, Cosmin, Kastner, Wolfgang.  2020.  Towards Consolidating Industrial Use Cases on a Common Fog Computing Platform. 2020 25th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA). 1:172–179.
Converging Information Technology (IT) and Operations Technology (OT) in modern factories remains a challenging task. Several approaches such as Cloud, Fog or Edge computing aim to provide possible solutions for bridging OT that requires strict real-time processing with IT that targets computing functionality. In this context, this paper contributes to ongoing Fog computing research by presenting three industrial use cases with a specific focus on consolidation of functionality. Each use case exemplifies scenarios on how to use the computational resources closer to the edge of the network provided by a Fog Computing Platform (FCP). All use-cases utilize the same proposed FCP, which allows drawing a set of requirements on future FCPs, e.g. hardware, virtualization, security, communication and resource management. The central element of the FCP is the Fog Node (FN), built upon commercial off-the-shelf (COTS) multicore processors (MCPs) and virtualization support. Resource management tools, advanced security features and state of the art communication protocols complete the FCP. The paper concludes by outlining future research challenges by comparing the proposed FCP with the identified requirements.
Shuang, Zhang, Xinyu, Wan, Deqi, Kong, Yangming, Guo.  2020.  Embedded Virtualization Computing Platform Security Architecture Based on Trusted Computing. 2020 7th International Conference on Dependable Systems and Their Applications (DSA). :1–5.
With the application of virtualization and multi-core processor in embedded system, the computing capacity of embedded system has been improved comprehensively, but it is also faced with malicious attacks against virtualization technology. First, it was analyzed the security requirements of each layer of embedded virtualization computing platform. Aiming at the security requirements, it was proposed the security architecture of embedded virtualization computing platform based on trusted computing module. It was designed the hardware trusted root on the hardware layer, the virtualization trusted root on the virtual machine manager layer, trusted computing component and security function component on guest operation system layer. Based on the trusted roots, it was built the static extension of the trusted chain on the platform. This security architecture can improve the active security protection capability of embedded virtualization computing platform.