{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T21:46:51Z","timestamp":1762033611065,"version":"build-2065373602"},"reference-count":25,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2019,3,26]],"date-time":"2019-03-26T00:00:00Z","timestamp":1553558400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>As a new type of service computing model, cloud computing provides various services through the Internet. Virtual machine (VM) hopping is a security issue often encountered in the virtualization layer. Once it occurs, it directly affects the reliability of the entire computing platform. Therefore, we have thoroughly studied the virtual machine hopping attack. In addition, we designed the access control model PVMH (Prevent VM hopping) to prevent VM hopping attacks based on the BLP model and the Biba model. Finally, we implemented the model on the Xen platform. The experiments demonstrate that our PVMH module succeeds in preventing VM hopping attack with acceptable loss to virtual machine performance.<\/jats:p>","DOI":"10.3390\/fi11030082","type":"journal-article","created":{"date-parts":[[2019,3,27]],"date-time":"2019-03-27T05:03:12Z","timestamp":1553662992000},"page":"82","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["An Access Control Model for Preventing Virtual Machine Hopping Attack"],"prefix":"10.3390","volume":"11","author":[{"given":"Ying","family":"Dong","sequence":"first","affiliation":[{"name":"School of Computer Engineering and Science, Shanghai University, Shanghai 200444, China"}]},{"given":"Zhou","family":"Lei","sequence":"additional","affiliation":[{"name":"School of Computer Engineering and Science, Shanghai University, Shanghai 200444, China"}]}],"member":"1968","published-online":{"date-parts":[[2019,3,26]]},"reference":[{"key":"ref_1","unstructured":"Gulati, G. (2012). Multi-Tenant Architecture. A Private Cloud, LAP Lambert Academic Publishing."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"72","DOI":"10.1145\/1629175.1629198","article-title":"MapReduce: A flexible data processing tool","volume":"53","author":"Dean","year":"2010","journal-title":"Commun. ACM"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"DeCandia, G., Hastorun, D., Jampani, M., Kakulapati, G., Lakshman, A., Pilchin, A., Sivasubramanian, S., Vosshall, P., and Vogels, W. (2007, January 14\u201317). Dynamo: Amazon\u2019s highly available key-value store. Proceedings of the Twenty-First ACM SIGOPS Symposium on Operating Systems Principles (SOSP\u201907), Stevenson, WA, USA.","DOI":"10.1145\/1294261.1294281"},{"key":"ref_4","unstructured":"Catteddu, D., and Hogben, G. (2009, January 10\u201311). Cloud Computing - Benefits, risks and recommendations for information security. Proceedings of the 2009 Iberic Web Application Security Conference, Madrid, Spain."},{"key":"ref_5","unstructured":"Ormandy, T. (2007, January 18). An empirical study into the Security exposure to hosts of hostile virtualized environments. Proceedings of the CanSecWest Applied Security Conference, Vancouver, Canada."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"1192","DOI":"10.1007\/s11227-016-1805-9","article-title":"Virtualization layer security challenges and intrusion detection\/prevention systems in cloud computing: A comprehensive review","volume":"73","author":"Modi","year":"2017","journal-title":"J. Supercomput."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s13174-014-0015-z","article-title":"Virtual network security: Threats, countermeasures, and challenges","volume":"6","author":"Bays","year":"2015","journal-title":"J. Internet Serv. Appl."},{"key":"ref_8","unstructured":"Balas, V., Sharma, N., and Chakrabarti, A. (2019). An Effective Hybrid Intrusion Detection System for Use in Security Monitoring in the Virtual Network Layer of Cloud Computing Technology. Data Management, Analytics and Innovation. Advances in Intelligent Systems and Computing, Springer."},{"key":"ref_9","first-page":"298","article-title":"Improving virtualization security by splitting hypervisor into smaller components","volume":"Volume 7371","author":"Pan","year":"2012","journal-title":"IFIP Annual Conference on Data and Applications Security and Privacy, Paris, France, 11\u201313 July 2012. Lecture Notes in Computer Science (including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Wu, J., Lei, Z., Chen, S., and Shen, W. (2017). An Access Control Model for Preventing Virtual Machine Escape Attack. Future Internet, 9.","DOI":"10.3390\/fi9020020"},{"key":"ref_11","unstructured":"Kang, B., and Kim, T. (2018). Abusing TCP retransmission for DoS attack inside virtual network. Information Security Applications. WISA 2017, Springer. Lecture Notes in Computer Science."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1186\/s13677-017-0098-8","article-title":"Classifying malware attacks in IaaS cloud environments","volume":"6","author":"Rakotondravony","year":"2017","journal-title":"J. Cloud Comput."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Mthunzi, S.N., Benkhelifa, E., Alsmirat, M.A., and Jararweh, Y. (2018, January 23\u201326). Analysis of VM communication for VM-based cloud security systems. Proceedings of the 2018 Fifth International Conference on Software Defined Systems (SDS), Barcelona, Spain.","DOI":"10.1109\/SDS.2018.8370441"},{"key":"ref_14","unstructured":"Said, T.A., and Rana, O.F. (2014, January 24\u201326). Analysing Virtual Machine Security in Cloud Systems. Proceedings of the International Conference on Intelligent Cloud Computing, Muscat, Oman."},{"key":"ref_15","unstructured":"Ren, X., and Zhou, Y. (2016, January 28\u201329). A Review of Virtual Machine Attack Based on Xen. Proceedings of the International Seminar on Applied Physics, Optoelectronics and Photonics (APOP 2016), Shanghai, China."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Sabir, E., Medromi, H., and Sadik, M. (2016). A New Secure Network Architecture to Increase Security among Virtual Machines in Cloud Computing. Advances in Ubiquitous Networking, Springer. Lecture Notes in Electrical Engineering.","DOI":"10.1007\/978-981-287-990-5"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Pattnaik, P., Rautaray, S., Das, H., and Nayak, J. (2018). Trusted Model for Virtual Machine Security in Cloud Computing. Progress in Computing, Analytics and Networking. Advances in Intelligent Systems and Computing, Springer.","DOI":"10.1007\/978-981-10-7871-2"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Bazm, M.-M., Sautereau, T., Lacoste, M., S\u00fcdholt, M., and Menaud, J.-M. (2018, January 23\u201326). Cache-Based Side-Channel Attacks Detection through Intel Cache Monitoring Technology and Hardware Performance Counters. Proceedings of the Third IEEE International Conference on Fog and Mobile Edge Computing (FMEC 2018), Barcelona, Spain.","DOI":"10.1109\/FMEC.2018.8364038"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.future.2017.07.049","article-title":"ACROSS: A generic framework for attribute-based access control with distributed policies for virtual organizations","volume":"78","author":"Silva","year":"2017","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Graham, G.S., and Denning, P.J. (1972, January 16\u201318). Protection: Principles and Practice. Proceedings of the Spring Joint Computer Conference (AFIPS \u201972), Atlantic City, NJ, USA.","DOI":"10.1145\/1478873.1478928"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Bell, D.E., and La Padula, L.J. (1976). Secure Computer System: Unified Exposition and Multics Interpretation, Mitre Corp.. DTIC Document.","DOI":"10.21236\/ADA023588"},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1109\/2.485845","article-title":"Role-based access control models","volume":"29","author":"Sandhu","year":"1996","journal-title":"Computer"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"897","DOI":"10.1109\/TIFS.2017.2771492","article-title":"Specification and Verification of Separation of Duty Constraints in Attribute-Based Access Control","volume":"13","author":"Jha","year":"2018","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_24","unstructured":"Bell, D.E., and La Padula, L.J. (1973). Secure Computer Systems: Mathematical Foundations, Mitre Corporation. Technical Report MTR-2457."},{"key":"ref_25","unstructured":"Biba, K.J. (1977). Integrity Considerations for Secure Computer System, PSAF Electronic System Division, Hanscom Air Force Base. ESD-76-372."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/11\/3\/82\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T12:40:44Z","timestamp":1760186444000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/11\/3\/82"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,3,26]]},"references-count":25,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2019,3]]}},"alternative-id":["fi11030082"],"URL":"https:\/\/doi.org\/10.3390\/fi11030082","relation":{},"ISSN":["1999-5903"],"issn-type":[{"type":"electronic","value":"1999-5903"}],"subject":[],"published":{"date-parts":[[2019,3,26]]}}}