{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,25]],"date-time":"2026-03-25T14:29:59Z","timestamp":1774448999564,"version":"3.50.1"},"reference-count":23,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2017,6,2]],"date-time":"2017-06-02T00:00:00Z","timestamp":1496361600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"With the rapid development of Internet, the traditional computing environment is making a big migration to the cloud-computing environment. However, cloud computing introduces a set of new security problems. Aiming at the virtual machine (VM) escape attack, we study the traditional attack model and attack scenarios in the cloud-computing environment. In addition, we propose an access control model that can prevent virtual machine escape (PVME) by adapting the BLP (Bell-La Padula) model (an access control model developed by D. Bell and J. LaPadula). Finally, the PVME model has been implemented on full virtualization architecture. The experimental results show that the PVME module can effectively prevent virtual machine escape while only incurring 4% to 8% time overhead.<\/jats:p>","DOI":"10.3390\/fi9020020","type":"journal-article","created":{"date-parts":[[2017,6,2]],"date-time":"2017-06-02T10:20:44Z","timestamp":1496398844000},"page":"20","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":21,"title":["An Access Control Model for Preventing Virtual Machine Escape Attack"],"prefix":"10.3390","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3478-7529","authenticated-orcid":false,"given":"Jiang","family":"Wu","sequence":"first","affiliation":[{"name":"School of Computer Engineering and Science, Shanghai University, Shanghai 200444, China"}]},{"given":"Zhou","family":"Lei","sequence":"additional","affiliation":[{"name":"School of Computer Engineering and Science, Shanghai University, Shanghai 200444, China"}]},{"given":"Shengbo","family":"Chen","sequence":"additional","affiliation":[{"name":"School of Computer Engineering and Science, Shanghai University, Shanghai 200444, China"}]},{"given":"Wenfeng","family":"Shen","sequence":"additional","affiliation":[{"name":"School of Computer Engineering and Science, Shanghai University, Shanghai 200444, China"}]}],"member":"1968","published-online":{"date-parts":[[2017,6,2]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Wei, L., Zhu, H., Cao, Z., Jia, W., and Vasilakos, A.V. (2010, January 21\u201325). SecCloud: Bridging Secure Storage and Computation in Cloud. Proceedings of the 2010 IEEE 30th International Conference on Distributed Computing Systems Workshops, Kozani, Greece.","DOI":"10.1109\/ICDCSW.2010.36"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"371","DOI":"10.1016\/j.ins.2013.04.028","article-title":"Security and privacy for storage and computation in cloud computing","volume":"258","author":"Wei","year":"2014","journal-title":"J. Inform. Sci."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"357","DOI":"10.1016\/j.ins.2015.01.025","article-title":"Security in cloud computing: Opportunities and challenges","volume":"305","author":"Ali","year":"2015","journal-title":"J. Inform. Sci."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"113","DOI":"10.1007\/s10207-013-0208-7","article-title":"Security issues in cloud environments: A survey","volume":"13","author":"Fernandes","year":"2014","journal-title":"Int. J. Inform. Secur."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"561","DOI":"10.1007\/s11227-012-0831-5","article-title":"A survey on security issues and solutions at different layers of Cloud computing","volume":"63","author":"Modi","year":"2013","journal-title":"J. Supercomput."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1109\/MSP.2010.115","article-title":"Understanding cloud computing vulnerabilities","volume":"9","author":"Grobauer","year":"2011","journal-title":"IEEE Secur. Priv."},{"key":"ref_7","unstructured":"Kazim, M., Masood, R., Shibli, M.A., and Abbasi, A.G. (2013, January 25\u201327). Security aspects of virtualization in cloud computing. Proceedings of the 12th IFIP TC 8 International Conference on Computer Information Systems and Industrial Management, Krakow, Poland."},{"key":"ref_8","unstructured":"Borisaniya, B., and Patel, D. (2014, January 21\u201322). Evasion resistant intrusion detection framework at hypervisor layer in cloud. Proceedings of the International Conference on Advances in Communication, Network, and Computing, Chennai, India."},{"key":"ref_9","unstructured":"Khan, A.A. (2015). Isolation of Private Network from Internet, Secure Internet Virtual Environment, Foundation of Computer Science."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1007\/s11036-014-0533-8","article-title":"Software-Defined and Virtualized Future Mobile and Wireless Networks: A Survey","volume":"20","author":"Yang","year":"2015","journal-title":"J. Mob. Netw. Appl."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"88","DOI":"10.1016\/j.jnca.2016.11.027","article-title":"Cloud security issues and challenges: A survey","volume":"79","author":"Singh","year":"2017","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_12","first-page":"17","article-title":"Virtualization: Issues, security threats, and solutions","volume":"45","author":"Pearce","year":"2013","journal-title":"J. ACM Comput. Surv. (CSUR)"},{"key":"ref_13","first-page":"1","article-title":"A classification and characterization of security threats in cloud computing","volume":"7","author":"Islam","year":"2016","journal-title":"Int. J. Next-Gener. Comput."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Liu, F., Ge, Q., Yarom, Y., Mckeen, F., Rozas, C., Heiser, G., and Lee, R.B. (2016, January 12\u201316). CATalyst: Defeating last-level cache side channel attacks in cloud computing. Proceedings of the 2016 IEEE International Symposium on High Performance Computer Architecture (HPCA), Barcelona, Spain.","DOI":"10.1109\/HPCA.2016.7446082"},{"key":"ref_15","first-page":"95","article-title":"Using Virtual Machine Allocation Policies to Defend against Co-Resident Attacks in Cloud Computing","volume":"14","author":"Han","year":"2017","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_16","unstructured":"Sze, W.K., Srivastava, A., and Sekar, R. (June, January 30). Hardening OpenStack Cloud Platforms against Compute Node Compromises. Proceedings of the ACM on Asia Conference on Computer and Communications Security, Xi\u2019an, China."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"137","DOI":"10.1080\/17544750.2011.565674","article-title":"A Mandatory Access Control Framework in Virtual Machine System with Respect to Multilevel Security II: Implementation","volume":"7","author":"Liu","year":"2011","journal-title":"China Commun."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Zhu, H., Xue, Y., Zhang, Y., Chen, X., and Li, H. (2013, January 9\u201311). V-MLR: A Multilevel Security Model for Virtualization. Proceedings of the International Conference on Intelligent Networking and Collaborative Systems, Xi\u2019an, China.","DOI":"10.1109\/INCoS.2013.12"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"232","DOI":"10.23919\/CJE.2014.10851904","article-title":"A Multilevel Security Model for Private Cloud","volume":"23","author":"Xue","year":"2014","journal-title":"Chin. J. Electron."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"288","DOI":"10.1016\/j.ins.2015.08.019","article-title":"Leveraging software-defined networking for security policy enforcement","volume":"327","author":"Liu","year":"2016","journal-title":"J. Inform. Sci."},{"key":"ref_21","first-page":"1","article-title":"Flexible Data Access Control based on Trust and Reputation in Cloud Computing","volume":"PP","author":"Yan","year":"2015","journal-title":"IEEE Trans. Cloud Comput."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Bell, D.E., and La Padula, L.J. (1976). Secure computer System: Unified Exposition and Multics Interpretation, MITRE Corporation.","DOI":"10.21236\/ADA023588"},{"key":"ref_23","unstructured":"Elhage, N. (2017, May 27). Virtunoid: Breaking Out of KVM. Available online: https:\/\/nelhage.com\/talks\/kvm-defcon-2011.pdf."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/9\/2\/20\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T18:37:49Z","timestamp":1760207869000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/9\/2\/20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,6,2]]},"references-count":23,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2017,6]]}},"alternative-id":["fi9020020"],"URL":"https:\/\/doi.org\/10.3390\/fi9020020","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,6,2]]}}}