1. Technical Field
The present invention relates to network system security and more particularly to systems and methods having cross-layer virtual resource configurations to provide proper security in a network environment.
2. Description of the Related Art
Network environments permit a mode of usage where a user brings a portable storage device and connects the device to a personal computer (PC), makes the PC boot from the portable storage device and subsequently resumes a suspended virtual machine so that the user of the portable device is able to access a personal computing state. The personal computing state may include the state of all running processes on any computer that the user can access. This mode of operation raises security exposure as far as the owner of the PC is concerned.
In particular, the PC may be connected to a network where there are other network resources and the owner of the PC may be concerned that the portable device may launch an attack on (or even simply obtain access to) these network resources. For example, consider the case where the PC is part of a corporate intranet, and the user is normally not authorized to connect to the corporate intranet. When the user boots the PC from the portable device, the user may be able to access intranet resources. The intranet implicitly trusts the PC since it is connected to a wall port on the corporate network. Even if the corporate network performs some sort of medium access control (MAC) address validation, the PC is still trusted since the PC belongs to the enterprise and is normally permitted access to intranet resources.
In other contexts, a similar problem arises when data-centers following a Universal Server Farm paradigm are deployed to be used among multiple customers. Machines are assigned to different customers, and dynamic provisioning and reprovisioning of servers and applications requires that machines be allocated at one time to a single customer and at other times to a different customer. The server is provided over to the control of an external entity, and cannot be fully trusted.