Policy-Assessed system-level Security of Sensitive Information processing in Virtualised Environments

Virtualised service platforms and cloud computing hold great promise for delivery of large applications in e-Government. However, to date, the fundamental shared-resource nature of virtualisation technologies has raised legitimate security concerns for Government and other organisations with duties to protect confidential data.The PASSIVE project proposes an improved model of security for such virtualised systems to ensure that:*\tadequate separation of concerns (e.g. policing, judiciary) can be achieved even in large scale deployments*\tthreats from co-hosted operating systems are detected and dealt with;*\tpublic trust in application providers is maintained even in a hosting environment where the underlying infrastructre is highly dynamicTo achieve these aims, the consortium proposes:*\tA policy-based Secuirty architecture, to allow security provisions to be easily specified, and efficiently addressed.*\tFully virtualised resource access, with fine-grained control over device access, running on an ultra-lightweight Virtual Machine Manager.*\tA lightweight, dynamic system for authenticaiton of hosts and applications in a virtualised environment.In so doing, PASSIVE will lower the barriers to adoption of virtualised hosting by government users, so that they may acheive the considerable gains in energy effiiciency, reduced capital expenditure and flexibility offered by virtualisation.