For the internal threat of cloud, a privilege control framework named Virt-RSBAC was presented to enhance privacy protection for cloud users, and mitigate the policy conflict between the demand of security monitoring of cloud provider and users’ privacy. By adding privilege control and role-based resource isolation rules in the virtual machine monitor (VMM), it implemented the separation of administrative of privileged domain, simplified the management of cloud users, and created a mutually trusted secure virtual machine (SVM) to provide security services for cloud platform providers and users. Finally, a prototype of the Virt-RSBAC framework based Xen was realized. The experiments showed that the framework can prevent malicious administrator to get user privacy and other security functions work well, and its performance payload is restricted whining an acceptable range compare with the original system.
