Secure Virtual Machine Migration (SV2M) in Cloud Federation

Muhammad Awais Shibli, Naveed Ahmad, Ayesha Kanwal, Abdul Ghafoor

Abstract

Virtual Machine (VM) migration is mainly used for providing high availability, hardware maintenance, workload balancing and fault takeover in Cloud environment. However, it is susceptible to active and passive security attacks during migration process, which makes IT industry hesitant to accept this feature in Cloud. Compromising the VM migration process may result in DOS attacks, loss of data integrity and confidentiality. To cater different attacks such as unauthorized access to images and injecting malicious code on VM disk images, Cloud Providers store images in encrypted form. Therefore, security of VM migration along encrypted disk images keys becomes necessary. Previously, research focus was on the performance of VM migration, leaving security aspects of migration process completely explored. This paper proposes a comprehensive solution for Secure VM Migration (SV2M) in Cloud environment, which ensures authorization, mutual authentication, confidentiality, replay protection, integrity and non-repudiation with minimal changes in existing infrastructure. We have extended the key manager of Cloud provider and introduced new features for management and storage of keys involved in our proposed SV2M solution. In addition to this, we have integrated the proposed solution with OpenStack, which is an open source Cloud platform used by large community for research in Cloud computing. We also evaluated the security of SV2M system using well known automatic protocol verification tool AVISPA

References

  1. K. Hashizume, Fernández 2013. An analysis of security issues for cloud computing In Journal of Internet Services and Applications Production.
  2. P. Mell, Grance,2013. 'The NIST definition of cloud computing". NIST, Special Publication 800-145
  3. V. Vaidya, 2009. Virtualization vulnerabilities and threats :<http://www.redcannon.com/vDefense/VM_secuity_ wp.pdf >.
  4. J. Shetty, Anala R, Shobha 2012. A survey on techniques of secure live migration of virtual machine. In Intl
  5. Journal of Computer Applications, vol. 39,no.12.
  6. J. Oberheide, E. Cooke and F. Jahanian, 2008. Empirical exploitation of live VM migration In Proceeding of BlackHat DC convention
  7. M. Kazim, Rahat Masood & M. Awais,2013. Securing the vm images in cloud In Proceedings of the 6th International Conference on Security of Information and Networks.
  8. K. Nagin, D. Hadas, Z. Dubitzky, and Schour, 2011.Intercloud mobility of virtual machines. In Intl Conference on Systems and Storage,Haifa, Israel.
  9. Migrating VM Available from <http ://pubs . vmware.com /vsphere-4-esxvcenter/index.jsp?topic=/com vmware.vsphere.dcadmin.doc_41/vsp_dc_admin_guid e/migrating_virtual_machines/c_migrating_virtual_ma chines>
  10. Pausing and Suspending Instances ,2013. Available from <http://docs.openstack.org/grizzly/openstackcompute/admin/content/pausing-and-suspendinginstances.html>
  11. X. Wan, X. Zhang and J.Zhu, 2012. An improved vTPM migration protocol based trusted channel. In Conf erence on Systems and Informatics, pp. 871-875.
  12. OpenStack Security guide, 2013.Available from: <ht tp://docs.openstack.org/security-guide/security guide.pdf>
  13. W. Wang, Y. Zhang, B. Lin and K.Miao,2010.Secured VM migration in personal cloud. In 2nd Intl Conference on Computer Engineering &Tech
  14. B. Danev, R. J. Masti, and S. Capkun 2011, Orlando, Florida. Enabling secure VM-vTPM migration in private clouds. In Proceedings of the 27th Annual Computer Security Applications Conference.
  15. Y. Chen, Q. Shen, P. Sun, Y. Li 2012. Reliable migration module in trusted cloud based on security level design and implementation. In International Parallel and Distributed Processing Symposium Workshops &PhD Forum.
  16. V. P. Patil and G.A. Patil, 2012. Migrating process and vm in the cloud: In International Journal of Advanced Computer Science and Information Technology , vol. 1, pp. 11-19.
  17. Zhang, Y. Huang, 2008.PALM: security preserving VM live migration for systems with VMM-enforced protection. In Third Asia-Pacific Trusted Infrastructure Technologies Conference.
  18. Key Manager, 2013.Availabe from:<https://wiki .openstack.org/wiki/KeyManager>
  19. Oleg Gelbukh, 2012, OpenStack Swift Available from: <http://www.mirantis.com/blog/ openstack-swiftencryption-architecture/>
  20. HighCloud Security, Encrypt VM images, 2011.Available from: <http://www.net-security.org/secworld.php ?id=11825>
  21. HighCloud Security 2013. Available from:<http://www . highcloudsecurity.com/blog/secure-vmbackups-w hatis-different-and-why-should-you-care/>
  22. Entity Authentication using PKCS, FIPS Publication 196 , 1997.
  23. AVISPA User Manual,2006Available from: <http://www. avispa-project.org/p ackage/user-manual.pdf>
Download


Paper Citation


in Harvard Style

Awais Shibli M., Ahmad N., Kanwal A. and Ghafoor A. (2014). Secure Virtual Machine Migration (SV2M) in Cloud Federation . In Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014) ISBN 978-989-758-045-1, pages 344-349. DOI: 10.5220/0005057103440349


in Bibtex Style

@conference{secrypt14,
author={Muhammad Awais Shibli and Naveed Ahmad and Ayesha Kanwal and Abdul Ghafoor},
title={Secure Virtual Machine Migration (SV2M) in Cloud Federation},
booktitle={Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)},
year={2014},
pages={344-349},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005057103440349},
isbn={978-989-758-045-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)
TI - Secure Virtual Machine Migration (SV2M) in Cloud Federation
SN - 978-989-758-045-1
AU - Awais Shibli M.
AU - Ahmad N.
AU - Kanwal A.
AU - Ghafoor A.
PY - 2014
SP - 344
EP - 349
DO - 10.5220/0005057103440349