Abstract
A stealth migration protocol is proposed in this paper that obfuscates the virtual machine (VM) migration from intruders and enhances the security of the MTD process. Starting by encrypting the VM data and generating a secret key that is split along with the encrypted data into small chunks. Then the fragments are transmitted through intermediate VMs on the way to the destination VM. As a result, the chances of an intruder detecting the VM migration is reduced. The migration traffic is maintained close to normal traffic by adjusting the chunk size, thereby avoiding the attention of the intruder. Finally, the normal and migration traffic patterns are analyzed with the proposed protocol.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Yackoski, J., et al.: Mission-oriented moving target defense based on cryptographically strong network dynamics. In: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop. ACM (2013)
Ahmad, R.W., Gani, A., Hamid, S.H.A., Shiraz, M., Xia, F., Madani, S.A.: Virtual machine migration in cloud data centers: a review, taxonomy, and open research issues. J. Supercomput. 71(7), 2473–2515 (2015)
Oberheide, J., Cooke, E., Jahanian, F.: Empirical exploitation of live virtual machine migration. In: Proceedings of BlackHat DC Convention (2008)
Kozuch, M., Satyanarayanan, M.: Internet suspend/resume. In: Proceedings of Fourth IEEE Workshop on Mobile Computing Systems and Applications. IEEE (2002)
Duncan, A., et al.: Cloud computing: Insider attacks on virtual machines during migration. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE (2013)
Achleitner, S., et al.: Stealth migration: hiding virtual machines on the network. In: INFOCOM 2017-IEEE Conference on Computer Communications (2017)
Suetake, M., Kizu, H., Kourai, K.: Split migration of large memory virtual machines. In: Proceedings of the 7th ACM SIGOPS Asia-Pacific Workshop on Systems. ACM (2016)
Deshpande, U., et al.: Fast server deprovisioning through scatter-gather live migration of virtual machines. In: 2014 IEEE 7th International Conference on Cloud Computing (CLOUD). IEEE (2014)
Clerk Maxwell, J.: A Treatise on Electricity and Magnetism, 3rd edn, vol. 2, pp. 68–73. Clarendon, Oxford (1892)
Polash, F., Shiva, S.: Automated live migration in openstack: a moving target defense solution. J. Comput. Sci. Appl. Inform. Technol. 2(3), 1–5 (2017). https://doi.org/10.15226/2474-9257/2/3/00119
Xianqin, C., Xiaopeng, G., Han, W., Sumei, W., Xiang, L.: Application-transparent live migration for virtual machine on network security enhanced hypervisor. China Commun. 8, 32–42 (2011). Research paper
Berger, S., Caceres, R., Goldman, K.A., Perez, R., Sailer, R., Doorn, L.: Virtualizing the trusted platform module. In: USENIX Security, pp. 305–320 (2006)
Tamrakar, A.: Security in live migration of virtual machine with automated load balancing. Int. J. Eng. Res. Technol. (IJERT) 3(12) (2014)
Bgp hijacking. https://www.blackhat.com/docs/us-15/materials/us-15-Gavrichenkov-Breaking-HTTPS-With-BGP-Hijacking-wp.pdf
Hierarchy token bucket theory. http://research.dyn.com/2013/11/mitm-internet-hijacking/
Fu, X., et al.: On effectiveness of link padding for statistical traffic analysis attacks. In: Proceedings of 23rd International Conference on Distributed Computing Systems. IEEE (2003)
Houmansadr, A., Brubaker, C., Shmatikov, V.: The parrot is dead: observing unobservable network communications. In: 2013 IEEE Symposium on Security and Privacy (SP). IEEE (2013)
Dharam, R., Shiva, S.G.: Runtime monitors for tautology based SQL injection attacks. In: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec). IEEE (2012)
Shiva, S., Das, S.: CoRuM: collaborative runtime monitor framework for application security. In: 2018 IEEE/ACM International Conference on Utility and Cloud Computing Companion (UCC Companion). IEEE (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Das, S., Mahfouz, A.M., Shiva, S. (2020). A Stealth Migration Approach to Moving Target Defense in Cloud Computing. In: Arai, K., Bhatia, R., Kapoor, S. (eds) Proceedings of the Future Technologies Conference (FTC) 2019. FTC 2019. Advances in Intelligent Systems and Computing, vol 1069. Springer, Cham. https://doi.org/10.1007/978-3-030-32520-6_31
Download citation
DOI: https://doi.org/10.1007/978-3-030-32520-6_31
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-32519-0
Online ISBN: 978-3-030-32520-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)