Abstract
Current virtualization technologies enable hosting of a large number of Virtual Machines (VMs) on a common physical host. The hypervisor interconnects these VMs via Virtual Networks (VNs). These VNs underlie the same security requirements as physical networks. Network elements such as stateful firewalls contribute in enforcing this security. With the advent of stateful firewalls on the hypervisor level, a new challenge arises when it comes to VM migration. Not only the VM itself, but also the associated Security Context (SC) has to migrate. Current open-source hypervisors do not address this issue. In this paper we present the architecture and implementation of our framework for migrating SC along with VMs.
Keywords
Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Cisco nexus 1000v series switches (March 2012), http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns224/ns892/ns894/at_a_glance_c45-492852.pdf
Conntrack tools (March 2012), http://conntrack-tools.netfilter.org/index.html
Kvm (March 2012), http://www.linux-kvm.org
Kvm live migration (March 2012), http://www.linux-kvm.org/page/Migration
Libvirt (March 2012), http://www.libvirt.org
Netfilter (March 2012), http://www.Netfilter.org
Qemu (March 2012), http://www.qemu.org
Vmware (March 2012), http://www.VMware.com
Xen (March 2012), http://www.xen.org
Arcangeli, A., Eidus, I., Wright, C.: Increasing memory density by using kvm. In: Proceedings of the Linux Symposium, pp. 19–28 (2009)
Dawoud, W., Takouna, I., Meinel, C.: Infrastructure as a service security: Challenges and solutions. Security (2010), http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5461732
Kent, S., Seo, K.: Security Architecture for the Internet Protocol. RFC 4301, IETF (December 2005)
Miao, Q.G., Hui-Liu, Zhang, X.G., Liu, Z.L., Yang, Y.Z., Yun-Wang, Yin-Cao: Developing a virtual network environment for analyzing malicious network behavior. In: 2010 International Conference on Educational and Network Technology (ICENT), pp. 271–275 (June 2010)
Shah, A.: Kernel-based virtualization with kvm. Linux Magazine 86, 37–39 (2008), http://www.linux-magazine.com/w3/issue/86/Kernel_Based_Virtualization_With_KVM.pdf
Wu, H., Ding, Y., Winer, C., Yao, L.: Network security for virtual machine in cloud computing. In: 2010 5th International Conference on Computer Sciences and Convergence Information Technology (ICCIT), November 30-December 2, pp. 18–21 (2010)
Xianqin, C., Han, W., Sumei, W., Xiang, L.: Seamless virtual machine live migration on network security enhanced hypervisor. In: 2009 2nd IEEE International Conference on Broadband Network Multimedia Technology, pp. 847–853 (2009), http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=5347800
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Tavakoli, Z., Meier, S., Vensmer, A. (2012). A Framework for Security Context Migration in a Firewall Secured Virtual Machine Environment. In: Szabó, R., Vidács, A. (eds) Information and Communication Technologies. EUNICE 2012. Lecture Notes in Computer Science, vol 7479. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32808-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-32808-4_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32807-7
Online ISBN: 978-3-642-32808-4
eBook Packages: Computer ScienceComputer Science (R0)