Abstract
Virtual machine migration is an important tool that can be used in cloud computing environment for load balancing, disaster recovery, server consolidation, hardware maintenance, etc. Currently a few techniques have been proposed to secure the virtual machine migration process. However, these techniques have number of limitations e.g. lack of standard access control, mutual authentication, confidentiality, non-repudiation and integrity of VM data. Some of the techniques provide security services such as mutual authentication using TPM (Trusted Platform Module), however, not all the hardware platforms yet possess the TPM capability. This limits the deployment of such solutions in legacy systems. The architecture, presented in this paper, attempts to overcome these limitations with existing hardware support. In particular, we designed a secure and efficient protocol that migrates virtual machine from source cloud domain to destination cloud domain by considering fundamental security services such as confidentiality, integrity, standard access control and non-repudiation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
The Xen Project. www.xenproject.org. Accessed 11 December 2013
VMware Virtualization for Desktop & Server, Application, Public & Hybrid Clouds. www.vmware.com. Accessed 11 December 2013
Kernel based Virtual Machine. www.linux-kvm.org. Accessed 11 December 2013
Oberheide, J., Cooke, E., Jahanian, F.: Empirical exploitation of live virtual machine migration. In: Proceedings of BlackHat DC Convention (2008)
Zhang, F., Huang, Y., Wang, H.: PALM: security preserving VM live migration for systems with VMM-enforced protection. In: The 3rd Asia-Pacific Trusted Infrastructure Technologies Conference, pp. 9–18 (2008)
Travostino, F., et al.: Seamless live migration of virtual machines over the MAN/WAN. Future Gener. Comput. Syst. 22(8), 901–907 (2006)
Devi, Y., Aruna, P., Sudha, D.: Security in virtual machine live migration for KVM. In: International Conference on Process Automation, Control and Computing (PACC), pp. 1–6. IEEE (2011)
Wang, W., Zhang, Y., Lin, B., Wu, X., Miao, K.: Secured and reliable VM migration in personal cloud. In: The 2nd International Conference on Computer Engineering and Technology (ICCET), vol. 1, pp. 705–709. IEEE (2010)
NIST Guide to Security for full Virtualization, Special Publication 800–125 (2011)
eXtensible Access Control Markup Language (XACML) Version 3.0, Candidate OASIS Standard 01 (2012). http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cos01-en.html
Wood, T., Ramakrishnan, K.K., Shenoy, P., Merwe, J.V.: CloudNet: dynamic pooling of cloud resources by live WAN migration of virtual machines. In: Proceedings of the 7th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE-11), NY, USA, pp. 121–132 (2011)
Price, M.: The paradox of security in virtual environments. IEEE Comput. 41(11), 22–28 (2008). IEEE
Schwarzkopf, R., Schmidt, M., Strack, C., Martin, S., Freisleben, B.: Increasing virtual machine security in cloud environments. J. Cloud Comput.: Adv. Syst. Appl. vol. 1. Springer (2012)
Lombardi, F., DiPietro, R.: Secure virtualization for cloud computing. J. Network Comput. Appl. 34(4), 1113–1122 (2010). Elsevier
Al-Kiswany, S., Subhraveti, D., Sarkar, P., Ripeanu, M.: VMFlock: virtual machine co-migration for the cloud. In: Proceedings of the 20th International Symposium on High Performance Distributed Computing, pp. 159–170. ACM (2011)
Aslam, M., Gehrmann, C., Bjorkman, M.: Security and trust preserving VM migrations in public clouds. In: IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, (TrustCom), pp. 869–876 (2012)
Danev, B., et al.: Enabling secure VM-vTPM migration in private clouds. In: Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC), pp. 187–196. ACM (2011)
Xianqin, C., et al.: Seamless virtual machine live migration on network security enhanced hypervisor. In: IEEE 2nd International Conference on Broadband Network & Multimedia Technology, (IC-BNMT), pp. 847–853. IEEE (2009)
Recommendation for Pair Wise Key Establishment Schemes using Discrete Logarithm Cryptography (Revised), NIST Special Publication 800–56A (2007)
Advanced Encryption Standard (AES), Federal Information Processing Standards Publication 197 (2001)
Secure Hash Standard (SHS), Federal Information Processing Standards Publication 180-4 (2012)
Kaufman, C., Hoffman, P., Nir, Y., Eronen, P.: Internet Key Exchange Protocol Version 2 (IKEv2), IETF RFC-5996 (2010)
Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2, IETF RFC-5246 (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Zeb, T., Ghafoor, A., Shibli, A., Yousaf, M. (2015). A Secure Architecture for Inter-cloud Virtual Machine Migration. In: Tian, J., Jing, J., Srivatsa, M. (eds) International Conference on Security and Privacy in Communication Networks. SecureComm 2014. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 152. Springer, Cham. https://doi.org/10.1007/978-3-319-23829-6_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-23829-6_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23828-9
Online ISBN: 978-3-319-23829-6
eBook Packages: Computer ScienceComputer Science (R0)