Improving security of virtual machines during live migrations

Live migration of virtual machines (VMs) enables the transfer of a running VM to a new hardware component with minimal and hardly noticeable interruption. In cloud architectures, users are almost not able to detect live migrations of their VMs nor can they prevent them from happening. Nevertheless, if a VM is live migrated to a distant data center crossing national borders, security and privacy problems arise. This way, internal data can become subject to new national legislation without even notifying the owner of the live-migrated VM. In this paper, we propose methods to detect live migrations from the inside of an affected VM. Furthermore, we analyze how the live migration procedure can be delayed and how the additional gained time can be used to take security measures before the live migration is finished. We developed a “live migration defence framework” (LMDF) which can be used for security policy enforcement within a VM. We evaluated the proposed methods and techniques in our cloud setup and partially in the Amazon Elastic Computing Cloud (EC2).

[1]  Youki Kadobayashi,et al.  A Dynamic Protection System of Web Server in Virtual Cluster Using Live Migration , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[2]  Andrew Warfield,et al.  Live migration of virtual machines , 2005, NSDI.

[3]  Yi Wang,et al.  Virtual routers on the move: live router migration as a network-management primitive , 2008, SIGCOMM '08.

[4]  Chuang Lin,et al.  Energy optimized modeling for live migration in virtual data center , 2011, Proceedings of 2011 International Conference on Computer Science and Network Technology.

[5]  Anja Feldmann,et al.  Live wide-area migration of virtual machines including local persistent state , 2007, VEE '07.

[6]  Saneyasu Yamaguchi,et al.  A Study on Performance of Processes in Migrating Virtual Machines , 2011, 2011 Tenth International Symposium on Autonomous Decentralized Systems.

[7]  Jie Ma,et al.  Exploiting Data Deduplication to Accelerate Live Virtual Machine Migration , 2010, 2010 IEEE International Conference on Cluster Computing.

[8]  Keqiu Li,et al.  Xen Live Migration with Slowdown Scheduling Algorithm , 2010, 2010 International Conference on Parallel and Distributed Computing, Applications and Technologies.

[9]  Haibo Chen,et al.  PALM: Security Preserving VM Live Migration for Systems with VMM-enforced Protection , 2008, 2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference.

[10]  Qiang Huang,et al.  Power Consumption of Virtual Machine Live Migration in Clouds , 2011, 2011 Third International Conference on Communications and Mobile Computing.

[11]  Zachary N. J. Peterson,et al.  Geolocation of data in the cloud , 2013, CODASPY.

[12]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[13]  Jacobus Van der Merwe,et al.  Virtual routers on the move: live router migration as a network-management primitive , 2008, SIGCOMM '08.