Secure Live Virtual Machines Migration: Issues and Solutions

In recent years, there has been a huge trend towards running network intensive applications, such as Internet servers and Cloud-based service in virtual environment, where multiple virtual machines (VMs) running on the same machine share the machine's physical and network resources. In such environment, the virtual machine monitor (VMM) virtualizes the machine's resources in terms of CPU, memory, storage, network and I/O devices to allow multiple operating systems running in different VMs to operate and access the network concurrently. A key feature of virtualization is live migration (LM) that allows transfer of virtual machine from one physical server to another without interrupting the services running in virtual machine. Live migration facilitates workload balancing, fault tolerance, online system maintenance, consolidation of virtual machines etc. However, live migration is still in an early stage of implementation and its security is yet to be evaluated. The security concern of live migration is a major factor for its adoption by the IT industry. Therefore, this paper uses the X.805 security standard to investigate attacks on live virtual machine migration. The analysis highlights the main source of threats and suggests approaches to tackle them. The paper also surveys and compares different proposals in the literature to secure the live migration.

[1]  Paul Francis,et al.  A study of prefix hijacking and interception in the internet , 2007, SIGCOMM '07.

[2]  Anton Stiglic,et al.  Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems , 2001, Information Hiding.

[3]  Wei Wang,et al.  Secured and reliable VM migration in personal cloud , 2010, 2010 2nd International Conference on Computer Engineering and Technology.

[4]  Calton Pu,et al.  Buffer overflows: attacks and defenses for the vulnerability of the decade , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[5]  Andrew Warfield,et al.  Live migration of virtual machines , 2005, NSDI.

[6]  Leon Gommans,et al.  Seamless live migration of virtual machines over the MAN/WAN , 2006, Future Gener. Comput. Syst..

[7]  Men Long,et al.  A hypervisor-based system for protecting software runtime memory and persistent storage , 2008, SpringSim '08.

[8]  Calton Pu,et al.  Buffer overflows: attacks and defenses for the vulnerability of the decade , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[9]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[10]  Aboubaker Lasebae,et al.  Providing Security in 4G Systems: Unveiling the Challenges , 2010, 2010 Sixth Advanced International Conference on Telecommunications.

[11]  Jyoti Shetty,et al.  A Survey on Techniques of Secure Live Migration of Virtual Machine , 2012 .

[12]  Diego Perez-Botero A Brief Tutorial on Live Virtual Machine Migration From a Security Perspective , 2011 .

[13]  Stefan Katzenbeisser,et al.  Improving security of virtual machines during live migrations , 2013, 2013 Eleventh Annual Conference on Privacy, Security and Trust.

[14]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[15]  Jyoti Shetty,et al.  A framework for secure live migration of virtual machines , 2013, 2013 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[16]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[17]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[18]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.