An Analysis of the Virtual Machine Migration Incurred Security Problems in the Cloud

Cloud centric computing is a significant trend in computing. It is very appealing because it can offer a number of benefits such as cost efficiency, elasticity, scalability, and convenience to millions of organizations and end users. On the other hand, cloud computing creates many new security problems that should be properly addressed for its wide and successful adoption. In this paper, we analyze a new category of virtual machine (VM) migration incurred security problems. The migration of VM instances in the cloud is highly desirable and even inevitable for reasons such as load balancing and energy saving. We pinpoint that the migration of VM instances from one physical machine to another can weaken or even nullify the security protections provided by the intrusion prevention systems and intrusion detection systems to the original VM instances. We further analyze the root cause of this category of VM migration incurred security problems and discuss the potential approaches for addressing them.

[1]  Ghassan O. Karame,et al.  Enabling secure VM-vTPM migration in private clouds , 2011, ACSAC '11.

[2]  Sadie Creese,et al.  Cloud Computing: Insider Attacks on Virtual Machines during Migration , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[3]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[4]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[5]  Krishna P. Gummadi,et al.  Towards Trusted Cloud Computing , 2009, HotCloud.

[6]  Franco Travostino Seamless live migration of virtual machines over the MAN/WAN , 2006, SC.

[7]  Wenliang Du,et al.  Position paper: why are there so many vulnerabilities in web applications? , 2011, NSPW '11.

[8]  Leon Gommans,et al.  Seamless live migration of virtual machines over the MAN/WAN , 2006, Future Gener. Comput. Syst..

[9]  Wei Wang,et al.  Secured and reliable VM migration in personal cloud , 2010, 2010 2nd International Conference on Computer Engineering and Technology.

[10]  Haining Wang,et al.  A measurement study of insecure javascript practices on the web , 2013, TWEB.

[11]  Gary Anthes,et al.  Security in the cloud , 2010, Commun. ACM.

[12]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[13]  Prashant J. Shenoy,et al.  CloudNet: dynamic pooling of cloud resources by live WAN migration of virtual machines , 2011, VEE.

[14]  Niels Provos,et al.  Cybercrime 2.0: when the cloud turns dark , 2009, CACM.

[15]  Yanpei Chen,et al.  What's New About Cloud Computing Security? , 2010 .

[16]  Jaehyuk Huh,et al.  Dynamic Virtual Machine Scheduling in Clouds for Architectural Shared Resources , 2012, HotCloud.

[17]  Eyal de Lara,et al.  The Case for Energy-Oriented Partial Desktop Migration , 2010, HotCloud.

[18]  Chita R. Das,et al.  Migration, Assignment, and Scheduling of Jobs in Virtualized Environment , 2011, HotCloud.

[19]  Kun Sun,et al.  Vulnerability and Risk Analysis of Two Commercial Browser and Cloud Based Password Managers , 2013 .

[20]  Edward Chow,et al.  Using Amazon EC2 in Computer and Network Security Lab Exercises: Design, Results, and Analysis , 2012 .

[21]  Mats Björkman,et al.  Security and Trust Preserving VM Migrations in Public Clouds , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[22]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[23]  Andrew Warfield,et al.  Live migration of virtual machines , 2005, NSDI.

[24]  Umesh Deshpande,et al.  Live gang migration of virtual machines , 2011, HPDC '11.