Degang Sun
ABSTRACT
Virtual machine live migration technology, as an important support for cloud computing, has become a central issue in recent years. The virtual machines' runtime environment is migrated from the original physical server to another physical server, maintaining the virtual machines running at the same time. Therefore, it can make load balancing among servers and ensure the quality of service. However, virtual machine migration security issue cannot be ignored due to the immature development of it. This paper we analyze the security threats of the virtual machine migration, and compare the current proposed protection measures. While, these methods either rely on hardware, or lack adequate security and expansibility. In the end, we propose a security model of live virtual machine migration based on security policy transfer and encryption, named as SPLM (Security Protection of Live Migration) and analyze its security and reliability, which proves that SPLM is better than others. This paper can be useful for the researchers to work on this field. The security study of live virtual machine migration in this paper provides a certain reference for the research of virtualization security, and is of great significance.
- M. Alhashmi and R.U. Creative. A View of Cloud Computing. International Journal of Computers & Technology, 53(4):50--58, 2013. Google Scholar
Digital Library
- R. J. Adair. A virtual machine system for the 360/40. International Business Machines Corporation, Cambridge Scientific Center, 1966.Google Scholar
- L. Qian, Z. Luo, Y. Du and L Guo. Cloud computing: an overview. Cloud Computing, Springer Berlin Heidelberg, 626--631, 2009. Google ScholarDigital Library
- K. Adams and O. Agesen. A comparison of software and hardware techniques for x86 virtualization. ACM Sigplan Notices, 41(11): 2--13, 2006. Google ScholarDigital Library
- A. V. Cleeff, W. Pieters and R. Wieringa. Security implications of virtualization: A literature study. In Proceedings of the 2009 International Conference on Computational Science and Engineering, pages 353--358, 2009. Google ScholarDigital Library
- D. G. Feng, M. Zhang, Y. Zhang and X. Zhen. Study on cloud computing security. Journal of software, 22(1): 71--83, 2011.Google Scholar
- C. Clark, K. Fraser, S. Hand, J. G. Hansen and E. Jul. Live migration of virtual machines. In Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation, Volume 2 of USENIX Association, pages 273--286, May 2005. Google ScholarDigital Library
- M. Nelson, B. H. Lim and G. Hutchins. Fast Transparent Migration for Virtual Machines. In USENIX Annual Technical Conference, General Track, pages 391--394, 2005. Google ScholarDigital Library
- J. Oberheide, E. Cooke and F. Jahanian. Empirical exploitation of live virtual machine migration. In Proceedings of BlackHat DC convention, 2008.Google Scholar
- P. Barham, B. Dragovic, K. Fraser, S. Hand and A. Warfield. Xen and the art of virtualization. ACM SIGOPS Operating Systems Review, 37(5): 164--177, 2003. Google ScholarDigital Library
- A. Kivity, Y. Kamay, D. Laor and U. Lublin. kvm: the Linux virtual machine monitor. In Proceedings of the Linux Symposium, volume 1, pages 225--230, 2007.Google Scholar
- C. A. Waldspurger. Memory resource management in VMware ESX server. ACM SIGOPS Operating Systems Review, 36(SI): 181--194, 2002. Google ScholarDigital Library
- M. Aslam, C. Gehrmann and M. Björkman. Security and trust preserving vm migrations in public clouds. In Proceedings of the 11th International Conference on Trust, Security and Privacy in Computing and Communications (Trust Com), pages 869--876, 2012. Google ScholarDigital Library
- F. Zhang, Y. Huang, H. Wang, H. Chen and B. Zang. PALM: security preserving VM live migration for systems with VMM-enforced protection. In Proceedings of the 3rd Asia-Pacific Trusted Infrastructure Technologies Conference (APTC), pages 9--18, 2008. Google ScholarDigital Library
- M. R. Hines and K. Gopalan. Post-copy based live virtual machine migration using adaptive pre-paging and dynamic self-ballooning. In Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments, pages 51--60, 2009. Google ScholarDigital Library
- W. Fan, W. Huang, F. Jiang, C. Liu, B. Lv and R. Wang. Research on Security of Memory Leakage in Live Migration Based Vitualization. In Proceedings of 24th National Conference on Information Security, pages 12--17, 2014.Google Scholar
- Y. Hu, S. Panhale, T. Li, E. Kaynar, D. Chan, U. Deshpande, P. Yang and K. Gopalan. Performance Analysis of Encryption in Securing the Live Migration of Virtual Machines. In Proceedings of the IEEE 8th International Conference on Cloud Computing, pages 613--620, 2015. Google ScholarDigital Library
- S. B. Rathod and V. K. Reddy. Secure Live VM Migration in Cloud Computing: A Survey. International Journal of Computer Applications, 103(2), 2014.Google ScholarCross Ref
- M. Aiash, G. Mapp and O. Gemikonakli. Secure live virtual machines migration: issues and solutions. In Proceedings of the 28th International Conference on Advanced Information Networking and Applications Workshops, pages 160--165, 2014. Google ScholarDigital Library
- Z. Wang Z and X. Jiang. Hypersafe: A lightweight approach to provide lifetime hypervisor control-flow integrity. In 2010 IEEE Symposium on Security and Privacy (SP), pages 380--395, 2010. Google ScholarDigital Library
- J. Shetty and A. MR. A survey on techniques of secure live migration of virtual machine. International Journal of Computer Applications, 39(12): 34--39, 2012.Google ScholarCross Ref
- X. Chen, X. Gao, H. Wan, S. Wang and X. Long. Application-Transparent Live Migration for virtual machine on network security enhanced hypervisor. China Communications, 2011, 8(3):32--42, 2011.Google Scholar
- B. Sulaiman, N. Azman and H. Masuda. Evaluation of A Secure Live Migration of Virtual Machines Using IPsec Implementation. In Proceedings of the 3rd International Conference on Advanced Applied Informatics, pages 687--693, 2014.Google ScholarCross Ref
- W. Wang, Y. Zhang, B. Lin and K. Miao. Secured and reliable VM migration in personal cloud. In Proceedings of the 2nd International Conference on Computer Engineering and Technology, pages 705--709, 2010.Google ScholarCross Ref
- O. Levy, A. Kumar and P. Goel. Advanced Security Features of Intel vPro Technology. Intel Technology Journal, 12(4), 2008.Google Scholar
- B. Danev B, R. J. Masti, G. O. Karame and S. Capkun. Enabling secure VM-vTPM migration in private clouds. In Proceedings of the 27th Annual Computer Security Applications Conference, ACM, pages 187--196, 2011. Google ScholarDigital Library
- W. Fan, C. Kong, Z. Zhang, T. Wang, J. Zhang and W. Huang. Security Protection Model on Live Migration for KVM Virtualization. Journal of Software, in press.Google Scholar
- Trusted Computing Group, http://www.trustedcomputing group.org.Google Scholar
Index Terms
- SPLM: Security Protection of Live Virtual Machine Migration in Cloud Computing
Recommendations
Enabling Instantaneous Relocation of Virtual Machines with a Lightweight VMM Extension
CCGRID '10: Proceedings of the 2010 10th IEEE/ACM International Conference on Cluster, Cloud and Grid ComputingWe are developing an efficient resource management system with aggressive virtual machine (VM) relocation among physical nodes in a data center. Existing live migration technology, however, requires a long time to change the execution host of a VM, it ...
Performance Analysis for Pareto-Optimal Green Consolidation Based on Virtual Machines Live Migration
Huge energy requirement of cloud data centers is prime concern. Dynamic Virtual Machine VM consolidation based on VM live migration to switched-off or put some of the under-loaded host Physical Machines PMs into a low power consumption mode can ...
Transparently bridging semantic gap in CPU management for virtualized environments
Consolidated environments are progressively accommodating diverse and unpredictable workloads in conjunction with virtual desktop infrastructure and cloud computing. Unpredictable workloads, however, aggravate the semantic gap between the virtual ...
Comments