KTH-SEECS Applied Information Security Lab

National University of Sciences and Technology (NUST)

Secure VM Migration in Cloud Federation using Enhanced Key Management

Domain:Cloud Security

Status: Completed
Contact Person(s):  Naveed Ahmad , Awais Shibli

Date of Completion: January, 2015 

Cloud computing paradigm is combination of technologies such as Virtualization, Web and Service-oriented architecture (SOA). Virtualization is core technology in Infrastructure as a Service (IaaS) delivery model of Cloud. In IaaS, Cloud Service Provider (CSP) allocates resources to consumers in the form of VM. Besides the various benefits, virtualization also introduces new attacks. Security limitations of virtualization technology are also inherited in the overall security of Cloud. Therefore, it is important to consider the security of VM in Cloud domain.

Cloud federation comprises services from different providers aggregated in a single pool supporting three basic interoperability features such as resource migration, resource redundancy and combination of complementary resources respectively services. Migration allows the relocation of resources, such as virtual machine images, data items etc. from one service domain to another domain. VM migration provides workload balancing and system maintenance features in Cloud. CSP's store VM disk images in encrypted form while at rest to prevent attacks. Furthermore, CSP use Key Managers for management (creating, storing, protecting, and providing ready access to the encryption keys) of keys in the Cloud environment. VM migration of images with their keys is necessary in Cloud Federation. However, management of migrated keys is not supported in existing Key Managers of Cloud domain. Therefore enhancement is needed in Key Managers for migrated keys in Cloud Federation.

Besides the various benefits of VM migration, it introduces severe security risks in Cloud Federation. There are several security risks in VM migration process provided by Xen, KVM and VMware hypervisors. For instance, Xen (XenMotion) exposes the sensitive information of guest OS during the VM migration. VM migration without security features becomes single point of failure (SPF) for Cloud environment. There is an intensive need of research on security issues of VM migration process in Cloud Federation.

In this regard, we aim to design and develop a secure solution for VM migration which provides the protection against active and passive attacks on Migration process. Our proposed secure VM migration solution will provide features of Mutual Authentication, Confidentiality, Integrity, Source Non-Repudiation and Replay Resistant. Furthermore, we will enhance the existing Key Manager for the management of keys in Cloud Federation.

 Architecture


Project Documents:

  1. Absract  (PDF)
  2. Presentation  (PDF)
  3. Publication

      ► "Secure Virtual Machine Migration (SV2M) in Cloud Federation" (Link)