KTH-SEECS Applied Information Security Lab

National University of Sciences and Technology (NUST)

Virtual Machines image protection in Cloud Computing

Domain:Cloud Computing Security

Status: Completed 
Contact Person(s): Muhammad Kazim , Rahat Masood , Awais Shibli

Date of Completion: March, 2014 

In Cloud computing, virtualization is the basis of providing IaaS that separates data, network, applications and machines from physical constraints. Virtualization has become a common way for users to optimize their hardware utilization by maximizing the number and kinds of jobs a single CPU can handle. It enables enterprise users and IT developers to have a unified physical platform whilst running on it multiple different operating systems and multiple applications. Although different virtualization approaches exist but for server virtualization in large computing systems, bare metal virtualization approach is used.

As enterprises continue to embrace this technology in order to take full advantage of the set of benefits it offers, they often overlook an important area like security. Organizations now face the challenge of securing virtualized systems, which are vulnerable to the same threats as physical systems. In particular, virtual machines (VMs) are vulnerable to many attacks, such as attacker accessing host disk files through his malicious virtual machine, creating rogue virtual machines using disk images to occupy system resources and launch a DOS attack at Cloud. Furthermore, user data on images might be accessible to unauthorized person with physical access to Cloud system. This project is based on designing a system that addresses the attacks launched on VM disk images stored in Cloud. To provide security to the VM images they will be kept encrypted in their unused state. The implementation of the project will be done on a open source Cloud computing platform.

                   
       
 
 
   

The major goals of the project are:
 
  • To ensure the integrity of disk images in the stored state.
  • To provide confidentiality to customer data stored in the disk images.
  • To ensure that the integrity and confidentiality of disk images is maintained even if the Cloud infrastructure is compromised.
  • Protecting the data stored on disk images from unauthorized access by Cloud admin or anyone with physical access to the system.  

 


Project Documents:

  1. Absract  (PDF)
  2. Presentation  (PDF)
  3. Publications

       ► "Securing the virtual Machine Images in Cloud Computing" (Link)

          ► "Security Aspects of Virtualization in Cloud Computing" (Link)

  1. CISM conference presentation (PDF) and Research paper: Security Aspects of Virtualization in Cloud Computing (Link)
  2. SIN conference presentation (PDFand Research paperSecuring the virtual machine images in cloud computing (Link)