1 / 43

Secure Migration of VM (SV2M) in Cloud Federation

Secure Migration of VM (SV2M) in Cloud Federation. Naveed Ahmad Thesis Supervisor Dr. Awais Shibli GEC Members Dr. Abdul Ghafoor Dr. Zahid Anwar Miss H irra Anwar. In-house Defense School of Electrical Engineering & Computer Science, NUST Islamabad.

craig-hurley
Download Presentation

Secure Migration of VM (SV2M) in Cloud Federation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Migration of VM (SV2M) in Cloud Federation Naveed Ahmad Thesis SupervisorDr. Awais Shibli GEC Members Dr. Abdul Ghafoor Dr. Zahid Anwar Miss Hirra Anwar In-house DefenseSchool of Electrical Engineering & Computer Science, NUST Islamabad Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad

  2. Introduction • Motivation • Literature Review • Research Methodology • Problem Statement • Objectives • Contributions • Implementation • Protocol Verification • Future Directions • References • Demonstration Agenda

  3. Cloud Computing Introduction • IaaS is the base of all Cloud services with SaaS and PaaS built upon it Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad

  4. Cloud Federation Cloud Federation Benefits: • Maximize resource utilization • Load balancing and Cloud bursting • Comprises services from different providers aggregated in a single pool supporting features such as • Resource migration, • Resource redundancy Introduction

  5. Virtualization Introduction Virtualization basically allows one computer to do the job of multiple computers. Sharing the resources of a single hardware across multiple environments Host operating system provides an abstraction layer for running virtual guest Oses Enable portability (migration) of virtual servers between physical servers Increase utilization of physical servers

  6. Virtual Machines Introduction A virtual machine provides interface identical to underlying bare hardware i.e. all devices, interrupts, memory, page tables etc. Virtualization Software VMWare KVM Xen QEMU

  7. VM Migration Introduction VM Migration is define as: Transfer of memory/storage of VM from one physical server to another. VM Migration categorized into Hot migration Cold migration Cold migration It is also know as offline migration. In this category, VM is completely power off before its migration to remote end.

  8. Cont... Introduction Hot Migration Live Memory Migration (only shared storage)/ Live Block Migration It is used to minimize the downtime of VM migration between server. Suspended/Paused VM migration. It is also used to transfer VM from one physical server to another without shutting down it . In suspended/paused migration type, state of VM saved in hard disk or RAM respectively for short time.

  9. VM migration Benefits Introduction Benefits provided by VM Migration are: Load balancing Disaster recovery Hardware maintenance Fault takeover 192.168.10.1 192.168.10.2 VM VM Private Cloud Public Cloud

  10. Motivation VM Migration in traditional DC and Cloud 192.168.10.1 192.168.10.2 VM2 VM1 • Non Repudiation • Availability • Authentication • Integrity • Confidentiality

  11. 2008 • Categorized Attack on VM migration into: • Control plane (Unauthorized migration operation) • Data plane (insecure channel) • Migration Module (buffer overflow issues) • Developed Xensploit Tool for exploitation (Reference: J. Oberheide, E. Cooke and F. Jahanian, “Empirical exploitation of live Virtual Machine migration”, Proc. of BlackHatDC convention.) 2010 • Policy/Role based Migration approach • Consists of attestation service, seal storage, policy service, migration service and secure hypervisor components • Authentication and Non Repudiation is not supported • Dependency on TPM and Seal storage hardware. (Reference: W. Wang, Y. Zhang, B. Lin, X. Wu and K. Miao, “Secured and reliable VM migration in personal cloud”, 2nd International Conference on Computer Engineering and Technology, 2010 ) Literature ReviewSecurity issue in VM migration

  12. 2011 • Resource Optimization in Federated Cloud using VM migration. • Monitor the current workload of the physical servers • Detect the overloaded servers efficiently • VM replacement considering the federated environment • No security feature is supported (Reference: Y. Xu, Y. Sekiya , “Scheme of Resource Optimization using VM Migration for Federated Cloud Proceedings of the Asia-Pacific Advanced Network 2011 v. 32, p. 36-44) 2011 • Usage of Inter Cloud Proxies • Secure Channel between Proxies using SSH • Tunnel does not provide host to host secure channel during migration • Port forwarding on firewalls between the clouds • Management of Public Keys for CSP’s is very complex (Reference: K. Nagin, D. Hadas, Z. Dubitzky, A. Glikson, I. Loy, B. Rochwerger and L. Schour, “Inter-cloud mobility of virtual machines”, International Conference on Systems and Storage, May 30-June 01, 2011, Haifa, Israel. ) • u Literature ReviewSecurity issue in VM migration andCloud Federation

  13. 2012 • RSA with SSL protocol for authentication and encryption • Pre-copy or Post-copy migration techniques • Non repudiation and Authorization is not supported (Reference: V. P. Patil and G.A. Patil, “Migrating process and virtual machine in the cloud: load balancing and security perspectives,” International Journal of Advanced Computer Science and Information Technology 2012, vol. 1, pp. 11-19. ) 2012 • vTPM based migration proposed provides • Authentication, confidentiality, Integrity, Reply Resistance, source non-repudiation • Dependency on TPM hardware . • Suspension of vTPM instance • Complex Key hierarchy from TPM to vTPM (Reference: X. Wan, X. Zhang, L. Chen and J. Zhu, “An improved vTPM migration protocol based trusted channel”, International Conference on Systems and Informatics, 2012, pp. 871-875 ) Literature ReviewSecurity issue in VM migration andCloud Federation

  14. Industrial SurveySecure VM Migration • http://searchservervirtualization.techtarget.com/feature/Virtual-machine-migration-FAQ-Live-migration-P2V-and-more

  15. https://launchpad.net/~harlowja OpenStack Community Response

  16. Research MethodologyDeductive Approach

  17. Research MethodologyDeductive Approach

  18. VM migration in Cloud environment is prone to security threats therefore this research work is intended to propose a secure migration of Virtual Machine (SV2M) with corresponding encrypted disk images (EI) between CSP’s. Problem Statement Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad

  19. Objectives

  20. Research Paper 1 • Naveed Ahmad, Ayesha Kanwaland Muhammad AwaisShibli “Survey on secure live virtual machine (VM) migration in Cloud" Information Assurance (NCIA), 2013 2nd National Conference on , vol., no., pp.101,106, 11-12 Dec. 2013. • Research Paper 2 • Naveed Ahmad, Ayesha Kanwal, Muhammad AwaisShibli and Abdul Ghafoor “Secure Virtual Machine Migration (SV2M) in Cloud Federation”, 2014 International Conference on Security and Cryptography (SECRYPT-2014), Austria, 28-30 August, 2014. ContributionsResearch Perspective

  21. Survey on secure virtual machine (VM) migration in Cloud • Establishment of a benchmark for security assessment of existing and proposed secure VM migration systems • Define security requirements for secure VM migration system Research PerspectiveProposed Security Requirements for secure VM migration

  22. Research Findings Analysis of Existing Solutions and Approaches Techniques

  23. Secure Virtual Machine Migration (SV2M) in Cloud Federation • Design & Develop SV2M system with comprehensive detail of all modules ( such as Mutual Authentication, Encryption/Decryption Module etc) • Integration of SV2M with OpenStack Platform • Security features verified using AVISPA Contributions Implementation Perspective

  24. https://launchpad.net/~harlowja Community Response (SV2M system)

  25. Python,bash scripting • PyXMLsec, M2crypto library • OpenStackdevstack Cloud on Ubuntu 12.04 LTS • AVISPA tool for security verification ImplementationDevelopment Toolkit

  26. Cloud Service Provider A Cloud Service Provider B Load Monitoring Module Load Monitoring Module Secure VM Migration Module Certificate Management Module Authorization Module Mutual Authentication Module VM Encr/Decr Module Key Manager Secure VM Migration Module Certificate Management Module Authorization Module Mutual Authentication Module VM Encr/Decr Module Key Manager ImplementationArchitecture – SV2M

  27. 1. Cert Req 1. Cert Req Cloud A Cloud B ImplementationWorkflow Diagram – SV2M Dashboard/CLI Load Monitoring Load Monitoring Dashboard/CLI run instance Secure VM Migration Module run instance Secure VM Migration Module 6b) migrated VM Certificate Management Module Certificate Management Module Active VM 3 Migration Request Active VM 1 2 3 Authorization Module Authorization Module 1 2 3 4 Xen/KVM 1 Mutual Authentication Module Mutual Authentication Module Xen/KVM 4. Mutual Authentication 2. AuthZ check 2. AuthZ check VM encr/decr Module VM encr/decr Module Encrypted Images Store, Windows8, Ubuntu, Centos Encrypted Images Store, Windows8, Ubuntu, Centos 5b) retrieve key (VMK) 5. [VM_xml_ds] + [VM] VMK+[VMK + EIK] PUB_B 6a) store migrated disk image key (EIK) 5a) retrieve encr disk image key(EIK) Key Manager Key Manager 7. ACK

  28. ImplementationComponents of SV2M • Secure VM migration module • Certificate Management Module (CMM) • Mutual Authentication Module (MAM) • Encryption/Decryption Module (EDM) • Key Manager (KM)

  29. ImplementationCertificate Management Module (CMM) • Used to generate RSA key pair first & • Generate certificate request to Trusted Third Party (TTP) for the Cloud provider. • Authentication module uses this certificate for entity authentication using FIPS-196.

  30. Cloud providers send X.509 certificates to each other & perform mutual authentication. • This module ensures that source and destination provider are ready to perform migration. ImplementationMutual Authentication Module (MAM) Cloud Cloud

  31. ImplementationVM Encryption & Decryption Module (EDM) Sender Cloud Perform • XML Signature of VM • XML encryption of VM using VM key (VMK) stored in key manager • and finally encrypt both EI key and VMK and sent along VM

  32. ImplementationVM Encryption & Decryption Module (EDM) Receiver Cloud Perform • First decrypt VMK and EI Keys using Private key of receiver Cloud • Decrypt VM using VMK and create new hash • And finally Verify XML signature of VM

  33. Key Manager Put(key-id,encr-str,app_name) SV2M Success SV2M Keys get(key-id,app_name) VM Encr Keys Images migrated keys Encrypted key string Implementation Key Manager • Storage of encrypted disk images keys (EIK) which are used to protect disk images in cloud repositories • It also used for generation and storage of VM encryption keys (VMK) for ED module • After successful resumption of VM on receiver, disk image key (EIK) is also stored on receiver Cloud

  34. ImplementationVM migration in OpenStack

  35. Implementation Integration with OpenStack

  36. AVISPA analyzed the protocol against security goals such as secrecy of key, weak/strong authentication. • We analyze the secure migration protocol against security requirements such as strong authentication (G1, G5), Non-repudiation (G18), secrecy (G12), integrity (G2), reply protection (G3). • The output indicates that a secure VM migration protocol is safe under analysis of OFMC, CL-AtSe, and SATMC and TA4SP back-ends AVISPA Verification

  37. AVISPABack ends Results

  38. Our focus was on securing VM migration process. However if malicious or vulnerable VM is migrated from one cloud to other then it may cause severe security issue at receiver cloud. Therefore, research is require on post VM migration on receiver Cloud. Future Directions

  39. We have investigated the vulnerabilities and threats involved during the migration of VMs between two Cloud domains and define security requirements for Secure VM migration . • Our proposed and implemented Secure VM Migration (SV2M) System provides strong security features such as mutual authentication, confidentiality, integrity, replay protection and non-repudiation. Conclusion Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad

  40. [1] K. Hashizume, D. G. Rosado, E. Fernández-Medina, and E. B. Fernandez, “An analysis of security issues for cloud computing,” Journal of Internet Services and Applications 2013. [2] P. Mell, T. Grance, 'The NIST definition of cloud computing". NIST,Special Publication 800–145, Gaithersburg, MD. [3] J. Oberheide, E. Cooke and F. Jahanian, “Empirical exploitation of live Virtual Machine migration”, Proc. of BlackHat DC convention 2008. [4] V. Vaidya, "Virtualization vulnerabilities and threats: a solution white paper", RedCannon Security Inc, 2009. http://www.redcannon.com/vDefense/VM_security_wp.pdf. [5] Steve Orrin, Virtualization Security: Challenges and Solutions, 2010. http://365.rsaconference.com/servlet/JiveServlet/previewBody/2555-102-2-3214/STAR-303.pdf. [6] J. Shetty, Anala M. R, Shobha G, “A survey on techniques of secure live migration of virtual machine”, International Journal of Computer Applications (0975 – 8887), vol. 39, no.12, February 2012. [7] X. Wan, X. Zhang, L. Chen and J. Zhu, “An improved vTPM migration protocol based trusted channel”, International Conference on Systems and Informatics, 2012, pp. 871-875. [8] OpenStack Security Guide, 2013. http://docs.openstack.org/security-guide/security-guide.pdf. [9] W. Wang, Y. Zhang, B. Lin, X. Wu and K. Miao, “Secured and reliable VM migration in personal cloud”, 2nd International Conference on Computer Engineering and Technology, 2010. References

  41. [10] B. Danev, R. J. Masti, G. O. Karame and S. Capkun,“Enabling secure VM-vTPM migration in private clouds”, Proceedings of the 27th Annual Computer Security Applications Conference, December 05-09, 2011, Orlando, Florida. [11] K. Nagin, D. Hadas, Z. Dubitzky, A. Glikson, I. Loy, B. Rochwerger and L. Schour, “Inter-cloud mobility of virtual machines”, International Conference on Systems and Storage, May 30-June 01, 2011, Haifa, Israel. [12] Y. Chen, Q. Shen, P. Sun, Y. Li, Z. Chen and S. Qing, “Reliable migration module in trusted cloud based on security level - design and implementation”, International Parallel and Distributed Processing Symposium Workshops & PhD Forum 2012. [13]. V. P. Patil and G.A. Patil, “Migrating process and virtual machine in the cloud: load balancing and security perspectives,” International Journal of Advanced Computer Science and Information Technology 2012, vol. 1, pp. 11-19 [14]. M. Aslam, C. Gehrmann, M. Bjorkman “Security and trust preserving VM migrations in public clouds”, International Conference on Trust, Security and Privacy in Computing and Communications 2012. [15] P. Botero, Diego “A brief tutorial on live virtual machine migration from a security perspective”, University of Princeton, USA. [16]. A. Rehman, S. Alqahtani, A. Altameem and T. Saba, “Virtual machine security challenges: case studies”, International Journal of Machine Learning and Cybernetics: 1-14, April 2013. [17]. F. Zhang, Y. Huang, H. Wang, H. Chen, B. Zang, “PALM: security preserving VM live migration for systems with VMM-enforced protection”, Third Asia-Pacific Trusted Infrastructure Technologies Conference, 2008. References

  42. Special thanks to my Supervisor , Committee Members, Ma’am Rahat and Ayesha. Thank You

  43. Implementation Demo Secure Virtual Machine Migration (SV2M) in Cloud Federation

More Related