Secure migration of vm in cloud federation using enhanced key management
This presentation is the property of its rightful owner.
Sponsored Links
1 / 26

Secure Migration of VM in Cloud Federation using Enhanced Key Management PowerPoint PPT Presentation


  • 166 Views
  • Uploaded on
  • Presentation posted in: General

Secure Migration of VM in Cloud Federation using Enhanced Key Management. Agenda. Introduction Cloud Computing Virtualization VM migration Key Management in Cloud Literature Survey Survey Findings Industry Survey Community Response Problem Statement Proposed Architecture Design

Download Presentation

Secure Migration of VM in Cloud Federation using Enhanced Key Management

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Secure migration of vm in cloud federation using enhanced key management

Secure Migration of VM in Cloud Federation using Enhanced Key Management


Agenda

Agenda

  • Introduction

    • Cloud Computing

    • Virtualization

    • VM migration

    • Key Management in Cloud

  • Literature Survey

  • Survey Findings

  • Industry Survey

  • Community Response

  • Problem Statement

  • Proposed Architecture Design

  • Technology and standards

  • Future Milestones

  • References


  • Cloud computing

    Cloud Computing

    • Cloud Services Model

      • SaaS

      • PaaS

      • IaaS

    • Cloud Federation

    • Federation Benefits

      • Cloud Burst

      • Load Balancing


    Virtualization

    Virtualization

    • Virtualization

    • Types of Virtualization

    • Virtual Machine (VM)


    Vm migration

    VM Migration

    • VM Migration

      • Live Migration (only shared storage)

      • Suspend/Pause and Transfer

    • Benefits of Migration

      • Load balancing

      • Disaster recovery

      • Hardware maintenance


    Key management in cloud

    Key Management in Cloud

    • Service Side Encryption (SSE) with KMS provides

      • Data protection

      • Hardware Encryption (AES-NI)

      • Reduce client maintenance effort

    • Amazon /Google’s provides transparent encryption.

    • VM images (object), Volume, Data encryption

    • Creating, Storing, Protecting, and Providing access to keys.


    Literature survey

    Literature Survey

    • Problem

      • Insecure VM migration in Xen/VMware/KVM.

    • Solution

      • Categorized Attack on VM migration into:

        • Control plane (Unauthorized migration operation)

        • Data plane (insecure channel)

        • Migration Module (buffer overflow issues)

      • Developed Xensploit Tool for exploitation

    Reference: J. Oberheide, E. Cooke and F. Jahanian, “Empirical exploitation of live Virtual Machine migration”, Proc. of BlackHat DC convention.


    Literature survey1

    Literature Survey

    • Problem

      • Inter Cloud VM mobility for cloud bursting and load balancing

    • Solution

      • Inter Cloud Proxies

      • Secure Channel between Proxies using SSH

    • Analysis

      • Tunnel does not provide host to host secure channel during migration.

      • Port forwarding on firewalls between the clouds

      • No Authorization mechanism.

    Reference: K. Nagin, D. Hadas, Z. Dubitzky, A. Glikson, I. Loy, B. Rochwerger and L. Schour, “Inter-cloud mobility of virtual machines”, International Conference on Systems and Storage, May 30-June 01, 2011, Haifa, Israel.


    Literature survey2

    Literature Survey

    • Problem

      • Trusted channel and remote attestation in VM migration

    • Solution

      • vTPM based migration proposed provides

        • Authentication, confidentiality, Integrity,

        • Reply Resistance, source non-repudiation

      • Two phases

        • Trusted channel establishment

        • VM and vTPM migration

    • Analysis

      • Authorization is not supported.

      • Dependency on TPM hardware .

      • Suspension of vTPM instance

      • Complex Key hierarchy from TPM to vTPM.

      • `

    Reference: X. Wan, X. Zhang, L. Chen and J. Zhu, “An improved vTPM migration protocol based trusted channel”, International Conference on Systems and Informatics, 2012, pp. 871-875


    Literature survey3

    Literature Survey

    • Problem

      • VM migration is insecure process

    • Solution.

      • Load calculation on physical host

      • RSA with SSL protocol for authentication and encryption

      • Pre-copy or Post-copy migration techniques

    • Analysis.

      • Authorization is not supported

      • Neglected the affects of migration in cloud environment.

    Reference: V. P. Patil and G.A. Patil, “Migrating process and virtual machine in the cloud: load balancing and security perspectives,” International Journal of Advanced Computer Science and Information Technology 2012, vol. 1, pp. 11-19.


    Literature survey4

    Literature Survey

    • Problem

      • Security and Reliability in VM migration

    • Solution.

      • Policy/Role based Migration approach

      • Consists of attestation service, seal storage, policy service, migration service and secure hypervisor components

    • Analysis.

      • Authentication is not supported

      • Dependency on TPM and Seal storage hardware.

    Reference: W. Wang, Y. Zhang, B. Lin, X. Wu and K. Miao, “Secured and reliable VM migration in personal cloud”, 2nd International Conference on Computer Engineering and Technology, 2010


    Literature survey5

    Literature Survey

    • Problem

      • Resource Optimization in Federated Cloud using VM migration.

    • Solution.

      • Monitor the current workload of the physical servers

      • Detect the overloaded servers efficiently

      • VM replacement considering the federated environment

    • Analysis.

      • No security feature is supported

    Reference: Y. Xu, Y. Sekiya , “Scheme of Resource Optimization using VM Migration for Federated Cloud

    Proceedings of the Asia-Pacific Advanced Network 2011 v. 32, p. 36-44


    Survey findings analysis of existing solutions and approaches

    Survey FindingsAnalysis of Existing Solutions and Approaches


    Survey findings identified limitations

    Survey FindingsIdentified Limitations

    • Security

      • Insufficient Access Control

      • Lack of Mutual Authentication

      • Lack of Confidentiality

      • Lack of Integrity

    • Implementation

      • Dependency on TPM/Seal Storage module

      • TPM is bottleneck

      • Leakage of information in vTPM.

      • Port forwarding on intermediate firewall


    Industrial survey

    Industrial Survey

    http://searchservervirtualization.techtarget.com/feature/Virtual-machine-migration-FAQ-Live-migration-P2V-and-more


    Secure migration of vm in cloud federation using enhanced key management

    Cont..

    http://www.net-security.org/secworld.php?id=11825


    Community response

    Community Response

    https://launchpad.net/~harlowja


    Problem statement

    Problem Statement

    This research work is intended to propose a secure migration of Encrypted Images of VM and their keys between CSP’s. Furthermore, we also propose enhanced key management which securely handle migrated keys.


    Secure migration of vm in cloud federation using enhanced key management

    Cont..

    A

    Dashboard/CLI

    B

    Load Monitoring

    Dashboard/CLI

    Load Monitoring

    Insecure channel

    3

    1

    2

    4

    5

    1

    2

    Encrypted Image Store, (Windows8, Ubuntu, Centos,Suse )

    Xen/KVM

    Encrypted Images Store, (Windows8, Ubuntu, Centos,Suse)

    Xen/KVM

    Authentication/ Authorization Module

    Authentication/ Authorization Module

    Key Manager

    Key Manager

    Can not store

    migration keys


    Requirements for vm migration process

    Requirements for VM migrationProcess

    • Security:

      • Role based access control

      • Mutual Authentication (source non-repudiation and trust)

      • Confidentiality during migration process

      • Integrity of VM and Keys

    • Key Management:

      • Migrated Keys of Encrypted VM Images must be included in Key Manager of receiver CSP.


    Proposed architecture design

    Proposed Architecture Design

    1. Cert Req

    1. Cert Req

    2. Auth/Autz

    2. Auth/Autz

    A

    B

    Dashboard/CLI

    Dashboard/CLI

    Load Monitoring

    4. Migration Request

    8 b). Migrated VM.

    1

    2

    3

    3. Run VM Instance

    3. Run VM instance

    2

    5. Mutual Authentication

    2

    4

    5

    1

    2

    Xen/KVM

    Encrypted Images Store, Windows8, Ubuntu, Centos,Suse

    Encrypted Image Store, Windows8, Ubuntu, Centos,Suse

    Xen/KVM

    6. SSL Channel/ Key shared (K)

    Authentication/ Authorization Module

    Authentication/ Authorization Module

    7. [VM + {Key} Pub_B ] K

    9. ACK

    Key Manager

    Key Manager

    8a). Decrypt & Update Key Manager


    Technologies and standards

    Technologies and Standards

    • Libvirt

    • KVM/XEN

    • Python

    • OpenStack Cloud OS

    • Key Manager (OpenStack )

    • PKI (DogTag)

    • M2Crypt/pyopenssl


    Future milestones

    Future Milestones


    Thanks

    THANKS


    References

    References

    [1] K. Hashizume, D. G. Rosado, E. Fernández-Medina, and E. B. Fernandez, “An analysis of security issues for cloud computing,” Journal of Internet Services and Applications 2013.

    [2] P. Mell, T. Grance, 'The NIST definition of cloud computing". NIST,Special Publication 800–145, Gaithersburg, MD.

    [3] J. Oberheide, E. Cooke and F. Jahanian, “Empirical exploitation of live Virtual Machine migration”, Proc. of BlackHat DC convention 2008.

    [4] V. Vaidya, "Virtualization vulnerabilities and threats: a solution white paper", RedCannon Security Inc, 2009.

    http://www.redcannon.com/vDefense/VM_security_wp.pdf.

    [5] Steve Orrin, Virtualization Security: Challenges and Solutions, 2010.

    http://365.rsaconference.com/servlet/JiveServlet/previewBody/2555-102-2-3214/STAR-303.pdf.

    [6] J. Shetty, Anala M. R, Shobha G, “A survey on techniques of secure live migration of virtual machine”, International Journal of Computer Applications (0975 – 8887), vol. 39, no.12, February 2012.

    [7] X. Wan, X. Zhang, L. Chen and J. Zhu, “An improved vTPM migration protocol based trusted channel”, International Conference on Systems and Informatics, 2012, pp. 871-875.

    [8] OpenStack Security Guide, 2013.

    http://docs.openstack.org/security-guide/security-guide.pdf.

    [9] W. Wang, Y. Zhang, B. Lin, X. Wu and K. Miao, “Secured and reliable VM migration in personal cloud”, 2nd International Conference on Computer Engineering and Technology, 2010.


    References1

    References

    [10] B. Danev, R. J. Masti, G. O. Karame and S. Capkun,“Enabling secure VM-vTPM migration in private clouds”, Proceedings of the 27th Annual Computer Security Applications Conference, December 05-09, 2011, Orlando, Florida.

    [11] K. Nagin, D. Hadas, Z. Dubitzky, A. Glikson, I. Loy, B. Rochwerger and L. Schour, “Inter-cloud mobility of virtual machines”, International Conference on Systems and Storage, May 30-June 01, 2011, Haifa, Israel.

    [12] Y. Chen, Q. Shen, P. Sun, Y. Li, Z. Chen and S. Qing, “Reliable migration module in trusted cloud based on security level - design and implementation”, International Parallel and Distributed Processing Symposium Workshops & PhD Forum 2012.

    [13]. V. P. Patil and G.A. Patil, “Migrating process and virtual machine in the cloud: load balancing and security perspectives,” International Journal of Advanced Computer Science and Information Technology 2012, vol. 1, pp. 11-19

    [14]. M. Aslam, C. Gehrmann, M. Bjorkman “Security and trust preserving VM migrations in public clouds”, International Conference on Trust, Security and Privacy in Computing and Communications 2012.

    [15] P. Botero, Diego “A brief tutorial on live virtual machine migration from a security perspective”, University of Princeton, USA.

    [16]. A. Rehman, S. Alqahtani, A. Altameem and T. Saba, “Virtual machine security challenges: case studies”, International Journal of Machine Learning and Cybernetics: 1-14, April 2013.

    [17]. F. Zhang, Y. Huang, H. Wang, H. Chen, B. Zang, “PALM: security preserving VM live migration for systems with VMM-enforced protection”, Third Asia-Pacific Trusted Infrastructure Technologies Conference, 2008.


  • Login