Secure migration of vm in cloud federation using enhanced key management
Download
1 / 26

Secure Migration of VM in Cloud Federation using Enhanced Key Management - PowerPoint PPT Presentation


  • 222 Views
  • Uploaded on

Secure Migration of VM in Cloud Federation using Enhanced Key Management. Agenda. Introduction Cloud Computing Virtualization VM migration Key Management in Cloud Literature Survey Survey Findings Industry Survey Community Response Problem Statement Proposed Architecture Design

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Secure Migration of VM in Cloud Federation using Enhanced Key Management' - trixie


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Agenda
Agenda Key Management

  • Introduction

    • Cloud Computing

    • Virtualization

    • VM migration

    • Key Management in Cloud

  • Literature Survey

  • Survey Findings

  • Industry Survey

  • Community Response

  • Problem Statement

  • Proposed Architecture Design

  • Technology and standards

  • Future Milestones

  • References


  • Cloud computing
    Cloud Computing Key Management

    • Cloud Services Model

      • SaaS

      • PaaS

      • IaaS

    • Cloud Federation

    • Federation Benefits

      • Cloud Burst

      • Load Balancing


    Virtualization
    Virtualization Key Management

    • Virtualization

    • Types of Virtualization

    • Virtual Machine (VM)


    Vm migration
    VM Migration Key Management

    • VM Migration

      • Live Migration (only shared storage)

      • Suspend/Pause and Transfer

    • Benefits of Migration

      • Load balancing

      • Disaster recovery

      • Hardware maintenance


    Key management in cloud
    Key Management in Cloud Key Management

    • Service Side Encryption (SSE) with KMS provides

      • Data protection

      • Hardware Encryption (AES-NI)

      • Reduce client maintenance effort

    • Amazon /Google’s provides transparent encryption.

    • VM images (object), Volume, Data encryption

    • Creating, Storing, Protecting, and Providing access to keys.


    Literature survey
    Literature Survey Key Management

    • Problem

      • Insecure VM migration in Xen/VMware/KVM.

    • Solution

      • Categorized Attack on VM migration into:

        • Control plane (Unauthorized migration operation)

        • Data plane (insecure channel)

        • Migration Module (buffer overflow issues)

      • Developed Xensploit Tool for exploitation

    Reference: J. Oberheide, E. Cooke and F. Jahanian, “Empirical exploitation of live Virtual Machine migration”, Proc. of BlackHat DC convention.


    Literature survey1
    Literature Survey Key Management

    • Problem

      • Inter Cloud VM mobility for cloud bursting and load balancing

    • Solution

      • Inter Cloud Proxies

      • Secure Channel between Proxies using SSH

    • Analysis

      • Tunnel does not provide host to host secure channel during migration.

      • Port forwarding on firewalls between the clouds

      • No Authorization mechanism.

    Reference: K. Nagin, D. Hadas, Z. Dubitzky, A. Glikson, I. Loy, B. Rochwerger and L. Schour, “Inter-cloud mobility of virtual machines”, International Conference on Systems and Storage, May 30-June 01, 2011, Haifa, Israel.


    Literature survey2
    Literature Survey Key Management

    • Problem

      • Trusted channel and remote attestation in VM migration

    • Solution

      • vTPM based migration proposed provides

        • Authentication, confidentiality, Integrity,

        • Reply Resistance, source non-repudiation

      • Two phases

        • Trusted channel establishment

        • VM and vTPM migration

    • Analysis

      • Authorization is not supported.

      • Dependency on TPM hardware .

      • Suspension of vTPM instance

      • Complex Key hierarchy from TPM to vTPM.

      • `

    Reference: X. Wan, X. Zhang, L. Chen and J. Zhu, “An improved vTPM migration protocol based trusted channel”, International Conference on Systems and Informatics, 2012, pp. 871-875


    Literature survey3
    Literature Survey Key Management

    • Problem

      • VM migration is insecure process

    • Solution.

      • Load calculation on physical host

      • RSA with SSL protocol for authentication and encryption

      • Pre-copy or Post-copy migration techniques

    • Analysis.

      • Authorization is not supported

      • Neglected the affects of migration in cloud environment.

    Reference: V. P. Patil and G.A. Patil, “Migrating process and virtual machine in the cloud: load balancing and security perspectives,” International Journal of Advanced Computer Science and Information Technology 2012, vol. 1, pp. 11-19.


    Literature survey4
    Literature Survey Key Management

    • Problem

      • Security and Reliability in VM migration

    • Solution.

      • Policy/Role based Migration approach

      • Consists of attestation service, seal storage, policy service, migration service and secure hypervisor components

    • Analysis.

      • Authentication is not supported

      • Dependency on TPM and Seal storage hardware.

    Reference: W. Wang, Y. Zhang, B. Lin, X. Wu and K. Miao, “Secured and reliable VM migration in personal cloud”, 2nd International Conference on Computer Engineering and Technology, 2010


    Literature survey5
    Literature Survey Key Management

    • Problem

      • Resource Optimization in Federated Cloud using VM migration.

    • Solution.

      • Monitor the current workload of the physical servers

      • Detect the overloaded servers efficiently

      • VM replacement considering the federated environment

    • Analysis.

      • No security feature is supported

    Reference: Y. Xu, Y. Sekiya , “Scheme of Resource Optimization using VM Migration for Federated Cloud

    Proceedings of the Asia-Pacific Advanced Network 2011 v. 32, p. 36-44


    Survey findings analysis of existing solutions and approaches
    Survey Findings Key ManagementAnalysis of Existing Solutions and Approaches


    Survey findings identified limitations
    Survey Findings Key ManagementIdentified Limitations

    • Security

      • Insufficient Access Control

      • Lack of Mutual Authentication

      • Lack of Confidentiality

      • Lack of Integrity

    • Implementation

      • Dependency on TPM/Seal Storage module

      • TPM is bottleneck

      • Leakage of information in vTPM.

      • Port forwarding on intermediate firewall


    Industrial survey
    Industrial Survey Key Management

    http://searchservervirtualization.techtarget.com/feature/Virtual-machine-migration-FAQ-Live-migration-P2V-and-more


    Cont.. Key Management

    http://www.net-security.org/secworld.php?id=11825


    Community response
    Community Response Key Management

    https://launchpad.net/~harlowja


    Problem statement
    Problem Statement Key Management

    This research work is intended to propose a secure migration of Encrypted Images of VM and their keys between CSP’s. Furthermore, we also propose enhanced key management which securely handle migrated keys.


    Cont.. Key Management

    A

    Dashboard/CLI

    B

    Load Monitoring

    Dashboard/CLI

    Load Monitoring

    Insecure channel

    3

    1

    2

    4

    5

    1

    2

    Encrypted Image Store, (Windows8, Ubuntu, Centos,Suse )

    Xen/KVM

    Encrypted Images Store, (Windows8, Ubuntu, Centos,Suse)

    Xen/KVM

    Authentication/ Authorization Module

    Authentication/ Authorization Module

    Key Manager

    Key Manager

    Can not store

    migration keys


    Requirements for vm migration process
    Requirements for VM migration Key ManagementProcess

    • Security:

      • Role based access control

      • Mutual Authentication (source non-repudiation and trust)

      • Confidentiality during migration process

      • Integrity of VM and Keys

    • Key Management:

      • Migrated Keys of Encrypted VM Images must be included in Key Manager of receiver CSP.


    Proposed architecture design
    Proposed Architecture Design Key Management

    1. Cert Req

    1. Cert Req

    2. Auth/Autz

    2. Auth/Autz

    A

    B

    Dashboard/CLI

    Dashboard/CLI

    Load Monitoring

    4. Migration Request

    8 b). Migrated VM.

    1

    2

    3

    3. Run VM Instance

    3. Run VM instance

    2

    5. Mutual Authentication

    2

    4

    5

    1

    2

    Xen/KVM

    Encrypted Images Store, Windows8, Ubuntu, Centos,Suse

    Encrypted Image Store, Windows8, Ubuntu, Centos,Suse

    Xen/KVM

    6. SSL Channel/ Key shared (K)

    Authentication/ Authorization Module

    Authentication/ Authorization Module

    7. [VM + {Key} Pub_B ] K

    9. ACK

    Key Manager

    Key Manager

    8a). Decrypt & Update Key Manager


    Technologies and standards
    Technologies and Standards Key Management

    • Libvirt

    • KVM/XEN

    • Python

    • OpenStack Cloud OS

    • Key Manager (OpenStack )

    • PKI (DogTag)

    • M2Crypt/pyopenssl


    Future milestones
    Future Milestones Key Management


    Thanks

    THANKS Key Management


    References
    References Key Management

    [1] K. Hashizume, D. G. Rosado, E. Fernández-Medina, and E. B. Fernandez, “An analysis of security issues for cloud computing,” Journal of Internet Services and Applications 2013.

    [2] P. Mell, T. Grance, 'The NIST definition of cloud computing". NIST,Special Publication 800–145, Gaithersburg, MD.

    [3] J. Oberheide, E. Cooke and F. Jahanian, “Empirical exploitation of live Virtual Machine migration”, Proc. of BlackHat DC convention 2008.

    [4] V. Vaidya, "Virtualization vulnerabilities and threats: a solution white paper", RedCannon Security Inc, 2009.

    http://www.redcannon.com/vDefense/VM_security_wp.pdf.

    [5] Steve Orrin, Virtualization Security: Challenges and Solutions, 2010.

    http://365.rsaconference.com/servlet/JiveServlet/previewBody/2555-102-2-3214/STAR-303.pdf.

    [6] J. Shetty, Anala M. R, Shobha G, “A survey on techniques of secure live migration of virtual machine”, International Journal of Computer Applications (0975 – 8887), vol. 39, no.12, February 2012.

    [7] X. Wan, X. Zhang, L. Chen and J. Zhu, “An improved vTPM migration protocol based trusted channel”, International Conference on Systems and Informatics, 2012, pp. 871-875.

    [8] OpenStack Security Guide, 2013.

    http://docs.openstack.org/security-guide/security-guide.pdf.

    [9] W. Wang, Y. Zhang, B. Lin, X. Wu and K. Miao, “Secured and reliable VM migration in personal cloud”, 2nd International Conference on Computer Engineering and Technology, 2010.


    References1
    References Key Management

    [10] B. Danev, R. J. Masti, G. O. Karame and S. Capkun,“Enabling secure VM-vTPM migration in private clouds”, Proceedings of the 27th Annual Computer Security Applications Conference, December 05-09, 2011, Orlando, Florida.

    [11] K. Nagin, D. Hadas, Z. Dubitzky, A. Glikson, I. Loy, B. Rochwerger and L. Schour, “Inter-cloud mobility of virtual machines”, International Conference on Systems and Storage, May 30-June 01, 2011, Haifa, Israel.

    [12] Y. Chen, Q. Shen, P. Sun, Y. Li, Z. Chen and S. Qing, “Reliable migration module in trusted cloud based on security level - design and implementation”, International Parallel and Distributed Processing Symposium Workshops & PhD Forum 2012.

    [13]. V. P. Patil and G.A. Patil, “Migrating process and virtual machine in the cloud: load balancing and security perspectives,” International Journal of Advanced Computer Science and Information Technology 2012, vol. 1, pp. 11-19

    [14]. M. Aslam, C. Gehrmann, M. Bjorkman “Security and trust preserving VM migrations in public clouds”, International Conference on Trust, Security and Privacy in Computing and Communications 2012.

    [15] P. Botero, Diego “A brief tutorial on live virtual machine migration from a security perspective”, University of Princeton, USA.

    [16]. A. Rehman, S. Alqahtani, A. Altameem and T. Saba, “Virtual machine security challenges: case studies”, International Journal of Machine Learning and Cybernetics: 1-14, April 2013.

    [17]. F. Zhang, Y. Huang, H. Wang, H. Chen, B. Zang, “PALM: security preserving VM live migration for systems with VMM-enforced protection”, Third Asia-Pacific Trusted Infrastructure Technologies Conference, 2008.


    ad