secure migration of vm in cloud federation using enhanced key management

Department of Computing, School of Electrical Engineering and Computer

Sciences, NUST - Islamabad

Dr. Abdul Ghafoor, Dr. Zahid Anwar, Miss Hirra Anwar

1

Naveed Ahmad2012-NUST-MS-CCS5-31

Committee Members:

Dr. Awais ShibliSupervisor:



Agenda Introduction

Cloud Computing Virtualization VM migration Key Management in Cloud

Literature SurveySurvey Findings Industry SurveyCommunity Response Problem Statement Proposed Architecture DesignTechnology and standards Future Milestones References

2



Cloud Computing

Cloud Services ModelSaaSPaaS IaaS

Cloud Federation Federation Benefits

Cloud Burst Load Balancing

3



Virtualization

Virtualization Types of Virtualization Virtual Machine (VM)

4



VM Migration

VM Migration Live Migration (only shared storage)Suspend/Pause and Transfer

Benefits of Migration Load balancingDisaster recoveryHardware maintenance

5



Key Management in Cloud

Service Side Encryption (SSE) with KMS providesData protection Hardware Encryption (AES-NI)Reduce client maintenance effort

Amazon /Google’s provides transparent encryption. VM images (object), Volume, Data encryptionCreating, Storing, Protecting, and Providing access to keys.

6



Literature Survey Problem

Insecure VM migration in Xen/VMware/KVM. Solution

Categorized Attack on VM migration into: Control plane (Unauthorized migration operation) Data plane (insecure channel) Migration Module (buffer overflow issues)

Developed Xensploit Tool for exploitation

7

Reference: J. Oberheide, E. Cooke and F. Jahanian, “Empirical exploitation of live Virtual Machine migration”, Proc. of BlackHat DC convention.



Problem Inter Cloud VM mobility for cloud bursting and load balancing

Solution Inter Cloud Proxies Secure Channel between Proxies using SSH

Analysis Tunnel does not provide host to host secure channel during migration. Port forwarding on firewalls between the clouds No Authorization mechanism.

8

Reference: K. Nagin, D. Hadas, Z. Dubitzky, A. Glikson, I. Loy, B. Rochwerger and L. Schour, “Inter-cloud mobility of virtual machines”, International Conference on Systems and Storage, May 30-June 01, 2011, Haifa, Israel.

Literature Survey



Problem Trusted channel and remote attestation in VM migration

Solution vTPM based migration proposed provides

Authentication, confidentiality, Integrity, Reply Resistance, source non-repudiation

Two phases Trusted channel establishment VM and vTPM migration

Analysis Authorization is not supported. Dependency on TPM hardware . Suspension of vTPM instance Complex Key hierarchy from TPM to vTPM.

`

9

Reference: X. Wan, X. Zhang, L. Chen and J. Zhu, “An improved vTPM migration protocol based trusted channel”, International Conference on Systems and Informatics, 2012, pp. 871-875

Literature Survey



Problem VM migration is insecure process

Solution. Load calculation on physical host RSA with SSL protocol for authentication

and encryption Pre-copy or Post-copy migration techniques

Analysis. Authorization is not supported Neglected the affects of migration in cloud

environment.

10

Reference: V. P. Patil and G.A. Patil, “Migrating process and virtual machine in the cloud: load balancing and security perspectives,” International Journal of Advanced Computer Science and Information Technology 2012, vol. 1, pp. 11-19.

Literature Survey



Problem Security and Reliability in VM

migration Solution.

Policy/Role based Migration approach Consists of attestation service, seal storage,

policy service, migration service and secure hypervisor components

Analysis. Authentication is not supported Dependency on TPM and Seal storage

hardware.

11

Reference: W. Wang, Y. Zhang, B. Lin, X. Wu and K. Miao, “Secured and reliable VM migration in personal cloud”, 2nd International Conference on Computer Engineering and Technology, 2010

Literature Survey



Problem Resource Optimization in Federated

Cloud using VM migration. Solution.

Monitor the current workload of the physical servers

Detect the overloaded servers efficiently VM replacement considering the federated

environment Analysis.

No security feature is supported

12

Reference: Y. Xu, Y. Sekiya , “Scheme of Resource Optimization using VM Migration for Federated CloudProceedings of the Asia-Pacific Advanced Network 2011 v. 32, p. 36-44

Literature Survey



Survey FindingsAnalysis of Existing Solutions and Approaches

13

Security Requirements/ID’s

1 3 4 5 6 7 8 9 10

Isolate migration networkVLAN[6]

Role basedMigration[9]

SecureVM-vTPM[10]

ImprovedvTMPbasedMigration[7]

VM mobilityusingSSH tunnel[11]

TCSL[12]

Secure Migration using RSA with SSL [13]

Trust TokenBased migration[14]

PALM[17]

Integrity Verification of platformAuthentication of platform

Isolate migration Traffic

Authorization (Access control policies )Confidentiality and Integrity of VM during migration

Isolatemigration traffic

Replay Resistance Isolatemigration traffic

Source Non-Repudiation



Survey FindingsIdentified Limitations

Security Insufficient Access ControlLack of Mutual AuthenticationLack of ConfidentialityLack of Integrity

Implementation Dependency on TPM/Seal Storage module TPM is bottleneck Leakage of information in vTPM. Port forwarding on intermediate firewall

14



Industrial Survey

http://searchservervirtualization.techtarget.com/feature/Virtual-machine-migration-FAQ-Live-migration-P2V-and-more

15



Cont..

http://www.net-security.org/secworld.php?id=11825

16



This research work is intended to propose a secure migration of Encrypted Images of VM and their keys between CSP’s. Furthermore, we also propose enhanced key management which securely handle migrated keys.

17



Cont..

AA

Key ManagerKey Manager

Dashboard/CLIDashboard/CLI

Authentication/ Authorization Module


Encrypted Images Store, (Windows8, Ubuntu, Centos,Suse)

Encrypted Images Store, (Windows8, Ubuntu, Centos,Suse)

Load Monitoring

Load Monitoring

11 22 33

Xen/KVMXen/KVM





Encrypted Image Store, (Windows8, Ubuntu, Centos,Suse )

Encrypted Image Store, (Windows8, Ubuntu, Centos,Suse )

11 22 44

Xen/KVMXen/KVM

55

Load Monitori

ng

Load Monitori

ng

BBInsecure channel

Can not store migration keys



Requirements for VM migrationProcess

Security: Role based access control Mutual Authentication (source non-repudiation and trust) Confidentiality during migration process Integrity of VM and Keys

Key Management: Migrated Keys of Encrypted VM Images must be included in Key

Manager of receiver CSP.

19



Proposed Architecture Design

AA





Encrypted Images Store, Windows8, Ubuntu, Centos,Suse

Encrypted Images Store, Windows8, Ubuntu, Centos,Suse

Load Monitoring

Load Monitoring

11 22 33

Xen/KVMXen/KVM





Encrypted Image Store, Windows8, Ubuntu, Centos,Suse

Encrypted Image Store, Windows8, Ubuntu, Centos,Suse

1. Cert Req1. Cert Req 1. Cert Req1. Cert Req

2. Auth/Autz2. Auth/Autz 2. Auth/Autz2. Auth/Autz

22 22

3. Run VM Instance3. Run VM Instance 3. Run VM

instance3. Run VM instance

11 22

Xen/KVMXen/KVM

44

4. Migration Request

4. Migration Request

5. Mutual Authentication

5. Mutual Authentication

6. SSL Channel/ Key shared (K)

6. SSL Channel/ Key shared (K)

7. [VM + {Key}

Pub_B ] K

7. [VM + {Key}

Pub_B ] K

8a). Decrypt & Update Key Manager

8a). Decrypt & Update Key Manager

8 b). Migrated VM.8 b). Migrated VM.

9. ACK9. ACK

55

BB



Technologies and Standards

LibvirtKVM/XENPythonOpenStack Cloud OSKey Manager (OpenStack )PKI (DogTag)M2Crypt/pyopenssl



Community Response

https://launchpad.net/~harlowja

22



Future MilestonesMilestones Duration

Preliminary study and Research Done

Implementation

Cloud Configuration , PKI setup Done

Key Manager setup 1 week

Implementation of security features Authorization, Authentication,

confidentiality and integrity

3 month

Enchantment in Key manager 1 month

Testing and Evaluation 1.5 month

Final Documentation 1.5 month



24



References [1] K. Hashizume, D. G. Rosado, E. Fernández-Medina, and E. B. Fernandez, “An analysis of security issues for cloud computing,” Journal of Internet Services and Applications 2013.

[2] P. Mell, T. Grance, 'The NIST definition of cloud computing". NIST,Special Publication 800–145, Gaithersburg, MD.

[3] J. Oberheide, E. Cooke and F. Jahanian, “Empirical exploitation of live Virtual Machine migration”, Proc. of BlackHat DC convention 2008.

[4] V. Vaidya, "Virtualization vulnerabilities and threats: a solution white paper", RedCannon Security Inc, 2009.

http://www.redcannon.com/vDefense/VM_security_wp.pdf.

[5] Steve Orrin, Virtualization Security: Challenges and Solutions, 2010.

http://365.rsaconference.com/servlet/JiveServlet/previewBody/2555-102-2-3214/STAR-303.pdf.

[6] J. Shetty, Anala M. R, Shobha G, “A survey on techniques of secure live migration of virtual machine”, International Journal of Computer Applications (0975 – 8887), vol. 39, no.12, February 2012.

[7] X. Wan, X. Zhang, L. Chen and J. Zhu, “An improved vTPM migration protocol based trusted channel”, International Conference on Systems and Informatics, 2012, pp. 871-875.

[8] OpenStack Security Guide, 2013.

http://docs.openstack.org/security-guide/security-guide.pdf.

[9] W. Wang, Y. Zhang, B. Lin, X. Wu and K. Miao, “Secured and reliable VM migration in personal cloud”, 2nd International Conference on Computer Engineering and Technology, 2010.



References [10] B. Danev, R. J. Masti, G. O. Karame and S. Capkun,“Enabling secure VM-vTPM migration in private clouds”, Proceedings of the 27th Annual Computer Security Applications Conference, December 05-09, 2011, Orlando, Florida.

[11] K. Nagin, D. Hadas, Z. Dubitzky, A. Glikson, I. Loy, B. Rochwerger and L. Schour, “Inter-cloud mobility of virtual machines”, International Conference on Systems and Storage, May 30-June 01, 2011, Haifa, Israel.

[12] Y. Chen, Q. Shen, P. Sun, Y. Li, Z. Chen and S. Qing, “Reliable migration module in trusted cloud based on security level - design and implementation”, International Parallel and Distributed Processing Symposium Workshops & PhD Forum 2012.

[13]. V. P. Patil and G.A. Patil, “Migrating process and virtual machine in the cloud: load balancing and security perspectives,” International Journal of Advanced Computer Science and Information Technology 2012, vol. 1, pp. 11-19

[14]. M. Aslam, C. Gehrmann, M. Bjorkman “Security and trust preserving VM migrations in public clouds”, International Conference on Trust, Security and Privacy in Computing and Communications 2012.[15] P. Botero, Diego “A brief tutorial on live virtual machine migration from a security perspective”, University of Princeton, USA.[16]. A. Rehman, S. Alqahtani, A. Altameem and T. Saba, “Virtual machine security challenges: case studies”, International Journal of Machine Learning and Cybernetics: 1-14, April 2013.[17]. F. Zhang, Y. Huang, H. Wang, H. Chen, B. Zang, “PALM: security preserving VM live migration for systems with VMM-enforced protection”, Third Asia-Pacific Trusted Infrastructure Technologies Conference, 2008.

secure migration of vm in cloud federation using enhanced key management

Documents