secure migration of vm (sv2m) in cloud federation

1Department of Computing, School of Electrical Engineering and Computer

Sciences, NUST - Islamabad

Secure Migration of VM (SV2M) in Cloud Federation

In-house DefenseSchool of Electrical Engineering &

Computer Science, NUST Islamabad

Naveed Ahmad

Thesis SupervisorDr. Awais Shibli

GEC Members

Dr. Abdul Ghafoor

Dr. Zahid Anwar

Miss Hirra Anwar

Department of Computing, School of Electrical Engineering and Computer




Agenda

Introduction Motivation Literature Review Research Methodology Problem Statement Objectives Contributions Implementation Protocol Verification Future Directions References Demonstration

3

Introduction



Cloud Computing

• IaaS is the base of all Cloud services with SaaS and PaaS built upon it



Introduction

4

Cloud Federation Benefits:

Maximize resource utilization Load balancing and Cloud

bursting

Cloud FederationComprises services from different providers aggregated in a single pool supporting features such as

• Resource migration,• Resource redundancy



Introduction

5

Virtualization•Virtualization basically allows one computer to do the job of multiple computers.

• Sharing the resources of a single hardware across multiple environments

•Host operating system provides an abstraction layer for running virtual guest Oses

•Enable portability (migration) of virtual servers between physical servers

•Increase utilization of physical servers



Introduction

6

Virtual Machines•A virtual machine provides interface identical to underlying bare hardware

i.e. all devices, interrupts, memory, page tables etc.

•Virtualization SoftwareVMWareKVMXenQEMU



Introduction

7

VM Migration •VM Migration is define as:

Transfer of memory/storage of VM from one physical server to another.

•VM Migration categorized into Hot migration Cold migration

•Cold migration • It is also know as offline migration. In this category, VM is completely power off before its migration to remote end.



Introduction

8

Cont...•Hot Migration

Live Memory Migration (only shared storage)/ Live Block Migration

It is used to minimize the downtime of VM migration between server.

Suspended/Paused VM migration.

It is also used to transfer VM from one physical server to another without shutting down it . In suspended/paused migration type, state of VM saved in hard disk or RAM respectively for short time.



Introduction

9

VM migration Benefits•Benefits provided by VM Migration are:

Load balancingDisaster recoveryHardware maintenanceFault takeover

PrivateCloud

Public Cloud

VM VM192.168.10.1 192.168.10.2



10

Motivation

VM Migration in traditional DC and Cloud

VM2

192.168.10.1 192.168.10.2

VM1

Confidentiality

Non Repudiation

Integrity

Authentication Availability



Literature Review

Security issue in VM migration

11

2008 • Categorized Attack on VM migration into:

Control plane (Unauthorized migration operation)Data plane (insecure channel)Migration Module (buffer overflow issues)

• Developed Xensploit Tool for exploitation

(Reference: J. Oberheide, E. Cooke and F. Jahanian, “Empirical exploitation of live Virtual Machine migration”,

Proc. of BlackHat DC convention.)

2010• Policy/Role based Migration approach• Consists of attestation service, seal storage, policy service,

migration service and secure hypervisor components• Authentication and Non Repudiation is not supported• Dependency on TPM and Seal storage hardware.(Reference: W. Wang, Y. Zhang, B. Lin, X. Wu and K. Miao, “Secured and reliable VM migration in personal cloud”, 2nd International Conference on Computer Engineering and Technology, 2010 )



Literature Review

Security issue in VM migration andCloud Federation

12

2011• Resource Optimization in Federated Cloud using VM

migration.• Monitor the current workload of the physical servers • Detect the overloaded servers efficiently • VM replacement considering the federated environment • No security feature is supported (Reference: Y. Xu, Y. Sekiya , “Scheme of Resource Optimization using VM Migration for Federated Cloud Proceedings of the Asia-Pacific Advanced Network 2011 v. 32, p. 36-44)

2011• Usage of Inter Cloud Proxies • Secure Channel between Proxies using SSH• Tunnel does not provide host to host secure channel during

migration• Port forwarding on firewalls between the clouds• Management of Public Keys for CSP’s is very complex(Reference: K. Nagin, D. Hadas, Z. Dubitzky, A. Glikson, I. Loy, B. Rochwerger and L. Schour, “Inter-cloud mobility of virtual machines”, International Conference on Systems and Storage, May 30-June 01, 2011, Haifa, Israel. )

u



Literature Review

Security issue in VM migration andCloud Federation

13

2012• RSA with SSL protocol for authentication and encryption • Pre-copy or Post-copy migration techniques• Non repudiation and Authorization is not supported

(Reference: V. P. Patil and G.A. Patil, “Migrating process and virtual machine in the cloud: load balancing and security perspectives,” International Journal of Advanced Computer Science and Information Technology 2012, vol. 1, pp. 11-19. )

2012• vTPM based migration proposed provides

Authentication, confidentiality, Integrity, Reply Resistance, source non-repudiation

• Dependency on TPM hardware .• Suspension of vTPM instance• Complex Key hierarchy from TPM to vTPM

(Reference: X. Wan, X. Zhang, L. Chen and J. Zhu, “An improved vTPM migration protocol based trusted channel”, International Conference on Systems and Informatics, 2012, pp. 871-875 )



Industrial SurveySecure VM Migration

http://searchservervirtualization.techtarget.com/feature/Virtual-machine-migration-FAQ-Live-migration-P2V-and-more






OpenStack Community Response

https://launchpad.net/~harlowja




Research Methodolo

gy Deductive Approach

Theory/Define Research Area

• Explore Cloud Computing issues and challenges

• Explore Virtual Machine migration and security challenges

Literature Survey

•Explore Industrial VM migration solution•Research publication related to security of VM migration

Define Research Problem

• There is a need to propose an assessment criteria for analysis of secure VM migration solutions

• There is need to propose a secure VM migration which fulfils the security requirements

Develop Hypothesis

• Is it possible to define security requirements for the secure VM migration between CSP’s?

• Does the insecurity in VM migration process is a major hindrance in adoption and acceptance in IT industry ?



Prepare Research

Design

• Identification of security requirements for VM migration process.

• Design of secure VM migration system which required minimum changes in current infrastructure

Hypothesis Evaluation/

Confirmation

• Implementation of SV2M system and verification of security features using AVISPA

Research Methodolo

gy Deductive Approach

18

VM migration in Cloud environment is prone to security threats therefore this research work is intended to propose a secure migration of Virtual Machine (SV2M) with corresponding encrypted disk images (EI) between CSP’s.

Problem Statement





Objectives

19

• To propose Security Requirements for secure VM migration in Cloud by extensive survey and analysis of existing secure migration techniques.

Objective 1

• To design and implement holistic system for secure VM migration in Cloud which fulfils the security requirements and requires minimum changes in existing infrastructure of Cloud.

Objective 2



Contributions

Research Perspective

Research Paper 1

• Naveed Ahmad, Ayesha Kanwal and Muhammad Awais Shibli “Survey on secure live virtual machine (VM) migration in Cloud" Information Assurance (NCIA), 2013 2nd National Conference on , vol., no., pp.101,106, 11-12 Dec. 2013.

Research Paper 2 Naveed Ahmad, Ayesha Kanwal, Muhammad

Awais Shibli and Abdul Ghafoor “Secure Virtual Machine Migration (SV2M) in Cloud Federation”, 2014 International Conference on Security and Cryptography (SECRYPT-2014), Austria, 28-30 August, 2014.



Research Perspective

Proposed Security Requirements for

secure VM migration

21

Survey on secure virtual machine (VM) migration in Cloud

Establishment of a benchmark for security assessment of existing and proposed secure VM migration systems

Define security requirements for secure VM migration system



Security Requirements

Isolate migration networkVLAN[6]

Role basedMigration[9]

SecureVM-vTPM[10]

ImprovedvTMPbasedMigration[7]

VM mobilityusingSSH tunnel[11]

TCSL[12]

Secure Migration using RSA with SSL [13]

Trust TokenBased migration[14]

PALM[17]

Mutual Authentication

û û û û ü û û û û

Authorization (Access control policies )

ûü

û û û û û û û

Confidentiality and Integrity û ü ü ü ü û ü ü üReplay Resistance û û ü ü ü û ü ü üSource Non-Repudiation û û û û ü û ü û û

Techniques

Research FindingsAnalysis of Existing Solutions and Approaches



Secure Virtual Machine Migration (SV2M) in Cloud Federation

Design & Develop SV2M system with comprehensive detail of all modules ( such as Mutual Authentication, Encryption/Decryption Module etc)

Integration of SV2M with OpenStack Platform Security features verified using AVISPA

Contributions

Implementation Perspective



Community Response

(SV2M system)





Implementation

Development Toolkit

Python,bash scripting

PyXMLsec, M2crypto library

OpenStack devstack Cloud on Ubuntu 12.04 LTS

AVISPA tool for security verification



Implementation

Architecture – SV2M

Cloud Service Provider A

Certificate Management Module


Authorization ModuleAuthorization Module

Mutual Authentication Module


VM Encr/Decr ModuleVM Encr/Decr Module

Secure VM Migration Module

Key ManagerKey Manager

Cloud Service Provider B






VM Encr/Decr ModuleVM Encr/Decr Module

Secure VM Migration Module


Load Monitoring ModuleLoad Monitoring Module Load Monitoring ModuleLoad Monitoring Module


Dashboard/CLIDashboard/CLI

Encrypted Images Store, Windows8, Ubuntu, Centos


Load Monitoring Load Monitoring

11

Xen/KVMXen/KVM

1. Cert Req1. Cert Req 1. Cert Req1. Cert Req

run instancerun instance

11

3 Migration Request

3 Migration Request

4. Mutual Authentication4. Mutual Authentication

5. [VM_xml_ds] + [VM] VMK +

[VMK + EIK] PUB_B

5. [VM_xml_ds] + [VM] VMK +

[VMK + EIK] PUB_B

7. ACK7. ACK






VM encr/decr ModuleVM encr/decr Module

Cloud A

22 33

Active VM

Cloud B




Dashboard/CLIDashboard/CLILoad Monitoring Load Monitoring



11

Xen/KVMXen/KVM

run instancerun instance

3322

Active VM

5a) retrieve encr disk image key(EIK)5a) retrieve encr disk image key(EIK) Key ManagerKey Manager

6a) store migrated disk image key (EIK)6a) store migrated disk image key (EIK)

44

6b) migrated VM6b) migrated VM

Secure VM Migration ModuleSecure VM Migration Module

2. AuthZ check2. AuthZ check

5b) retrieve key (VMK)5b) retrieve key (VMK)

VM encr/decr ModuleVM encr/decr Module 2. AuthZ check2. AuthZ check



Implementation

Workflow Diagram – SV2M

Secure VM migration module

1. Certificate Management Module (CMM)

2. Mutual Authentication Module (MAM)

3. Encryption/Decryption Module (EDM)

Key Manager (KM)

Implementation

Components of SV2M

Used to generate RSA key pair first &

Generate certificate request to Trusted Third Party (TTP) for the Cloud provider.

Authentication module uses this certificate for entity authentication using FIPS-196.

Implementation

Certificate Management Module (CMM)

• Cloud providers send X.509 certificates to each other & perform mutual authentication.

• This module ensures that source and destination provider are ready to perform migration.

Cloud Cloud

Implementation

Mutual Authentication Module (MAM)

Sender Cloud Perform

XML Signature of VM

XML encryption of VM using VM key (VMK) stored in key manager

and finally encrypt both EI key and VMK and sent along VM

Implementation

VM Encryption & Decryption Module (EDM)

Receiver Cloud Perform

• First decrypt VMK and EI Keys using Private key of receiver Cloud

• Decrypt VM using VMK and create new hash

• And finally Verify XML signature of VM

Implementation

VM Encryption & Decryption Module (EDM)

Storage of encrypted disk images keys (EIK) which are used to protect disk images in cloud repositories

It also used for generation and storage of VM encryption keys (VMK) for ED module

After successful resumption of VM on receiver, disk image key (EIK) is also stored on receiver Cloud

SV2M SV2M

SV2M Keys

VM Encr Keys

Images migrated keys

Key ManagerPut(key-id,encr-str,app_name)

Success

get(key-id,app_name)

Encrypted key string

Implementation

Key Manager

Implementation

VM migration in OpenStack

ImplementationIntegration with OpenStack

• AVISPA analyzed the protocol against security goals such as secrecy of key, weak/strong authentication.

• We analyze the secure migration protocol against security requirements such as strong authentication (G1, G5), Non-repudiation (G18), secrecy (G12), integrity (G2), reply protection (G3).

• The output indicates that a secure VM migration protocol is safe under analysis of OFMC, CL-AtSe, and SATMC and TA4SP back-ends

AVISPA Verification

AVISPABack ends

Results



Future Directions

Our focus was on securing VM migration process. However if malicious or vulnerable VM is migrated from one cloud to other then it may cause severe security issue at receiver cloud. Therefore, research is require on post VM migration on receiver Cloud.

Conclusion We have investigated the vulnerabilities and threats

involved during the migration of VMs between two Cloud domains and define security requirements for Secure VM migration .

Our proposed and implemented Secure VM Migration (SV2M) System provides strong security features such as mutual authentication, confidentiality, integrity, replay protection and non-repudiation.





References

[1] K. Hashizume, D. G. Rosado, E. Fernández-Medina, and E. B. Fernandez, “An analysis of security issues for cloud computing,” Journal of Internet Services and Applications 2013.

[2] P. Mell, T. Grance, 'The NIST definition of cloud computing". NIST,Special Publication 800–145, Gaithersburg, MD.

[3] J. Oberheide, E. Cooke and F. Jahanian, “Empirical exploitation of live Virtual Machine migration”, Proc. of BlackHat DC convention 2008.

[4] V. Vaidya, "Virtualization vulnerabilities and threats: a solution white paper", RedCannon Security Inc, 2009.

http://www.redcannon.com/vDefense/VM_security_wp.pdf.

[5] Steve Orrin, Virtualization Security: Challenges and Solutions, 2010.

http://365.rsaconference.com/servlet/JiveServlet/previewBody/2555-102-2-3214/STAR-303.pdf.

[6] J. Shetty, Anala M. R, Shobha G, “A survey on techniques of secure live migration of virtual machine”, International Journal of Computer Applications (0975 – 8887), vol. 39, no.12, February 2012.

[7] X. Wan, X. Zhang, L. Chen and J. Zhu, “An improved vTPM migration protocol based trusted channel”, International Conference on Systems and Informatics, 2012, pp. 871-875.

[8] OpenStack Security Guide, 2013.

http://docs.openstack.org/security-guide/security-guide.pdf.

[9] W. Wang, Y. Zhang, B. Lin, X. Wu and K. Miao, “Secured and reliable VM migration in personal cloud”, 2nd International Conference on Computer Engineering and Technology, 2010.



References

[10] B. Danev, R. J. Masti, G. O. Karame and S. Capkun,“Enabling secure VM-vTPM migration in private clouds”, Proceedings of the 27th Annual Computer Security Applications Conference, December 05-09, 2011, Orlando, Florida.

[11] K. Nagin, D. Hadas, Z. Dubitzky, A. Glikson, I. Loy, B. Rochwerger and L. Schour, “Inter-cloud mobility of virtual machines”, International Conference on Systems and Storage, May 30-June 01, 2011, Haifa, Israel.

[12] Y. Chen, Q. Shen, P. Sun, Y. Li, Z. Chen and S. Qing, “Reliable migration module in trusted cloud based on security level - design and implementation”, International Parallel and Distributed Processing Symposium Workshops & PhD Forum 2012.

[13]. V. P. Patil and G.A. Patil, “Migrating process and virtual machine in the cloud: load balancing and security perspectives,” International Journal of Advanced Computer Science and Information Technology 2012, vol. 1, pp. 11-19

[14]. M. Aslam, C. Gehrmann, M. Bjorkman “Security and trust preserving VM migrations in public clouds”, International Conference on Trust, Security and Privacy in Computing and Communications 2012.

[15] P. Botero, Diego “A brief tutorial on live virtual machine migration from a security perspective”, University of Princeton, USA.

[16]. A. Rehman, S. Alqahtani, A. Altameem and T. Saba, “Virtual machine security challenges: case studies”, International Journal of Machine Learning and Cybernetics: 1-14, April 2013.

[17]. F. Zhang, Y. Huang, H. Wang, H. Chen, B. Zang, “PALM: security preserving VM live migration for systems with VMM-enforced protection”, Third Asia-Pacific Trusted Infrastructure Technologies Conference, 2008.



Thank You Special thanks to my Supervisor , Committee Members, Ma’am Rahat and Ayesha.



Implementation Demo

Secure Virtual Machine Migration (SV2M) in Cloud Federation

secure migration of vm (sv2m) in cloud federation

Documents