Advertisement

Research on Security Algorithm of Virtual Machine Live Migration for KVM Virtualization System

  • Wei Fan
  • Zhujun ZhangEmail author
  • Tingting Wang
  • Bo Hu
  • Sihan Qing
  • Degang Sun
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9977)

Abstract

Live migration of virtual machine is the process of moving VMs from one physical server to another server keeping services running in VMs, and facilitates load balancing, energy saving, hardware dependent, remote migration and so on. This novel technology brings a huge convenience, and also presents new security challenges that the security concern is the major factor effecting this technology widely adopted in IT industry. Live migration exposes VM’s data as plaintext to the network as a result of vulnerabilities in the migration protocol. The traditional protection way is using the SSL protocol, but that consume too much time and not as safe as it used to be, few users adopt this way. So we design a security algorithm based original migration algorithm making up for the lack of security. In this paper, firstly, we analyze and verify security threats to live migration. Secondly, through the analysis on the live migration mechanism, the bottom driver, and the source code of KVM virtualization system, we design a security algorithm for live migration to meet the security needs of different users. Thirdly, the new security algorithm which we innovatively add three functions to the original algorithm to ensure migration data to remain confidential and unmodified during the transmission. The security algorithm make up the security vulnerabilities of original migration mechanism and take less time than the SSL. Finally, a series of experiments validate the algorithm that could solve the balance of the security and performance in live migration process.

Keywords

Live migration Security threats Security algorithm KVM virtualization system 

Notes

Acknowledgment

This work was supported by the National Natural Science Foundation of China (Grant No. 61502486; 61170282).

References

  1. 1.
    Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles (SOSP19), pp. 164–177. ACM Press (2003)Google Scholar
  2. 2.
    Clark, C., Fraser, K., Hand, S., Hansen, J.G., Jul, E., Limpach, C., Pratt, I., Warfield, A.: Live migration of virtual machines. In: Proceedings of NSDI, pp. 273–286. USENIX Association, Berkely (2005)Google Scholar
  3. 3.
    Padala, P., Zhu, X., Wang, Z., et al.: Performance evaluation of virtualization technologies for server consolidation. Virtualiz. VMware ESX Serv. 9, 161–196 (2007)Google Scholar
  4. 4.
    Murugesan, S.: Harnessing green IT: principles and practices. In: Proceeding of IT Professional, vol. 10, pp. 24–33. IEEE Computer Society (2008)Google Scholar
  5. 5.
    Djenna, A., Batouche, M.: Security problems in cloud infrastructure. In: The 2014 International Symposium on Networks, Computers and Communications, pp. 1–6. IEEE (2014)Google Scholar
  6. 6.
    Ristenpart, T., Tromer, E., Shacham, H., et al.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: CCS Conference, pp. 199–212 (2009)Google Scholar
  7. 7.
    Fan, W., Kong, B., Zhang, Z.J., Wang, T.T., Zhang, J., Huang, W.Q.: Security protection model on live migration for KVM virtualization. J. Softw. 27(6), 1402–1416 (2016). (in Chinese)Google Scholar
  8. 8.
    Oberheide, J., Cooke, E., Jahanian, F.: Empirical exploitation of live migration of virtual machines. In: Black Hat DC Briefings, Westin Washington DC City Center (2008)Google Scholar
  9. 9.
    Yamunadevi, L., Aruna, P., Sudha, D.D., et al.: Security in virtual machine live migration for KVM. In: 2011 International Conference on Process Automation, Control and Computing (PACC), pp. 1–6. IEEE (2011)Google Scholar
  10. 10.
    Fan, W., Huang, W.Q., Jiang, F., Liu, C., Lv, B., Wang, R.R.: Research on security of memory leakage in live migration based virtualization. In: Twenty-Fourth National Conference on Information Security (IS 2014), vol. 09, pp. 12–17 (2014)Google Scholar
  11. 11.
    Dawoud, W., Takouna, I., Meinel, C.: Infrastructure as a service security: challenges and solutions. In: The 7th International Conference on Informatics and Systems (INFOS), pp. 1–8 (2010)Google Scholar
  12. 12.
    Anala, M.R., Shetty, J., Shobha, G.: A framework for secure live migration of virtual machines. In: 2013 International Conference on IEEE Advances in Computing, Communications and Informatics (ICACCI), pp. 243–248 (2013)Google Scholar
  13. 13.
    Aiash, M., Mapp, G., Gemikonakli, O.: Secure live virtual machines migration: issues and solutions. In: 2014 28th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 160–165. IEEE Computer Society (2014)Google Scholar
  14. 14.
    Garfinkel, T., Rosenblum, M.: When virtual is harder than real: security challenges in virtual machine based computing environments. In: Workshop on Hot Topics in Operating Systems (2005)Google Scholar
  15. 15.
    Sun, D., Zhang, J., Fan, W., et al.: SPLM: security protection of live virtual machine migration in cloud computing. In: Proceedings of the 4th ACM International Workshop on Security in Cloud Computing, pp. 2–9. ACM (2016)Google Scholar
  16. 16.
    Ballani, H., Francis, P., Zhang, X.: A study of prefix hijacking and interception in the internet. ACM SIGCOMM Comput. Commun. Rev. 37(4), 265–276 (2007)CrossRefGoogle Scholar
  17. 17.
    Zargar, S.T., Joshi, J., Tipper, D.: A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun. Surv. Tutor. 15(4), 2046–2069 (2013)CrossRefGoogle Scholar
  18. 18.
    Cowan, C., Wagle, F., Pu, C., et al.: Buffer overflows: attacks and defenses for the vulnerability of the decade. In: Information Survivability Conference and Exposition (2000)Google Scholar
  19. 19.
    Wang, J., Yang, Y., Chen, L., Yang, G., Chen, Z., Wen, L.: A combination of timing attack and statistical method to reduce computational complexities of SSL/TLS side-channel attacks. In: 2015 11th International Conference on Computational Intelligence and Security (CIS) (2015)Google Scholar
  20. 20.
    Awasthi, A., Gupta, R.: Multiple hypervisor based open stack cloud and VM migration. In: 2016 6th International Conference - Cloud System and Big Data Engineering (Confluence), Noida, pp. 130–134 (2016)Google Scholar
  21. 21.
    Graziano, C.D.: A performance analysis of Xen and KVM hypervisors for hosting the Xen Worlds Project. Graduate Theses and Dissertations, Paper 12215 (2011)Google Scholar
  22. 22.
    King, S.T., Chen, P.M.: SubVirt: implementing malware with virtual machines. In: IEEE Symposium on Security & Privacy, pp. 314–327. IEEE (2006)Google Scholar
  23. 23.
    Ravi, P., Shah, P.H.: Security in live virtual machine migration. Wichita State Univ. 5(5), 31 (2011)Google Scholar
  24. 24.
    Hu, Y., et al.: Performance analysis of encryption in securing the live migration of virtual machines. In: 2015 IEEE 8th International Conference on Cloud Computing, New York City, NY, pp. 613–620 (2015)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Wei Fan
    • 1
  • Zhujun Zhang
    • 1
    Email author
  • Tingting Wang
    • 1
  • Bo Hu
    • 1
  • Sihan Qing
    • 1
    • 2
    • 3
  • Degang Sun
    • 1
  1. 1.Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  2. 2.Institute of SoftwareChinese Academy of SciencesBeijingChina
  3. 3.School of Software and MicroelectronicsPeking UniversityBeijingChina

Personalised recommendations