Advertisement

Investigating the Possibility of Data Leakage in Time of Live VM Migration

  • Rehana Yasmin
  • Mohammad Reza Memarian
  • Shohreh Hosseinzadeh
  • Mauro Conti
  • Ville Leppänen
Chapter
Part of the Advances in Information Security book series (ADIS, volume 70)

Abstract

Virtual machine migration is a powerful technique used to balance the workload of hosts in environments such as a cloud data center. In that technique, VMs can be transferred from a source host to a destination host due to various reasons such as maintenance of the source host or resource requirements of the VMs. The VM migration can happen in two ways, live and offline migration. In time of live VM migration, VMs get transferred from a source host to a destination host while running. In that situation, the state of the running VM and information such as memory pages get copied from a host and get transferred to the destination by the VM migration system.

There exist security risks toward the migrating VM’s data integrity and confidentiality. After a successful VM migration, the source host shall remove the memory pages of the migrated VM. However there should be a mechanism for the owner of the VM to make sure his VM’s memory pages and information are removed from the source host’s physical memory. On the other hand, the memory portion on the destination host shall be clear from previously used VM’s data and possibly malicious codes. In this chapter, we investigate the possibility of misuse of migrating VM’s data either in transit or present at source and destination during the VM migration process. Based on the investigations, we give a proposal for a secure live VM migration protocol.

Keywords

Live VM migration Security Cloud computing Access control 

References

  1. 1.
    Alarifi S, Wolthusen S (2014) Communications and Multimedia Security: 15th IFIP TC 6/TC 11 International Conference, CMS 2014, Aveiro, Portugal, September 25–26, 2014. Proceedings, chap Dynamic Parameter Reconnaissance for Stealthy DoS Attack within Cloud Systems, pp 73–85Google Scholar
  2. 2.
    Aslam M, Gehrmann C, Björkman M (2012) Security and trust preserving VM migrations in public clouds. In: Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on, IEEE, pp 869–876Google Scholar
  3. 3.
    Berger S, Cáceres R, Goldman K A, Perez R, Sailer R, van Doorn L (2006) vTPM: Virtualizing the Trusted Platform Module. In: Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15, USENIX Association, Berkeley, CA, USA, USENIX-SS’06Google Scholar
  4. 4.
    Clark C, Fraser K, Hand S, Hansen J G, Jul E, Limpach C, Pratt I, Warfield A (2005) Live Migration of Virtual Machines. In: Proceedings of the 2Nd Conference on Symposium on Networked Systems Design & Implementation (NSDI’05) - Volume 2, USENIX Association, Berkeley, CA, USA, pp 273–286Google Scholar
  5. 5.
    Collberg C, Nagra J (2009) Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Pearson EducationGoogle Scholar
  6. 6.
    Danev B, Masti R J, Karame G O, Capkun S (2011) Enabling Secure VM-vTPM Migration in Private Clouds. In: Proceedings of the 27th Annual Computer Security Applications Conference, ACM, New York, NY, USA, ACSAC ’11, pp 187–196Google Scholar
  7. 7.
    Dewan P, Durham D, Khosravi H, Long M, Nagabhushan G (2008) A Hypervisor-based System for Protecting Software Runtime Memory and Persistent Storage. In: Proceedings of the 2008 Spring Simulation Multiconference, San Diego, CA, USA, SpringSim ’08, pp 828–835Google Scholar
  8. 8.
    Hansen J G, Jul E (2004) Self-migration of Operating Systems. In: Proceedings of the 11th Workshop on ACM SIGOPS European Workshop (EW ’11), ACM, New York, NY, USAGoogle Scholar
  9. 9.
    Homescu A, Jackson T, Crane S, Brunthaler S, Larsen P, Franz M (2017) Large-Scale Automated Software Diversity - Program Evolution Redux. IEEE Transactions on Dependable and Secure Computing 14(2):158–171CrossRefGoogle Scholar
  10. 10.
    Hosseinzadeh S, Rauti S, Laurén S, Mäkelä JM, Holvitie J, Hyrynsalmi S, Leppänen V (2016) A Survey on Aims and Environments of Diversification and Obfuscation in Software Security. In: Proceedings of the 17th International Conference on Computer Systems and Technologies 2016, ACM, New York, NY, USA, CompSysTech ’16, pp 113–120Google Scholar
  11. 11.
    Nelson M, Lim B H, Hutchins G (2005) Fast Transparent Migration for Virtual Machines. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference (ATEC ’05), USENIX Association, Berkeley, CA, USA, pp 25–25Google Scholar
  12. 12.
    Oberheide J, Cooke E, Jahanian F (2008) Empirical exploitation of live virtual machine migration. In: Proc. of BlackHat DC conventionGoogle Scholar
  13. 13.
    Payne B, Carbone M, Lee W (2007) Secure and flexible monitoring of virtual machines. In: Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual, pp 385–397Google Scholar
  14. 14.
    Perez-Botero D (2011) A Brief Tutorial on Live Virtual Machine Migration From a Security Perspective. [Available Online], URL http://www.cs.princeton.edu/~diegop/data/580_midterm_project.pdf, [Accessed: 29-Apr-2016]
  15. 15.
    Santos N, Gummadi K P, Rodrigues R (2009) Towards trusted cloud computing. In: Proceedings of the 2009 Conference on Hot Topics in Cloud Computing, USENIX Association, Berkeley, CA, USA, HotCloud’09Google Scholar
  16. 16.
    Shetty J, Anala M, Shobha G (2012) A Survey on Techniques of Secure Live Migration of Virtual Machine. International Journal of Computer Applications 39(12):34–39CrossRefGoogle Scholar
  17. 17.
    Shirazi N, Simpson S, Marnerides A, Watson M, Mauthe A, Hutchison D (2014) Assessing the impact of intra-cloud live migration on anomaly detection. In: Cloud Networking (CloudNet), 2014 IEEE 3rd International Conference on, pp 52–57Google Scholar
  18. 18.
    Trusted Computing Group — Open Standards for Security Technology (TCG) URL : www.trustedcomputinggroup.org
  19. 19.
    Voorsluys W, Broberg J, Venugopal S, Buyya R (2009) Cost of Virtual Machine Live Migration in Clouds: A Performance Evaluation. In: Proceedings of the 1st International Conference on Cloud Computing, CloudCom ’09, pp 254–265Google Scholar
  20. 20.
    Wang W, Zhang Y, Lin B, Wu X, Miao K (2010) Secured and reliable VM migration in personal cloud. In: 2nd International Conference on Computer Engineering and Technology (ICCET), 2010, vol 1, pp V1–705–V1–709Google Scholar
  21. 21.
    Wood T, Ramakrishnan K K, Shenoy P, van der Merwe J (2011) CloudNet: Dynamic Pooling of Cloud Resources by Live WAN Migration of Virtual Machines. In: Proceedings of the 7th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, ACM, New York, NY, USA, VEE ’11, pp 121–132Google Scholar
  22. 22.
    Xen (Xen) Users’ Manual Xen v3.3. URL http://bits.xensource.com/Xen/docs/user.pdf
  23. 23.
    Zhang F, Chen H (2013) Security-preserving live migration of virtual machines in the cloud. Journal of Network and Systems Management 21(4):562–587CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Rehana Yasmin
    • 1
  • Mohammad Reza Memarian
    • 2
  • Shohreh Hosseinzadeh
    • 2
  • Mauro Conti
    • 1
  • Ville Leppänen
    • 2
  1. 1.Department of MathematicsUniversity of PaduaPaduaItaly
  2. 2.Department of Future TechnologiesUniversity of TurkuTurkuFinland

Personalised recommendations