A Survey on Security Issues and Solutions in Live Virtual Machine Migration.



Similar documents
Virtualization System Security

A Migration of Virtual Machine to Remote System

"ASM s INTERNATIONAL E-Journal on Ongoing Research in Management and IT"

Xen Live Migration. Networks and Distributed Systems Seminar, 24 April Matúš Harvan Xen Live Migration 1

Virtualization Technologies (ENCS 691K Chapter 3)

Dynamic Load Balancing of Virtual Machines using QEMU-KVM

Cloud Computing #6 - Virtualization

A Brief Tutorial on Live Virtual Machine Migration From a Security Perspective

Virtual Machines and Security Paola Stone Martinez East Carolina University November, 2013.

Virtualization. Pradipta De

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

Virtualization. Dr. Yingwu Zhu

Keyword: Cloud computing, service model, deployment model, network layer security.

Virtual Switching Without a Hypervisor for a More Secure Cloud

Virtualization. Jukka K. Nurminen

How To Make A Virtual Machine Aware Of A Network On A Physical Server

SPACK FIREWALL RESTRICTION WITH SECURITY IN CLOUD OVER THE VIRTUAL ENVIRONMENT

A Survey on Virtual Machine Security

Chapter 2 Addendum (More on Virtualization)

Compromise-as-a-Service

Analysis on Virtualization Technologies in Cloud

PERFORMANCE ANALYSIS OF KERNEL-BASED VIRTUAL MACHINE

SURVEY ON VIRTUALIZATION VULNERABILITIES

New Security Perspective for Virtualized Platforms

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments

Keywords Virtualization, Virtual Machines, Migration, Hypervisor, Cloud Computing

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

M.Sc. IT Semester III VIRTUALIZATION QUESTION BANK Unit 1 1. What is virtualization? Explain the five stage virtualization process. 2.

Knut Omang Ifi/Oracle 19 Oct, 2015

VXLAN: Scaling Data Center Capacity. White Paper

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Security Model for VM in Cloud

Clouds, Virtualization and Security or Look Out Below

NoHype: Virtualized Cloud Infrastructure without the Virtualization

Security and Cloud Compunting - Security impacts, best practices and solutions -

Analysis of Network Segmentation Techniques in Cloud Data Centers

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Firewalls, Tunnels, and Network Intrusion Detection

Hypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:

Secure Live VM Migration in Cloud Computing: A Survey

Using LISP for Secure Hybrid Cloud Extension

Chapter 14 Virtual Machines

Virtualization and Cloud Computing

Cloud Computing. Up until now

Infrastructure as a Service (IaaS)

IOS110. Virtualization 5/27/2014 1

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Security Issues with Integrated Smart Buildings

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

I/O Virtualization Using Mellanox InfiniBand And Channel I/O Virtualization (CIOV) Technology

Security Overview of the Integrity Virtual Machines Architecture

A Framework for Security Context Migration in a Firewall Secured Virtual Machine Environment

CIT 668: System Architecture

Introduction to Cyber Security / Information Security

IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures

Architecture Overview

Live Virtual Machine Migration Based on Cow Checkpointing Using XEN Hypervisor

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

Basics of Internet Security

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

Virtualisation Without a Hypervisor in Cloud Infrastructures: An Initial Analysis

International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May ISSN

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Introduction to Virtual Machines

Control Tower for Virtualized Data Center Network

Lecture 02b Cloud Computing II

In addition to their professional experience, students who attend this training should have technical knowledge in the following areas.

Securing Local Area Network with OpenFlow

Virtualization: Concepts, Applications, and Performance Modeling

CLOUD COMPUTING. DAV University, Jalandhar, Punjab, India. DAV University, Jalandhar, Punjab, India

VIRTUALIZATION 101. Brainstorm Conference 2013 PRESENTER INTRODUCTIONS

Virtual Machine Security

STREAM FRBC

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Distributed and Cloud Computing

Network Access Control in Virtual Environments. Technical Note

A Project Summary: VMware ESX Server to Facilitate: Infrastructure Management Services Server Consolidation Storage & Testing with Production Servers

A Threat Model for a Cloud Infrastructure with no Hypervisor

Basics in Energy Information (& Communication) Systems Virtualization / Virtual Machines

Live Migration of Virtual Machines in Cloud

Securing Virtual Applications and Servers

Cisco Nexus 1000V Switch for Microsoft Hyper-V

Virtualization. Explain how today s virtualization movement is actually a reinvention

Secure your Virtual World with Cyberoam

Wireless Network Security

Network Virtualization and Data Center Networks Data Center Virtualization - Basics. Qin Yin Fall Semester 2013

Transcription:

A Survey on Security Issues and Solutions in Live Virtual Machine Migration. A B S T R A C T Rajesaheb R. Kadam 1, Manoj Bangare 2 Department of Information Technology, SKNCOE Pune, University of Pune, India. rajekadam2010@gmail.com, manoj.bangare@gmail.com Virtualization technology allows the sharing of same physical resources among several users and helps to achieve optimum utilization of physical resources. Hardware virtualization is the process of partitioning the physical machines into logical machine using virtualization software called hypervisor and each logical machine is called virtual machine (VM). Live Virtual machine migration is the process of transferring a virtual machine from one physical machine to another while the VM is running and without interrupting the services running in VM. Live migration helps System administration in fault tolerance, online system maintenance, workload balancing and consolidation of VMs etc. However, vulnerabilities associated with live migration pose many security threats. Because of these threats IT industry is hesitate to adopt live migration for sensitive data applications. This paper is a survey of attacks on live migration of virtual machine and approaches to handle them. This paper also discusses proposed strategy to secure live migration. Index Terms : Virtualization, Virtual Machine, Live Migration, Security, Hypervisor. I. INTRODUCTION Virtualization technology was introduced in late 1960s by IBM. At that time the expensive and powerful mainframe computers were used for computation purpose but these mainframe computers were underutilized. Hence to optimize the utilization of most expensive hardware components and resources, multiprogramming and timesharing techniques were developed. Multiprogramming and timesharing formed the basis of virtualization. Virtualization is the technique which divides physical machine into several completely isolated machines known as virtual machines. Virtualization is the abstraction and emulation of hardware resources to have better resource sharing. We can have different types of virtualization such as server virtualization, operating System virtualization, Hardware emulation, paravirtualization, storage virtualization, network virtualization, Full virtualization etc [2]. Thus virtualization reduces investment, installation and operational cost for enterprises. The server virtualization or system virtualization is the ability to run multiple virtual machines, including their operating systems called Guest Operating System on existing real operating system called Host operating System. Virtual machine is an efficient isolated duplicate of real machine [3]. Virtual machine monitor (VMM) is a software abstraction layer that isolates the virtual machines by emulation of hardware.vmm is also called as hypervisor which controls the creation of VM and have control over all VM and system resources. Live migration is essential feature of virtualization defined as a process of dynamically transferring running VMs from one physical server to another with little or zero downtime and without interrupting services running in VM [4].Downtime is the total time for which VM stops running. Live migration helps System administration in cases like fault tolerance, online system maintenance, workload balancing and 131 2014, IJAFRC All Rights Reserved www.ijafrc.org

consolidation of VMs. Also in case of natural disasters Live Migration plays very important role in recovery process. Limited resources on same physical machine running multiple VMs causes resource conflict due to which physical machine may fail to serve continuously.hence, to avoid failure of VMs live migration is the solution to have continued and uninterrupted service. At present live migration is performed manually. Most of open source hypervisors like VMware s (VMotion), Xen, KVM, Oracle s Virtual box etc supports live migration. Up till now most of work is focused on live migration of VM with little consideration towards security. There are several vulnerabilities are present in the implementation of migration in Xen [5]. Migration protocol used is not secure and does not encrypt migration data of VM. Hence, there is no confidentiality of migrated data and other vulnerabilities like untrusted platform, authentication and authorization, bugs in hypervisor code etc. A secure live migration of VM requires Trusted source and destination platforms, authentication and authorization mechanism, confidentiality and integrity of migrated data, Mechanism to detect and notify suspicious activities. II. ATTACKS Detection of live virtual machine migration process plays important role while conducting attacks on it. Virtual machine live migration detection has been demonstrated in [6] using ICMP packets. [7] Provides a comprehensive survey of vulnerabilities leading to attacks in Live Migration. They are categorized into inappropriate access control policies, unprotected transmission channel, loopholes in migration module etc. A. Inappropriate Access Control Policies Inappropriate access control policies allow any user to initiate migration and terminate migration of virtual machine. Access policies also control access to hypervisor, isolation of VMs and resource sharing. Because of this attacker can exploits attacks like denial of service attack, Man-in-middle attack, Guest VM attack, internal virtual machine attack. Using loopholes in access policies attacker can migrate malicious VM to hypervisor and malicious VM harms the hypervisor and other VM instances [7]. B. Unprotected Transmission Channel Unprotected transmission channel is the result of insecure migration protocol. Insecure migration protocol does not encrypt the data flow over network and vulnerable to active as well as passive attacks. An attacker can gain access to the transmission channel using techniques such as ARP/DHCP poisoning, DNS poisoning and IP/route hijacking to perform passive or active attacks [6]. Passive attacks are eavesdropping of messages for passwords, sensitive data and capturing authenticated packets. Active attacks are manipulating kernel memory, manipulating authentication services like /bin/login, sshd etc C. Loopholes in Migration Module: Loopholes in migration module are stack overflow, heap overflow and integer overflow which makes the migration vulnerable. Oberheide et al. developed a tool named Xensploit [8] to carry out man-in -themiddle attacks on virtual machine migration. Xensploit was used to modify the memory segment, specifically the sshd memory segment, in such a way that the sshd authentication was be bypassed. Virtualization software is having large number of LOC and complex. Xen hypervisor has about 200K LOC and XEN emulator has about 600K LOC and the Host has about 1K LOC [9].With this large LOC bugs tends 132 2014, IJAFRC All Rights Reserved www.ijafrc.org

to exit. Bug reports such as those listed in NIST s National Vulnerability Database [10] show the difficulty of shipping bug-free hypervisor code. By exploiting these attack attacker can have access to virtual machines and breach the confidentiality, integrity of virtual machines data. III. Solutions for Secure Live Migration Following are the solutions for preventing attacks in live migration: A. Virtual Local Area Network VLAN is one of the Approaches to have secure live migration by isolating migration traffic and assigning group of VMs to VLAN.VLAN is virtual network created inside a public network and it is independent of physical location created by assigning tag to the packets with tag-id of corresponding VLAN [7]. VLAN defines a secure and trusted transmission channel by isolating migration traffic from other network traffic. A major drawback of VLAN-based security approach is the growth in complexity and administrative costs as the VM population grows [11]. The complexity lies in maintaining and setting up VLANs for each VM, troubleshooting and fix configuration errors, synchronizing VLANs configuration on virtual and physical switches, ensure compatibility between physical network and virtual network security policies, manage the growth and complexity of acls as number of VM increases. B. The CoM Security Framework and Network Security Engine: Network Security Engine is a security module based on the hypervisor including protection mechanisms like firewall, IDS and IPS. The CoM framework is based on both hypervisors and network security engine (NSE),thus system is called Network Security Engine-Hypervisors [4]. NSE includes intrusion detection system (IDS), intrusion Prevention System (IPS) and firewall which provides security to virtual environment. The NSE firewall has built in packet processing capability and works in a state-full way. The CoM framework provides traditional security approaches like IDS, firewall, IPS to have secure live migration. In this approach security context and migration data is encapsulated and transferred so that VM is restored on destination. C. Role Based Migration: Role based migration process based on Trusted Platform Module hardware and Intel vpro. In this TPM hardware is used to find cryptographically trusted remote hypervisor for secure migration. Trusted platform module (TPM) functionality can be powered in several other ways as well for secure virtual machine migration. TPM can recognise the presence of unauthorized and illegal access to the system. [12] Created a software module named vtpm inside the hypervisor, to share the TPM functionalities with the OS running in each virtual machine. For each virtual machine, an instance of TPM module (vtpm) is created. However, [13] points out that as this implementation is completely inside the software, it cannot protect the cryptographic secrets in every operating system. D. Comparison of Solutions 133 2014, IJAFRC All Rights Reserved www.ijafrc.org

VLAN Approach NSE and CoM Role based security framework migration Approach Approach Platform integrity verification No No Yes Confidentiality and integrity of VM during migration Authentication and Authorization of operation Depends on VLAN settings Depends on VLAN settings No Yes(if implemented in NSE) No Yes In live migration process there are several authentication issue as well as active and passive attacks which exploits live migration process. The Main cause of this is lack of secure live migration protocol. Hence secure live migration protocol should be used for live migration having essential features like protected transmission channel, integrity of migration data and entity authentication [1]. IV. RELATED WORK In Process migration, process moves from one physical server to another physical server. In 1980 s more research was done in process migration. However, due to residual dependency process migration didn t get popularity [16]. OS migration is another approach which handles all limitation of process migration and does the virtual machine migration efficiently. OS migration overcomes the residual dependency problem and administrator need not worry about it. Administrator can migrate OS and its associated process as single unit. Main theme of VM migration is to migrate memory and control of VM from one physical server to another without any service interruption. More research has been done in memory page migration process. Memory migration [16] process can be described as: Push phase: Certain memory pages are pushed to new machine while source VM continues running without stoppage. To ensure consistency between memory pages, pages which are modified are re-sent. Stop-and-Copy phase: The source VM is stopped, transferred to destination and only Started at destination host after all memory pages are copied at destination host. Pull Phase: If destination machine access memory page which is not yet copied to destination from source machine, those pages are faulted ( pulled ) in across the network from source VM. Stop-and-Copy is one of the best approaches of memory migration which involves stopping the original VM, copying all memory pages to the destination, and then starting the new VM. This approach has advantage of simplicity but both downtime and migration time is proportional to the amount of memory allocated to VM. Hence, to have minimum downtime pure demand migration was adopted which uses Stop-and-copy phase. In this approach the kernel data structures are copied to destination machine and the new VM started at destination after complete migration of memory pages. The remaining pages are fetched to destination at first use. This leads to less downtime but increased migration time also increased total migration time due to frequent page faults. Another best option of VM migration is precopy migration. The pre-copy approach provides a best way of migration by combining iterative push phase and a short stop-and-copy phase [16]. Memory pages are copied in rounds called iterative coping. 134 2014, IJAFRC All Rights Reserved www.ijafrc.org

The memory pages which are modified in first round are copied in next round. Every VM has set of small number of pages which are frequently modified which are poor candidates of pre-copy migration. The writable working set was designed to calculate total number of iterative for particular workloads. Wide research has been done to make live migration secure with efficient and minimum downtime. Live migration can be done from one server to another located in same room which has physical security and less chances of data loss. As increased popularity and demand of virtualization live migration was performed in LAN, from one physical host to another located at different physical location. Due to this physical separation physical security is not possible which invites data sniffing and other threats to live migration process. It is observed that live migration is vulnerable to Man-in-the-Middle attack. By exploiting this attack any unauthorized user can sniff the ongoing data and visualize the data. The traffic ongoing on data plane is sensitive and not secured. Using tool Xensploit several attacks on live migration were evaluated and associated into different modules like control plane, data plane, migration module. Hence, to have data confidentiality and integrity we need to use secure migration protocol [1]. V. PROPOSED SOLUTION Security measures to protect sensitive data during live migration should be designed in such a way that data confidentiality and integrity is preserved. IPSec tunnel is one of the ways to secure live migration as discussed below: A. IPSec Tunnel IPSec protocol is the secure protocol in network layer and used for securing the internet protocol traffic. By building IPSec tunnel we can have secure live VM migration through tunnel. If live migration is done through Internet protocol security tunnel, then we need to face the problem of increased downtime of VM. This increased downtime cause service disruption but have secure live migration since data will be encrypted. While passing of data through tunnel authentication and encryption of each IP packet is done. In [17], author gives detail explanation of operations, authentication and encryption techniques. We can use IPSec tunnel to protect data flow at server-to-server levels or from edge router-to edge router. Hence, if live migration is done through IPSec tunnel, IP packet would be encrypted and difficult to sniff data and trace it. Figure 1. Live VM migration through IPSec tunnel 135 2014, IJAFRC All Rights Reserved www.ijafrc.org

VI. CONCLUSION In this paper, we have discussed various vulnerabilities and associated attacks on live migration and also discussed various approaches to tackle with these. It is concluded from the survey that the main cause of these vulnerabilities is insecure migration protocol and no single integrated approach is available which provides platform integrity verification, Confidentiality and Integrity of migration data, Authentication and authorization of migration operations. Hence, we have proposed strategies which suggest that secure live migration should be done through IPSec tunnel with strong encryption techniques. VII. REFERENCES [1] R. Jithin and Priya Chandran. A Survey on the Security of Virtual Machines Springer-Verlag Berlin Heidelberg 2014. [2] Mendel Rosenblum, The reincarnation of virtual machines. Queue, 2(5):34-40, 2004. [3] Gerald J Popek and Robert P Goldberg, Formal requirements for virtualizable third generation architectures In SOSP 73: proceedings of the fourth ACM symposium on operating system principles page 121, 1973. [4] Chen Xianqin, Gao Xiaopeng, Wan Han, Wang Sumei, Long Xiang, Application- Transparent Live Migration for virtual machine on network security enhanced hypervisor Research paper. China Communications. Page 32 42, 2011. [5] Melvin Ver. Dynamic Load Balancing Based On Live Migration Of Virtual Machines: Security Threats and Effects. Thesis report Rochester Institute of Technology, B. Thomas Golisano College of Computing and Information Sciences (GCCIS), Rochester, NY, U.S.A. [6] K onig, A., Steinmetz R., Detecting migration of virtual machines In:Proceedings of the 10th W urzburg Workshop on IP: Joint ITG, ITC, and Euro-NF Workshop Visions of Future Generation Networks (EuroView 2011), Julius-Maximilians-Universit at W urzburg, Lehrstuhl f ur Informatik III (2011). [7] Shetty, J., Anala, M.R., Shobha, G., A survey on techniques of secure live migration of virtual machine, International Journal of Computer Applications 39(12) (2012). [8] Oberheide, J., Cooke, E., Jahanian, F., Empirical exploitation of live virtual machine migration, In: Proc. of BlackHat DC convention (2008). [9] Jakub Szefer, Eric Keller, Ruby B. Lee, Jennifer Rexford, Eliminating the hypervisor Attack Surface for a More Secure Cloud, In Proceedings of ACM Conference on Computer and communications Security 2011. PP 401-412. [10] National Vulnerability Database, CVE and CCE Statistics Query Page. http://web.nvd.nist.gov/view/vuln/statistics [11] Alternatives for Securing Virtual Networks: A Different Network Requires a Different Approach- Extending Security to the Virtual World. white paper 1000220-012-EN Dec 2011, Juniper Networks, Inc. 136 2014, IJAFRC All Rights Reserved www.ijafrc.org

[12] Perez, R., Sailer, R., van Doorn, L., vtpm: virtualizing the trusted platform module, In: Proc. 15th Conf. on USENIX Security Symposium, pp. 305 320 (2006). [13] Stumpf, F., Eckert, C., Enhancing trusted platform modules with hardware-based virtualization techniques, In Second International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2008, pp. 1 9. IEEE (2008). [15] D. Milojicic, F. Douglis, Y. Paindaveine, R. Wheeler, and S. Zhou, Process migration, ACM Computing Surveys, 32(3):241 299, 2000. [16] Venkatesha S.,Sadhu S.,Kintali S. Department of computer science, University of California, Santa Barbara, Survey of Virtual Machines Migration Techniques, 2009. [14] Marvin M. Theimer, Keith A. Lantz, and David R.Cheriton, Preemptable remote execution facilities for the V-system In Proceedings of the [17] IPSec tunnel creation, SANS InfoSec Reading room, 2003. 10 th ACM Symposium on Operating System Principles, pages 2 12. ACMPress,1985. AUTHOR PROFILE Rajesaheb R. Kadam : Student, M.E Department of Information Technology, Smt. Kashibai Navale College of Engineering Pune,Savitribai Phule Pune University,India Manoj Bangare : Assistant Professor, Department of Information Technology, Smt. Kashibai Navale College of Engineering Pune,Savitribai Phule Pune University,India. 137 2014, IJAFRC All Rights Reserved www.ijafrc.org

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information