secure migration of vm (sv2m) in cloud federation
DESCRIPTION
Secure Migration of VM (SV2M) in Cloud Federation. Naveed Ahmad Thesis Supervisor Dr. Awais Shibli GEC Members Dr. Abdul Ghafoor Dr. Zahid Anwar Miss H irra Anwar. In-house Defense School of Electrical Engineering & Computer Science, NUST Islamabad. - PowerPoint PPT PresentationTRANSCRIPT
1Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Secure Migration of VM (SV2M) in Cloud Federation
In-house DefenseSchool of Electrical Engineering &
Computer Science, NUST Islamabad
Naveed Ahmad
Thesis SupervisorDr. Awais Shibli
GEC Members
Dr. Abdul Ghafoor
Dr. Zahid Anwar
Miss Hirra Anwar
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
2Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Agenda
Introduction Motivation Literature Review Research Methodology Problem Statement Objectives Contributions Implementation Protocol Verification Future Directions References Demonstration
3
Introduction
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Cloud Computing
• IaaS is the base of all Cloud services with SaaS and PaaS built upon it
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Introduction
4
Cloud Federation Benefits:
Maximize resource utilization Load balancing and Cloud
bursting
Cloud FederationComprises services from different providers aggregated in a single pool supporting features such as
• Resource migration,• Resource redundancy
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Introduction
5
Virtualization•Virtualization basically allows one computer to do the job of multiple computers.
• Sharing the resources of a single hardware across multiple environments
•Host operating system provides an abstraction layer for running virtual guest Oses
•Enable portability (migration) of virtual servers between physical servers
•Increase utilization of physical servers
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Introduction
6
Virtual Machines•A virtual machine provides interface identical to underlying bare hardware
i.e. all devices, interrupts, memory, page tables etc.
•Virtualization SoftwareVMWareKVMXenQEMU
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Introduction
7
VM Migration •VM Migration is define as:
Transfer of memory/storage of VM from one physical server to another.
•VM Migration categorized into Hot migration Cold migration
•Cold migration • It is also know as offline migration. In this category, VM is completely power off before its migration to remote end.
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Introduction
8
Cont...•Hot Migration
Live Memory Migration (only shared storage)/ Live Block Migration
It is used to minimize the downtime of VM migration between server.
Suspended/Paused VM migration.
It is also used to transfer VM from one physical server to another without shutting down it . In suspended/paused migration type, state of VM saved in hard disk or RAM respectively for short time.
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Introduction
9
VM migration Benefits•Benefits provided by VM Migration are:
Load balancingDisaster recoveryHardware maintenanceFault takeover
PrivateCloud
Public Cloud
VM VM192.168.10.1 192.168.10.2
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
10
Motivation
VM Migration in traditional DC and Cloud
VM2
192.168.10.1 192.168.10.2
VM1
Confidentiality
Non Repudiation
Integrity
Authentication Availability
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Literature Review
Security issue in VM migration
11
2008 • Categorized Attack on VM migration into:
Control plane (Unauthorized migration operation)Data plane (insecure channel)Migration Module (buffer overflow issues)
• Developed Xensploit Tool for exploitation
(Reference: J. Oberheide, E. Cooke and F. Jahanian, “Empirical exploitation of live Virtual Machine migration”,
Proc. of BlackHat DC convention.)
2010• Policy/Role based Migration approach• Consists of attestation service, seal storage, policy service,
migration service and secure hypervisor components• Authentication and Non Repudiation is not supported• Dependency on TPM and Seal storage hardware.(Reference: W. Wang, Y. Zhang, B. Lin, X. Wu and K. Miao, “Secured and reliable VM migration in personal cloud”, 2nd International Conference on Computer Engineering and Technology, 2010 )
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Literature Review
Security issue in VM migration andCloud Federation
12
2011• Resource Optimization in Federated Cloud using VM
migration.• Monitor the current workload of the physical servers • Detect the overloaded servers efficiently • VM replacement considering the federated environment • No security feature is supported (Reference: Y. Xu, Y. Sekiya , “Scheme of Resource Optimization using VM Migration for Federated Cloud Proceedings of the Asia-Pacific Advanced Network 2011 v. 32, p. 36-44)
2011• Usage of Inter Cloud Proxies • Secure Channel between Proxies using SSH• Tunnel does not provide host to host secure channel during
migration• Port forwarding on firewalls between the clouds• Management of Public Keys for CSP’s is very complex(Reference: K. Nagin, D. Hadas, Z. Dubitzky, A. Glikson, I. Loy, B. Rochwerger and L. Schour, “Inter-cloud mobility of virtual machines”, International Conference on Systems and Storage, May 30-June 01, 2011, Haifa, Israel. )
u
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Literature Review
Security issue in VM migration andCloud Federation
13
2012• RSA with SSL protocol for authentication and encryption • Pre-copy or Post-copy migration techniques• Non repudiation and Authorization is not supported
(Reference: V. P. Patil and G.A. Patil, “Migrating process and virtual machine in the cloud: load balancing and security perspectives,” International Journal of Advanced Computer Science and Information Technology 2012, vol. 1, pp. 11-19. )
2012• vTPM based migration proposed provides
Authentication, confidentiality, Integrity, Reply Resistance, source non-repudiation
• Dependency on TPM hardware .• Suspension of vTPM instance• Complex Key hierarchy from TPM to vTPM
(Reference: X. Wan, X. Zhang, L. Chen and J. Zhu, “An improved vTPM migration protocol based trusted channel”, International Conference on Systems and Informatics, 2012, pp. 871-875 )
14Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Industrial SurveySecure VM Migration
http://searchservervirtualization.techtarget.com/feature/Virtual-machine-migration-FAQ-Live-migration-P2V-and-more
15Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
OpenStack Community Response
https://launchpad.net/~harlowja
16Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Research Methodolo
gy Deductive Approach
Theory/Define Research Area
• Explore Cloud Computing issues and challenges
• Explore Virtual Machine migration and security challenges
Literature Survey
•Explore Industrial VM migration solution•Research publication related to security of VM migration
Define Research Problem
• There is a need to propose an assessment criteria for analysis of secure VM migration solutions
• There is need to propose a secure VM migration which fulfils the security requirements
Develop Hypothesis
• Is it possible to define security requirements for the secure VM migration between CSP’s?
• Does the insecurity in VM migration process is a major hindrance in adoption and acceptance in IT industry ?
17Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Prepare Research
Design
• Identification of security requirements for VM migration process.
• Design of secure VM migration system which required minimum changes in current infrastructure
Hypothesis Evaluation/
Confirmation
• Implementation of SV2M system and verification of security features using AVISPA
Research Methodolo
gy Deductive Approach
18
VM migration in Cloud environment is prone to security threats therefore this research work is intended to propose a secure migration of Virtual Machine (SV2M) with corresponding encrypted disk images (EI) between CSP’s.
Problem Statement
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Objectives
19
• To propose Security Requirements for secure VM migration in Cloud by extensive survey and analysis of existing secure migration techniques.
Objective 1
• To design and implement holistic system for secure VM migration in Cloud which fulfils the security requirements and requires minimum changes in existing infrastructure of Cloud.
Objective 2
20Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Contributions
Research Perspective
Research Paper 1
• Naveed Ahmad, Ayesha Kanwal and Muhammad Awais Shibli “Survey on secure live virtual machine (VM) migration in Cloud" Information Assurance (NCIA), 2013 2nd National Conference on , vol., no., pp.101,106, 11-12 Dec. 2013.
Research Paper 2 Naveed Ahmad, Ayesha Kanwal, Muhammad
Awais Shibli and Abdul Ghafoor “Secure Virtual Machine Migration (SV2M) in Cloud Federation”, 2014 International Conference on Security and Cryptography (SECRYPT-2014), Austria, 28-30 August, 2014.
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Research Perspective
Proposed Security Requirements for
secure VM migration
21
Survey on secure virtual machine (VM) migration in Cloud
Establishment of a benchmark for security assessment of existing and proposed secure VM migration systems
Define security requirements for secure VM migration system
22Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Security Requirements
Isolate migration networkVLAN[6]
Role basedMigration[9]
SecureVM-vTPM[10]
ImprovedvTMPbasedMigration[7]
VM mobilityusingSSH tunnel[11]
TCSL[12]
Secure Migration using RSA with SSL [13]
Trust TokenBased migration[14]
PALM[17]
Mutual Authentication
û û û û ü û û û û
Authorization (Access control policies )
ûü
û û û û û û û
Confidentiality and Integrity û ü ü ü ü û ü ü üReplay Resistance û û ü ü ü û ü ü üSource Non-Repudiation û û û û ü û ü û û
Techniques
Research FindingsAnalysis of Existing Solutions and Approaches
23Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Secure Virtual Machine Migration (SV2M) in Cloud Federation
Design & Develop SV2M system with comprehensive detail of all modules ( such as Mutual Authentication, Encryption/Decryption Module etc)
Integration of SV2M with OpenStack Platform Security features verified using AVISPA
Contributions
Implementation Perspective
24Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Community Response
(SV2M system)
https://launchpad.net/~harlowja
25Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Implementation
Development Toolkit
Python,bash scripting
PyXMLsec, M2crypto library
OpenStack devstack Cloud on Ubuntu 12.04 LTS
AVISPA tool for security verification
26Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Implementation
Architecture – SV2M
Cloud Service Provider A
Certificate Management Module
Certificate Management Module
Authorization ModuleAuthorization Module
Mutual Authentication Module
Mutual Authentication Module
VM Encr/Decr ModuleVM Encr/Decr Module
Secure VM Migration Module
Key ManagerKey Manager
Cloud Service Provider B
Certificate Management Module
Certificate Management Module
Authorization ModuleAuthorization Module
Mutual Authentication Module
Mutual Authentication Module
VM Encr/Decr ModuleVM Encr/Decr Module
Secure VM Migration Module
Key ManagerKey Manager
Load Monitoring ModuleLoad Monitoring Module Load Monitoring ModuleLoad Monitoring Module
Key ManagerKey Manager
Dashboard/CLIDashboard/CLI
Encrypted Images Store, Windows8, Ubuntu, Centos
Encrypted Images Store, Windows8, Ubuntu, Centos
Load Monitoring Load Monitoring
11
Xen/KVMXen/KVM
1. Cert Req1. Cert Req 1. Cert Req1. Cert Req
run instancerun instance
11
3 Migration Request
3 Migration Request
4. Mutual Authentication4. Mutual Authentication
5. [VM_xml_ds] + [VM] VMK +
[VMK + EIK] PUB_B
5. [VM_xml_ds] + [VM] VMK +
[VMK + EIK] PUB_B
7. ACK7. ACK
Certificate Management Module
Certificate Management Module
Authorization ModuleAuthorization Module
Mutual Authentication Module
Mutual Authentication Module
VM encr/decr ModuleVM encr/decr Module
Cloud A
22 33
Active VM
Cloud B
Certificate Management Module
Certificate Management Module
Authorization ModuleAuthorization Module
Dashboard/CLIDashboard/CLILoad Monitoring Load Monitoring
Encrypted Images Store, Windows8, Ubuntu, Centos
Encrypted Images Store, Windows8, Ubuntu, Centos
11
Xen/KVMXen/KVM
run instancerun instance
3322
Active VM
5a) retrieve encr disk image key(EIK)5a) retrieve encr disk image key(EIK) Key ManagerKey Manager
6a) store migrated disk image key (EIK)6a) store migrated disk image key (EIK)
44
6b) migrated VM6b) migrated VM
Secure VM Migration ModuleSecure VM Migration Module
2. AuthZ check2. AuthZ check
5b) retrieve key (VMK)5b) retrieve key (VMK)
VM encr/decr ModuleVM encr/decr Module 2. AuthZ check2. AuthZ check
Mutual Authentication Module
Mutual Authentication Module
Implementation
Workflow Diagram – SV2M
Secure VM migration module
1. Certificate Management Module (CMM)
2. Mutual Authentication Module (MAM)
3. Encryption/Decryption Module (EDM)
Key Manager (KM)
Implementation
Components of SV2M
Used to generate RSA key pair first &
Generate certificate request to Trusted Third Party (TTP) for the Cloud provider.
Authentication module uses this certificate for entity authentication using FIPS-196.
Implementation
Certificate Management Module (CMM)
• Cloud providers send X.509 certificates to each other & perform mutual authentication.
• This module ensures that source and destination provider are ready to perform migration.
Cloud Cloud
Implementation
Mutual Authentication Module (MAM)
Sender Cloud Perform
XML Signature of VM
XML encryption of VM using VM key (VMK) stored in key manager
and finally encrypt both EI key and VMK and sent along VM
Implementation
VM Encryption & Decryption Module (EDM)
Receiver Cloud Perform
• First decrypt VMK and EI Keys using Private key of receiver Cloud
• Decrypt VM using VMK and create new hash
• And finally Verify XML signature of VM
Implementation
VM Encryption & Decryption Module (EDM)
Storage of encrypted disk images keys (EIK) which are used to protect disk images in cloud repositories
It also used for generation and storage of VM encryption keys (VMK) for ED module
After successful resumption of VM on receiver, disk image key (EIK) is also stored on receiver Cloud
SV2M SV2M
SV2M Keys
VM Encr Keys
Images migrated keys
Key ManagerPut(key-id,encr-str,app_name)
Success
get(key-id,app_name)
Encrypted key string
Implementation
Key Manager
• AVISPA analyzed the protocol against security goals such as secrecy of key, weak/strong authentication.
• We analyze the secure migration protocol against security requirements such as strong authentication (G1, G5), Non-repudiation (G18), secrecy (G12), integrity (G2), reply protection (G3).
• The output indicates that a secure VM migration protocol is safe under analysis of OFMC, CL-AtSe, and SATMC and TA4SP back-ends
AVISPA Verification
38Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Future Directions
Our focus was on securing VM migration process. However if malicious or vulnerable VM is migrated from one cloud to other then it may cause severe security issue at receiver cloud. Therefore, research is require on post VM migration on receiver Cloud.
Conclusion We have investigated the vulnerabilities and threats
involved during the migration of VMs between two Cloud domains and define security requirements for Secure VM migration .
Our proposed and implemented Secure VM Migration (SV2M) System provides strong security features such as mutual authentication, confidentiality, integrity, replay protection and non-repudiation.
39Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
40Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
References
[1] K. Hashizume, D. G. Rosado, E. Fernández-Medina, and E. B. Fernandez, “An analysis of security issues for cloud computing,” Journal of Internet Services and Applications 2013.
[2] P. Mell, T. Grance, 'The NIST definition of cloud computing". NIST,Special Publication 800–145, Gaithersburg, MD.
[3] J. Oberheide, E. Cooke and F. Jahanian, “Empirical exploitation of live Virtual Machine migration”, Proc. of BlackHat DC convention 2008.
[4] V. Vaidya, "Virtualization vulnerabilities and threats: a solution white paper", RedCannon Security Inc, 2009.
http://www.redcannon.com/vDefense/VM_security_wp.pdf.
[5] Steve Orrin, Virtualization Security: Challenges and Solutions, 2010.
http://365.rsaconference.com/servlet/JiveServlet/previewBody/2555-102-2-3214/STAR-303.pdf.
[6] J. Shetty, Anala M. R, Shobha G, “A survey on techniques of secure live migration of virtual machine”, International Journal of Computer Applications (0975 – 8887), vol. 39, no.12, February 2012.
[7] X. Wan, X. Zhang, L. Chen and J. Zhu, “An improved vTPM migration protocol based trusted channel”, International Conference on Systems and Informatics, 2012, pp. 871-875.
[8] OpenStack Security Guide, 2013.
http://docs.openstack.org/security-guide/security-guide.pdf.
[9] W. Wang, Y. Zhang, B. Lin, X. Wu and K. Miao, “Secured and reliable VM migration in personal cloud”, 2nd International Conference on Computer Engineering and Technology, 2010.
41Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
References
[10] B. Danev, R. J. Masti, G. O. Karame and S. Capkun,“Enabling secure VM-vTPM migration in private clouds”, Proceedings of the 27th Annual Computer Security Applications Conference, December 05-09, 2011, Orlando, Florida.
[11] K. Nagin, D. Hadas, Z. Dubitzky, A. Glikson, I. Loy, B. Rochwerger and L. Schour, “Inter-cloud mobility of virtual machines”, International Conference on Systems and Storage, May 30-June 01, 2011, Haifa, Israel.
[12] Y. Chen, Q. Shen, P. Sun, Y. Li, Z. Chen and S. Qing, “Reliable migration module in trusted cloud based on security level - design and implementation”, International Parallel and Distributed Processing Symposium Workshops & PhD Forum 2012.
[13]. V. P. Patil and G.A. Patil, “Migrating process and virtual machine in the cloud: load balancing and security perspectives,” International Journal of Advanced Computer Science and Information Technology 2012, vol. 1, pp. 11-19
[14]. M. Aslam, C. Gehrmann, M. Bjorkman “Security and trust preserving VM migrations in public clouds”, International Conference on Trust, Security and Privacy in Computing and Communications 2012.
[15] P. Botero, Diego “A brief tutorial on live virtual machine migration from a security perspective”, University of Princeton, USA.
[16]. A. Rehman, S. Alqahtani, A. Altameem and T. Saba, “Virtual machine security challenges: case studies”, International Journal of Machine Learning and Cybernetics: 1-14, April 2013.
[17]. F. Zhang, Y. Huang, H. Wang, H. Chen, B. Zang, “PALM: security preserving VM live migration for systems with VMM-enforced protection”, Third Asia-Pacific Trusted Infrastructure Technologies Conference, 2008.
42Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Thank You Special thanks to my Supervisor , Committee Members, Ma’am Rahat and Ayesha.