Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad1
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Agenda Introduction
Cloud Computing Virtualization VM migration Key Management in Cloud
Literature SurveySurvey Findings Industry SurveyCommunity Response Problem Statement Proposed Architecture DesignTechnology and standards Future Milestones References
2
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Cloud Computing
Cloud Services ModelSaaSPaaS IaaS
Cloud Federation Federation Benefits
Cloud Burst Load Balancing
3
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Virtualization
Virtualization Types of Virtualization Virtual Machine (VM)
4
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
VM Migration
VM Migration Live Migration (only shared storage)Suspend/Pause and Transfer
Benefits of Migration Load balancingDisaster recoveryHardware maintenance
5
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Key Management in Cloud
Service Side Encryption (SSE) with KMS providesData protection Hardware Encryption (AES-NI)Reduce client maintenance effort
Amazon /Google’s provides transparent encryption. VM images (object), Volume, Data encryptionCreating, Storing, Protecting, and Providing access to keys.
6
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Literature Survey Problem
Insecure VM migration in Xen/VMware/KVM. Solution
Categorized Attack on VM migration into: Control plane (Unauthorized migration operation) Data plane (insecure channel) Migration Module (buffer overflow issues)
Developed Xensploit Tool for exploitation
7
Reference: J. Oberheide, E. Cooke and F. Jahanian, “Empirical exploitation of live Virtual Machine migration”, Proc. of BlackHat DC convention.
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Problem Inter Cloud VM mobility for cloud bursting and load balancing
Solution Inter Cloud Proxies Secure Channel between Proxies using SSH
Analysis Tunnel does not provide host to host secure channel during migration. Port forwarding on firewalls between the clouds No Authorization mechanism.
8
Reference: K. Nagin, D. Hadas, Z. Dubitzky, A. Glikson, I. Loy, B. Rochwerger and L. Schour, “Inter-cloud mobility of virtual machines”, International Conference on Systems and Storage, May 30-June 01, 2011, Haifa, Israel.
Literature Survey
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Problem Trusted channel and remote attestation in VM migration
Solution vTPM based migration proposed provides
Authentication, confidentiality, Integrity, Reply Resistance, source non-repudiation
Two phases Trusted channel establishment VM and vTPM migration
Analysis Authorization is not supported. Dependency on TPM hardware . Suspension of vTPM instance Complex Key hierarchy from TPM to vTPM.
`
9
Reference: X. Wan, X. Zhang, L. Chen and J. Zhu, “An improved vTPM migration protocol based trusted channel”, International Conference on Systems and Informatics, 2012, pp. 871-875
Literature Survey
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Problem VM migration is insecure process
Solution. Load calculation on physical host RSA with SSL protocol for authentication
and encryption Pre-copy or Post-copy migration techniques
Analysis. Authorization is not supported Neglected the affects of migration in cloud
environment.
10
Reference: V. P. Patil and G.A. Patil, “Migrating process and virtual machine in the cloud: load balancing and security perspectives,” International Journal of Advanced Computer Science and Information Technology 2012, vol. 1, pp. 11-19.
Literature Survey
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Problem Security and Reliability in VM
migration Solution.
Policy/Role based Migration approach Consists of attestation service, seal storage,
policy service, migration service and secure hypervisor components
Analysis. Authentication is not supported Dependency on TPM and Seal storage
hardware.
11
Reference: W. Wang, Y. Zhang, B. Lin, X. Wu and K. Miao, “Secured and reliable VM migration in personal cloud”, 2nd International Conference on Computer Engineering and Technology, 2010
Literature Survey
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Problem Resource Optimization in Federated
Cloud using VM migration. Solution.
Monitor the current workload of the physical servers
Detect the overloaded servers efficiently VM replacement considering the federated
environment Analysis.
No security feature is supported
12
Reference: Y. Xu, Y. Sekiya , “Scheme of Resource Optimization using VM Migration for Federated CloudProceedings of the Asia-Pacific Advanced Network 2011 v. 32, p. 36-44
Literature Survey
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Survey FindingsAnalysis of Existing Solutions and Approaches
13
Security Requirements/ID’s
1 3 4 5 6 7 8 9 10
Isolate migration networkVLAN[6]
Role basedMigration[9]
SecureVM-vTPM[10]
ImprovedvTMPbasedMigration[7]
VM mobilityusingSSH tunnel[11]
TCSL[12]
Secure Migration using RSA with SSL [13]
Trust TokenBased migration[14]
PALM[17]
Integrity Verification of platformAuthentication of platform
Isolate migration Traffic
Authorization (Access control policies )Confidentiality and Integrity of VM during migration
Isolatemigration traffic
Replay Resistance Isolatemigration traffic
Source Non-Repudiation
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Survey FindingsIdentified Limitations
Security Insufficient Access ControlLack of Mutual AuthenticationLack of ConfidentialityLack of Integrity
Implementation Dependency on TPM/Seal Storage module TPM is bottleneck Leakage of information in vTPM. Port forwarding on intermediate firewall
14
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Industrial Survey
http://searchservervirtualization.techtarget.com/feature/Virtual-machine-migration-FAQ-Live-migration-P2V-and-more
15
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Cont..
http://www.net-security.org/secworld.php?id=11825
16
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Community Response
https://launchpad.net/~harlowja
17
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
This research work is intended to propose a secure migration of Encrypted Images of VM and their keys between CSP’s. Furthermore, we also propose enhanced key management which securely handle migrated keys.
18
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Cont..
AA
Key ManagerKey Manager
Dashboard/CLIDashboard/CLI
Authentication/ Authorization Module
Authentication/ Authorization Module
Encrypted Images Store, (Windows8, Ubuntu, Centos,Suse)
Encrypted Images Store, (Windows8, Ubuntu, Centos,Suse)
Load Monitoring
Load Monitoring
11 22 33
Xen/KVMXen/KVM
Key ManagerKey Manager
Dashboard/CLIDashboard/CLI
Authentication/ Authorization Module
Authentication/ Authorization Module
Encrypted Image Store, (Windows8, Ubuntu, Centos,Suse )
Encrypted Image Store, (Windows8, Ubuntu, Centos,Suse )
11 22 44
Xen/KVMXen/KVM
55
Load Monitori
ng
Load Monitori
ng
BBInsecure channel
Can not store migration keys
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Requirements for VM migrationProcess
Security: Role based access control Mutual Authentication (source non-repudiation and trust) Confidentiality during migration process Integrity of VM and Keys
Key Management: Migrated Keys of Encrypted VM Images must be included in Key
Manager of receiver CSP.
20
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Proposed Architecture Design
AA
Key ManagerKey Manager
Dashboard/CLIDashboard/CLI
Authentication/ Authorization Module
Authentication/ Authorization Module
Encrypted Images Store, Windows8, Ubuntu, Centos,Suse
Encrypted Images Store, Windows8, Ubuntu, Centos,Suse
Load Monitoring
Load Monitoring
11 22 33
Xen/KVMXen/KVM
Key ManagerKey Manager
Dashboard/CLIDashboard/CLI
Authentication/ Authorization Module
Authentication/ Authorization Module
Encrypted Image Store, Windows8, Ubuntu, Centos,Suse
Encrypted Image Store, Windows8, Ubuntu, Centos,Suse
1. Cert Req1. Cert Req 1. Cert Req1. Cert Req
2. Auth/Autz2. Auth/Autz 2. Auth/Autz2. Auth/Autz
22 22
3. Run VM Instance3. Run VM Instance 3. Run VM
instance3. Run VM instance
11 22
Xen/KVMXen/KVM
44
4. Migration Request
4. Migration Request
5. Mutual Authentication
5. Mutual Authentication
6. SSL Channel/ Key shared (K)
6. SSL Channel/ Key shared (K)
7. [VM + {Key}
Pub_B ] K
7. [VM + {Key}
Pub_B ] K
8a). Decrypt & Update Key Manager
8a). Decrypt & Update Key Manager
8 b). Migrated VM.8 b). Migrated VM.
9. ACK9. ACK
55
BB
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Technologies and Standards
LibvirtKVM/XENPythonOpenStack Cloud OSKey Manager (OpenStack )PKI (DogTag)M2Crypt/pyopenssl
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Future MilestonesMilestones Duration
Preliminary study and Research Done
Implementation
Cloud Configuration , PKI setup Done
Key Manager setup 1 week
Implementation of security features Authorization, Authentication,
confidentiality and integrity
3 month
Enchantment in Key manager 1 month
Testing and Evaluation 1.5 month
Final Documentation 1.5 month
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
24
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
References [1] K. Hashizume, D. G. Rosado, E. Fernández-Medina, and E. B. Fernandez, “An analysis of security issues for cloud computing,” Journal of Internet Services and Applications 2013.
[2] P. Mell, T. Grance, 'The NIST definition of cloud computing". NIST,Special Publication 800–145, Gaithersburg, MD.
[3] J. Oberheide, E. Cooke and F. Jahanian, “Empirical exploitation of live Virtual Machine migration”, Proc. of BlackHat DC convention 2008.
[4] V. Vaidya, "Virtualization vulnerabilities and threats: a solution white paper", RedCannon Security Inc, 2009.
http://www.redcannon.com/vDefense/VM_security_wp.pdf.
[5] Steve Orrin, Virtualization Security: Challenges and Solutions, 2010.
http://365.rsaconference.com/servlet/JiveServlet/previewBody/2555-102-2-3214/STAR-303.pdf.
[6] J. Shetty, Anala M. R, Shobha G, “A survey on techniques of secure live migration of virtual machine”, International Journal of Computer Applications (0975 – 8887), vol. 39, no.12, February 2012.
[7] X. Wan, X. Zhang, L. Chen and J. Zhu, “An improved vTPM migration protocol based trusted channel”, International Conference on Systems and Informatics, 2012, pp. 871-875.
[8] OpenStack Security Guide, 2013.
http://docs.openstack.org/security-guide/security-guide.pdf.
[9] W. Wang, Y. Zhang, B. Lin, X. Wu and K. Miao, “Secured and reliable VM migration in personal cloud”, 2nd International Conference on Computer Engineering and Technology, 2010.
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
References [10] B. Danev, R. J. Masti, G. O. Karame and S. Capkun,“Enabling secure VM-vTPM migration in private clouds”, Proceedings of the 27th Annual Computer Security Applications Conference, December 05-09, 2011, Orlando, Florida.
[11] K. Nagin, D. Hadas, Z. Dubitzky, A. Glikson, I. Loy, B. Rochwerger and L. Schour, “Inter-cloud mobility of virtual machines”, International Conference on Systems and Storage, May 30-June 01, 2011, Haifa, Israel.
[12] Y. Chen, Q. Shen, P. Sun, Y. Li, Z. Chen and S. Qing, “Reliable migration module in trusted cloud based on security level - design and implementation”, International Parallel and Distributed Processing Symposium Workshops & PhD Forum 2012.
[13]. V. P. Patil and G.A. Patil, “Migrating process and virtual machine in the cloud: load balancing and security perspectives,” International Journal of Advanced Computer Science and Information Technology 2012, vol. 1, pp. 11-19
[14]. M. Aslam, C. Gehrmann, M. Bjorkman “Security and trust preserving VM migrations in public clouds”, International Conference on Trust, Security and Privacy in Computing and Communications 2012.[15] P. Botero, Diego “A brief tutorial on live virtual machine migration from a security perspective”, University of Princeton, USA.[16]. A. Rehman, S. Alqahtani, A. Altameem and T. Saba, “Virtual machine security challenges: case studies”, International Journal of Machine Learning and Cybernetics: 1-14, April 2013.[17]. F. Zhang, Y. Huang, H. Wang, H. Chen, B. Zang, “PALM: security preserving VM live migration for systems with VMM-enforced protection”, Third Asia-Pacific Trusted Infrastructure Technologies Conference, 2008.