450 likes | 646 Vues
Secure Migration of VM (SV2M) in Cloud Federation. Naveed Ahmad Thesis Supervisor Dr. Awais Shibli GEC Members Dr. Abdul Ghafoor Dr. Zahid Anwar Miss H irra Anwar. In-house Defense School of Electrical Engineering & Computer Science, NUST Islamabad.
E N D
Secure Migration of VM (SV2M) in Cloud Federation Naveed Ahmad Thesis SupervisorDr. Awais Shibli GEC Members Dr. Abdul Ghafoor Dr. Zahid Anwar Miss Hirra Anwar In-house DefenseSchool of Electrical Engineering & Computer Science, NUST Islamabad Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad
Introduction • Motivation • Literature Review • Research Methodology • Problem Statement • Objectives • Contributions • Implementation • Protocol Verification • Future Directions • References • Demonstration Agenda
Cloud Computing Introduction • IaaS is the base of all Cloud services with SaaS and PaaS built upon it Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad
Cloud Federation Cloud Federation Benefits: • Maximize resource utilization • Load balancing and Cloud bursting • Comprises services from different providers aggregated in a single pool supporting features such as • Resource migration, • Resource redundancy Introduction
Virtualization Introduction Virtualization basically allows one computer to do the job of multiple computers. Sharing the resources of a single hardware across multiple environments Host operating system provides an abstraction layer for running virtual guest Oses Enable portability (migration) of virtual servers between physical servers Increase utilization of physical servers
Virtual Machines Introduction A virtual machine provides interface identical to underlying bare hardware i.e. all devices, interrupts, memory, page tables etc. Virtualization Software VMWare KVM Xen QEMU
VM Migration Introduction VM Migration is define as: Transfer of memory/storage of VM from one physical server to another. VM Migration categorized into Hot migration Cold migration Cold migration It is also know as offline migration. In this category, VM is completely power off before its migration to remote end.
Cont... Introduction Hot Migration Live Memory Migration (only shared storage)/ Live Block Migration It is used to minimize the downtime of VM migration between server. Suspended/Paused VM migration. It is also used to transfer VM from one physical server to another without shutting down it . In suspended/paused migration type, state of VM saved in hard disk or RAM respectively for short time.
VM migration Benefits Introduction Benefits provided by VM Migration are: Load balancing Disaster recovery Hardware maintenance Fault takeover 192.168.10.1 192.168.10.2 VM VM Private Cloud Public Cloud
Motivation VM Migration in traditional DC and Cloud 192.168.10.1 192.168.10.2 VM2 VM1 • Non Repudiation • Availability • Authentication • Integrity • Confidentiality
2008 • Categorized Attack on VM migration into: • Control plane (Unauthorized migration operation) • Data plane (insecure channel) • Migration Module (buffer overflow issues) • Developed Xensploit Tool for exploitation (Reference: J. Oberheide, E. Cooke and F. Jahanian, “Empirical exploitation of live Virtual Machine migration”, Proc. of BlackHatDC convention.) 2010 • Policy/Role based Migration approach • Consists of attestation service, seal storage, policy service, migration service and secure hypervisor components • Authentication and Non Repudiation is not supported • Dependency on TPM and Seal storage hardware. (Reference: W. Wang, Y. Zhang, B. Lin, X. Wu and K. Miao, “Secured and reliable VM migration in personal cloud”, 2nd International Conference on Computer Engineering and Technology, 2010 ) Literature ReviewSecurity issue in VM migration
2011 • Resource Optimization in Federated Cloud using VM migration. • Monitor the current workload of the physical servers • Detect the overloaded servers efficiently • VM replacement considering the federated environment • No security feature is supported (Reference: Y. Xu, Y. Sekiya , “Scheme of Resource Optimization using VM Migration for Federated Cloud Proceedings of the Asia-Pacific Advanced Network 2011 v. 32, p. 36-44) 2011 • Usage of Inter Cloud Proxies • Secure Channel between Proxies using SSH • Tunnel does not provide host to host secure channel during migration • Port forwarding on firewalls between the clouds • Management of Public Keys for CSP’s is very complex (Reference: K. Nagin, D. Hadas, Z. Dubitzky, A. Glikson, I. Loy, B. Rochwerger and L. Schour, “Inter-cloud mobility of virtual machines”, International Conference on Systems and Storage, May 30-June 01, 2011, Haifa, Israel. ) • u Literature ReviewSecurity issue in VM migration andCloud Federation
2012 • RSA with SSL protocol for authentication and encryption • Pre-copy or Post-copy migration techniques • Non repudiation and Authorization is not supported (Reference: V. P. Patil and G.A. Patil, “Migrating process and virtual machine in the cloud: load balancing and security perspectives,” International Journal of Advanced Computer Science and Information Technology 2012, vol. 1, pp. 11-19. ) 2012 • vTPM based migration proposed provides • Authentication, confidentiality, Integrity, Reply Resistance, source non-repudiation • Dependency on TPM hardware . • Suspension of vTPM instance • Complex Key hierarchy from TPM to vTPM (Reference: X. Wan, X. Zhang, L. Chen and J. Zhu, “An improved vTPM migration protocol based trusted channel”, International Conference on Systems and Informatics, 2012, pp. 871-875 ) Literature ReviewSecurity issue in VM migration andCloud Federation
Industrial SurveySecure VM Migration • http://searchservervirtualization.techtarget.com/feature/Virtual-machine-migration-FAQ-Live-migration-P2V-and-more
https://launchpad.net/~harlowja OpenStack Community Response
VM migration in Cloud environment is prone to security threats therefore this research work is intended to propose a secure migration of Virtual Machine (SV2M) with corresponding encrypted disk images (EI) between CSP’s. Problem Statement Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad
Research Paper 1 • Naveed Ahmad, Ayesha Kanwaland Muhammad AwaisShibli “Survey on secure live virtual machine (VM) migration in Cloud" Information Assurance (NCIA), 2013 2nd National Conference on , vol., no., pp.101,106, 11-12 Dec. 2013. • Research Paper 2 • Naveed Ahmad, Ayesha Kanwal, Muhammad AwaisShibli and Abdul Ghafoor “Secure Virtual Machine Migration (SV2M) in Cloud Federation”, 2014 International Conference on Security and Cryptography (SECRYPT-2014), Austria, 28-30 August, 2014. ContributionsResearch Perspective
Survey on secure virtual machine (VM) migration in Cloud • Establishment of a benchmark for security assessment of existing and proposed secure VM migration systems • Define security requirements for secure VM migration system Research PerspectiveProposed Security Requirements for secure VM migration
Research Findings Analysis of Existing Solutions and Approaches Techniques
Secure Virtual Machine Migration (SV2M) in Cloud Federation • Design & Develop SV2M system with comprehensive detail of all modules ( such as Mutual Authentication, Encryption/Decryption Module etc) • Integration of SV2M with OpenStack Platform • Security features verified using AVISPA Contributions Implementation Perspective
https://launchpad.net/~harlowja Community Response (SV2M system)
Python,bash scripting • PyXMLsec, M2crypto library • OpenStackdevstack Cloud on Ubuntu 12.04 LTS • AVISPA tool for security verification ImplementationDevelopment Toolkit
Cloud Service Provider A Cloud Service Provider B Load Monitoring Module Load Monitoring Module Secure VM Migration Module Certificate Management Module Authorization Module Mutual Authentication Module VM Encr/Decr Module Key Manager Secure VM Migration Module Certificate Management Module Authorization Module Mutual Authentication Module VM Encr/Decr Module Key Manager ImplementationArchitecture – SV2M
1. Cert Req 1. Cert Req Cloud A Cloud B ImplementationWorkflow Diagram – SV2M Dashboard/CLI Load Monitoring Load Monitoring Dashboard/CLI run instance Secure VM Migration Module run instance Secure VM Migration Module 6b) migrated VM Certificate Management Module Certificate Management Module Active VM 3 Migration Request Active VM 1 2 3 Authorization Module Authorization Module 1 2 3 4 Xen/KVM 1 Mutual Authentication Module Mutual Authentication Module Xen/KVM 4. Mutual Authentication 2. AuthZ check 2. AuthZ check VM encr/decr Module VM encr/decr Module Encrypted Images Store, Windows8, Ubuntu, Centos Encrypted Images Store, Windows8, Ubuntu, Centos 5b) retrieve key (VMK) 5. [VM_xml_ds] + [VM] VMK+[VMK + EIK] PUB_B 6a) store migrated disk image key (EIK) 5a) retrieve encr disk image key(EIK) Key Manager Key Manager 7. ACK
ImplementationComponents of SV2M • Secure VM migration module • Certificate Management Module (CMM) • Mutual Authentication Module (MAM) • Encryption/Decryption Module (EDM) • Key Manager (KM)
ImplementationCertificate Management Module (CMM) • Used to generate RSA key pair first & • Generate certificate request to Trusted Third Party (TTP) for the Cloud provider. • Authentication module uses this certificate for entity authentication using FIPS-196.
Cloud providers send X.509 certificates to each other & perform mutual authentication. • This module ensures that source and destination provider are ready to perform migration. ImplementationMutual Authentication Module (MAM) Cloud Cloud
ImplementationVM Encryption & Decryption Module (EDM) Sender Cloud Perform • XML Signature of VM • XML encryption of VM using VM key (VMK) stored in key manager • and finally encrypt both EI key and VMK and sent along VM
ImplementationVM Encryption & Decryption Module (EDM) Receiver Cloud Perform • First decrypt VMK and EI Keys using Private key of receiver Cloud • Decrypt VM using VMK and create new hash • And finally Verify XML signature of VM
Key Manager Put(key-id,encr-str,app_name) SV2M Success SV2M Keys get(key-id,app_name) VM Encr Keys Images migrated keys Encrypted key string Implementation Key Manager • Storage of encrypted disk images keys (EIK) which are used to protect disk images in cloud repositories • It also used for generation and storage of VM encryption keys (VMK) for ED module • After successful resumption of VM on receiver, disk image key (EIK) is also stored on receiver Cloud
Implementation Integration with OpenStack
AVISPA analyzed the protocol against security goals such as secrecy of key, weak/strong authentication. • We analyze the secure migration protocol against security requirements such as strong authentication (G1, G5), Non-repudiation (G18), secrecy (G12), integrity (G2), reply protection (G3). • The output indicates that a secure VM migration protocol is safe under analysis of OFMC, CL-AtSe, and SATMC and TA4SP back-ends AVISPA Verification
Our focus was on securing VM migration process. However if malicious or vulnerable VM is migrated from one cloud to other then it may cause severe security issue at receiver cloud. Therefore, research is require on post VM migration on receiver Cloud. Future Directions
We have investigated the vulnerabilities and threats involved during the migration of VMs between two Cloud domains and define security requirements for Secure VM migration . • Our proposed and implemented Secure VM Migration (SV2M) System provides strong security features such as mutual authentication, confidentiality, integrity, replay protection and non-repudiation. Conclusion Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad
[1] K. Hashizume, D. G. Rosado, E. Fernández-Medina, and E. B. Fernandez, “An analysis of security issues for cloud computing,” Journal of Internet Services and Applications 2013. [2] P. Mell, T. Grance, 'The NIST definition of cloud computing". NIST,Special Publication 800–145, Gaithersburg, MD. [3] J. Oberheide, E. Cooke and F. Jahanian, “Empirical exploitation of live Virtual Machine migration”, Proc. of BlackHat DC convention 2008. [4] V. Vaidya, "Virtualization vulnerabilities and threats: a solution white paper", RedCannon Security Inc, 2009. http://www.redcannon.com/vDefense/VM_security_wp.pdf. [5] Steve Orrin, Virtualization Security: Challenges and Solutions, 2010. http://365.rsaconference.com/servlet/JiveServlet/previewBody/2555-102-2-3214/STAR-303.pdf. [6] J. Shetty, Anala M. R, Shobha G, “A survey on techniques of secure live migration of virtual machine”, International Journal of Computer Applications (0975 – 8887), vol. 39, no.12, February 2012. [7] X. Wan, X. Zhang, L. Chen and J. Zhu, “An improved vTPM migration protocol based trusted channel”, International Conference on Systems and Informatics, 2012, pp. 871-875. [8] OpenStack Security Guide, 2013. http://docs.openstack.org/security-guide/security-guide.pdf. [9] W. Wang, Y. Zhang, B. Lin, X. Wu and K. Miao, “Secured and reliable VM migration in personal cloud”, 2nd International Conference on Computer Engineering and Technology, 2010. References
[10] B. Danev, R. J. Masti, G. O. Karame and S. Capkun,“Enabling secure VM-vTPM migration in private clouds”, Proceedings of the 27th Annual Computer Security Applications Conference, December 05-09, 2011, Orlando, Florida. [11] K. Nagin, D. Hadas, Z. Dubitzky, A. Glikson, I. Loy, B. Rochwerger and L. Schour, “Inter-cloud mobility of virtual machines”, International Conference on Systems and Storage, May 30-June 01, 2011, Haifa, Israel. [12] Y. Chen, Q. Shen, P. Sun, Y. Li, Z. Chen and S. Qing, “Reliable migration module in trusted cloud based on security level - design and implementation”, International Parallel and Distributed Processing Symposium Workshops & PhD Forum 2012. [13]. V. P. Patil and G.A. Patil, “Migrating process and virtual machine in the cloud: load balancing and security perspectives,” International Journal of Advanced Computer Science and Information Technology 2012, vol. 1, pp. 11-19 [14]. M. Aslam, C. Gehrmann, M. Bjorkman “Security and trust preserving VM migrations in public clouds”, International Conference on Trust, Security and Privacy in Computing and Communications 2012. [15] P. Botero, Diego “A brief tutorial on live virtual machine migration from a security perspective”, University of Princeton, USA. [16]. A. Rehman, S. Alqahtani, A. Altameem and T. Saba, “Virtual machine security challenges: case studies”, International Journal of Machine Learning and Cybernetics: 1-14, April 2013. [17]. F. Zhang, Y. Huang, H. Wang, H. Chen, B. Zang, “PALM: security preserving VM live migration for systems with VMM-enforced protection”, Third Asia-Pacific Trusted Infrastructure Technologies Conference, 2008. References
Special thanks to my Supervisor , Committee Members, Ma’am Rahat and Ayesha. Thank You
Implementation Demo Secure Virtual Machine Migration (SV2M) in Cloud Federation