Title :
Improving security of virtual machines during live migrations
Author :
Biedermann, Sebastian ; Zittel, Martin ; Katzenbeisser, Stefan
Author_Institution :
Dept. of Comput. Sci., Tech. Univ. Darmstadt, Darmstadt, Germany
Abstract :
Live migration of virtual machines (VMs) enables the transfer of a running VM to a new hardware component with minimal and hardly noticeable interruption. In cloud architectures, users are almost not able to detect live migrations of their VMs nor can they prevent them from happening. Nevertheless, if a VM is live migrated to a distant data center crossing national borders, security and privacy problems arise. This way, internal data can become subject to new national legislation without even notifying the owner of the live-migrated VM. In this paper, we propose methods to detect live migrations from the inside of an affected VM. Furthermore, we analyze how the live migration procedure can be delayed and how the additional gained time can be used to take security measures before the live migration is finished. We developed a “live migration defence framework” (LMDF) which can be used for security policy enforcement within a VM. We evaluated the proposed methods and techniques in our cloud setup and partially in the Amazon Elastic Computing Cloud (EC2).
Keywords :
cloud computing; computer centres; data privacy; security of data; virtual machines; Amazon Elastic Computing Cloud; EC2; LMDF; cloud architecture; distant data center; hardware component; live migration defence framework; live migration detection; national borders; national legislation; privacy problem; security problem; virtual machine security; Cloud computing; Encryption; Hardware; Interrupters; Virtual machine monitors;
Conference_Titel :
Privacy, Security and Trust (PST), 2013 Eleventh Annual International Conference on
Conference_Location :
Tarragona
DOI :
10.1109/PST.2013.6596088
