Secure Out-of-Band Remote Management Using Encrypted Virtual Serial Consoles in IaaS Clouds

In Infrastructure-as-a-Service (IaaS) clouds, users manage the systems in virtual machines (VMs) through remote management systems such as Secure Shell (SSH). IaaS often provides out-of-band remote management using virtual serial consoles (VSCs). Even on failures inside their VMs, users can directly access their systems through a virtual serial device in the management VM. However, the management VM is not always trustworthy in IaaS. Attackers in the management VM can easily eavesdrop on inputs and outputs in remote management. In this paper, we propose SCCrypt for preventing information leakage in out-of-band remote management. SCCrypt provides encrypted VSCs to the management VM. In an encrypted VSC, the trusted virtual machine monitor (VMM) securely decrypts console inputs encrypted in an SSH client. It also encrypts console outputs, which are decrypted in an SSH client. For this purpose, the VMM correctly identifies the inputs and ouputs by tracking device state without the cooperation of the management VM and user VMs. To support a key change at the reconnection to an encrypted VSC, the VMM re-encrypts pending console outputs. We have implemented SCCrypt in Xen and the OpenSSH client. Then we confirmed that any information did not leak and the overhead was small enough.