Secure Virtual Machine Migration (SV2M) in Cloud Federation

Abstract

Virtual Machine (VM) migration is mainly used for providing high availability, hardware maintenance, workload balancing and fault takeover in Cloud environment. However, it is susceptible to active and passive security attacks during migration process, which makes IT industry hesitant to accept this feature in Cloud. Compromising the VM migration process may result in DOS attacks, loss of data integrity and confidentiality. To cater different attacks such as unauthorized access to images and injecting malicious code on VM disk images, Cloud Providers store images in encrypted form. Therefore, security of VM migration along encrypted disk images keys becomes necessary. Previously, research focus was on the performance of VM migration, leaving security aspects of migration process completely explored. This paper proposes a comprehensive solution for Secure VM Migration (SV2M) in Cloud environment, which ensures authorization, mutual authentication, confidentiality, replay protection, integrity and nonrepudiation with minimal changes in existing infrastructure. We have extended the key manager of Cloud provider and introduced new features for management and storage of keys involved in our proposed SV2M solution. In addition to this, we have integrated the proposed solution with OpenStack, which is an open source Cloud platform used by large community for research in Cloud computing. We also evaluated the security of SV2M system using well known automatic protocol verification tool AVISPA.