Abstract
Virtual machine migration is a powerful technique used to balance the workload of hosts in environments such as a cloud data center. In that technique, VMs can be transferred from a source host to a destination host due to various reasons such as maintenance of the source host or resource requirements of the VMs. The VM migration can happen in two ways, live and offline migration. In time of live VM migration, VMs get transferred from a source host to a destination host while running. In that situation, the state of the running VM and information such as memory pages get copied from a host and get transferred to the destination by the VM migration system.
There exist security risks toward the migrating VM’s data integrity and confidentiality. After a successful VM migration, the source host shall remove the memory pages of the migrated VM. However there should be a mechanism for the owner of the VM to make sure his VM’s memory pages and information are removed from the source host’s physical memory. On the other hand, the memory portion on the destination host shall be clear from previously used VM’s data and possibly malicious codes. In this chapter, we investigate the possibility of misuse of migrating VM’s data either in transit or present at source and destination during the VM migration process. Based on the investigations, we give a proposal for a secure live VM migration protocol.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alarifi S, Wolthusen S (2014) Communications and Multimedia Security: 15th IFIP TC 6/TC 11 International Conference, CMS 2014, Aveiro, Portugal, September 25–26, 2014. Proceedings, chap Dynamic Parameter Reconnaissance for Stealthy DoS Attack within Cloud Systems, pp 73–85
Aslam M, Gehrmann C, Björkman M (2012) Security and trust preserving VM migrations in public clouds. In: Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on, IEEE, pp 869–876
Berger S, Cáceres R, Goldman K A, Perez R, Sailer R, van Doorn L (2006) vTPM: Virtualizing the Trusted Platform Module. In: Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15, USENIX Association, Berkeley, CA, USA, USENIX-SS’06
Clark C, Fraser K, Hand S, Hansen J G, Jul E, Limpach C, Pratt I, Warfield A (2005) Live Migration of Virtual Machines. In: Proceedings of the 2Nd Conference on Symposium on Networked Systems Design & Implementation (NSDI’05) - Volume 2, USENIX Association, Berkeley, CA, USA, pp 273–286
Collberg C, Nagra J (2009) Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Pearson Education
Danev B, Masti R J, Karame G O, Capkun S (2011) Enabling Secure VM-vTPM Migration in Private Clouds. In: Proceedings of the 27th Annual Computer Security Applications Conference, ACM, New York, NY, USA, ACSAC ’11, pp 187–196
Dewan P, Durham D, Khosravi H, Long M, Nagabhushan G (2008) A Hypervisor-based System for Protecting Software Runtime Memory and Persistent Storage. In: Proceedings of the 2008 Spring Simulation Multiconference, San Diego, CA, USA, SpringSim ’08, pp 828–835
Hansen J G, Jul E (2004) Self-migration of Operating Systems. In: Proceedings of the 11th Workshop on ACM SIGOPS European Workshop (EW ’11), ACM, New York, NY, USA
Homescu A, Jackson T, Crane S, Brunthaler S, Larsen P, Franz M (2017) Large-Scale Automated Software Diversity - Program Evolution Redux. IEEE Transactions on Dependable and Secure Computing 14(2):158–171
Hosseinzadeh S, Rauti S, Laurén S, Mäkelä JM, Holvitie J, Hyrynsalmi S, Leppänen V (2016) A Survey on Aims and Environments of Diversification and Obfuscation in Software Security. In: Proceedings of the 17th International Conference on Computer Systems and Technologies 2016, ACM, New York, NY, USA, CompSysTech ’16, pp 113–120
Nelson M, Lim B H, Hutchins G (2005) Fast Transparent Migration for Virtual Machines. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference (ATEC ’05), USENIX Association, Berkeley, CA, USA, pp 25–25
Oberheide J, Cooke E, Jahanian F (2008) Empirical exploitation of live virtual machine migration. In: Proc. of BlackHat DC convention
Payne B, Carbone M, Lee W (2007) Secure and flexible monitoring of virtual machines. In: Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual, pp 385–397
Perez-Botero D (2011) A Brief Tutorial on Live Virtual Machine Migration From a Security Perspective. [Available Online], URL http://www.cs.princeton.edu/~diegop/data/580_midterm_project.pdf, [Accessed: 29-Apr-2016]
Santos N, Gummadi K P, Rodrigues R (2009) Towards trusted cloud computing. In: Proceedings of the 2009 Conference on Hot Topics in Cloud Computing, USENIX Association, Berkeley, CA, USA, HotCloud’09
Shetty J, Anala M, Shobha G (2012) A Survey on Techniques of Secure Live Migration of Virtual Machine. International Journal of Computer Applications 39(12):34–39
Shirazi N, Simpson S, Marnerides A, Watson M, Mauthe A, Hutchison D (2014) Assessing the impact of intra-cloud live migration on anomaly detection. In: Cloud Networking (CloudNet), 2014 IEEE 3rd International Conference on, pp 52–57
Trusted Computing Group — Open Standards for Security Technology (TCG) URL : www.trustedcomputinggroup.org
Voorsluys W, Broberg J, Venugopal S, Buyya R (2009) Cost of Virtual Machine Live Migration in Clouds: A Performance Evaluation. In: Proceedings of the 1st International Conference on Cloud Computing, CloudCom ’09, pp 254–265
Wang W, Zhang Y, Lin B, Wu X, Miao K (2010) Secured and reliable VM migration in personal cloud. In: 2nd International Conference on Computer Engineering and Technology (ICCET), 2010, vol 1, pp V1–705–V1–709
Wood T, Ramakrishnan K K, Shenoy P, van der Merwe J (2011) CloudNet: Dynamic Pooling of Cloud Resources by Live WAN Migration of Virtual Machines. In: Proceedings of the 7th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, ACM, New York, NY, USA, VEE ’11, pp 121–132
Xen (Xen) Users’ Manual Xen v3.3. URL http://bits.xensource.com/Xen/docs/user.pdf
Zhang F, Chen H (2013) Security-preserving live migration of virtual machines in the cloud. Journal of Network and Systems Management 21(4):562–587
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Yasmin, R., Memarian, M.R., Hosseinzadeh, S., Conti, M., Leppänen, V. (2018). Investigating the Possibility of Data Leakage in Time of Live VM Migration. In: Dehghantanha, A., Conti, M., Dargahi, T. (eds) Cyber Threat Intelligence. Advances in Information Security, vol 70. Springer, Cham. https://doi.org/10.1007/978-3-319-73951-9_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-73951-9_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-73950-2
Online ISBN: 978-3-319-73951-9
eBook Packages: Computer ScienceComputer Science (R0)