Abstract
Among modern cloud infrastructures, live migration of virtual machines offers many advantages like scalability and elasticity but also leads to risks in the meantime. Security issues of live migration have been studied and classified into three threats: control plane, data plane and migration module. Lots of work has focused on the latter two aspects. However, the security of control plane has yet to be analyzed. This paper starts by introducing three classes of control plane threats: load balancing, scheduling and transmission. We then elaborate how scheduling attack can subvert the VM scheduling algorithm via the proposed scheduling algorithm reverse approach (SARA). We evaluate the effects of SARA using datasets gathered from OpenStack. This work is a beneficial attempt to compromise the control plane of VM migration, which can be used as a self-test tool for cloud service providers to test the defences against network intruders.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Clark, C., Fraser, K., Hand, S., Hansen, J.G., Jul, E., Limpach, C., Warfield, A.: Live migration of virtual machines. In: Proceedings of the 2nd Conference on Symposium on Networked Systems Design & Implementation, vol. 2, pp. 273–286. USENIX Association (2005)
Forsman, M., Glad, A., Lundberg, L., Ilie, D.: Algorithms for automated live migration of virtual machines. J. Syst. Softw. 101, 110–126 (2015)
Meneses, E., Ni, X., Zheng, G., Mendes, C.L., Kale, L.V.: Using migratable objects to enhance fault tolerance schemes in supercomputers. IEEE Trans. Parallel Distrib. Syst. 26(7), 2061–2074 (2014)
Yang, C.T., Liu, J.C., Hsu, C.H., Chou, W.L.: On improvement of cloud virtual machine availability with virtualization fault tolerance mechanism. J. Supercomputing 69(3), 1103–1122 (2014)
Oberheide, J., Cooke, E., Jahanian, F.: Empirical exploitation of live virtual machine migration. In: Proceedings of BlackHat DC Convention 2008
Ver, M.: Dynamic load balancing based on live migration of virtual machines: security threats and effects. Rochester Institute of Technology (2011)
Perez-Botero, D.: A Brief Tutorial on Live Virtual Machine Migration From a Security Perspective. University of Princeton, USA (2011)
Duncan, A., Creese, S., Goldsmith, M., Quinton, J.S.: Cloud computing: insider attacks on virtual machines during migration. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 493–500. IEEE (2013)
Perez, R., Sailer, R., van Doorn, L.: vTPM: virtualizing the trusted platform module. In: Proceedings of the 15th Conference on USENIX Security Symposium, pp. 305–320 (2006)
Zhang, F., Huang, Y., Wang, H., Chen, H., Zang, B.: PALM: security preserving VM live migration for systems with VMM-enforced protection. In: Third Asia-Pacific Trusted Infrastructure Technologies Conference, APTC 2008, pp. 9–18. IEEE (2008)
Masti, R.J.: On the security of virtual machine migration and related topics. Master Thesis, Eidgenossische Technische Hochschule Zurich (2010)
Aslam, M., Gehrmann, C., Bjorkman, M.: Security and trust preserving VM migrations in public clouds. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 869–876. IEEE (2012)
Wang, Z., Jiang, X.: Hypersafe: a lightweight approach to provide lifetime hypervisor control-flow integrity. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 380–395. IEEE (2010)
Scheduling - OpenStack Configuration Reference - juno. http://docs.openstack.org/juno/config-reference/content/section_compute-scheduler.html
Hines, M.R., Deshpande, U., Gopalan, K.: Post-copy live migration of virtual machines. ACM SIGOPS Oper. Syst. Rev. 43(3), 14–26 (2009)
Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 305–316. ACM (2012)
Vinoski, S.: Advanced message queuing protocol. IEEE Internet Comput. 6, 87–89 (2006)
Baxter, J.H.: Wireshark Essentials. Packt Publishing Ltd, UK (2014)
Anderson, E., Bai, Z., Bischof, C., Blackford, S., Demmel, J., Dongarra, J., Sorensen, D.: LAPACK Users’ Guide, vol. 9. SIAM, Philadelphia (1999)
Sanderson, C.: Armadillo: an open source C++ linear algebra library for fast prototyping and computationally intensive experiments (2010)
Acknowledgments
We thank the reviewers for their help improving this paper. This work is supported by the National High Technology Research and Development Program (“863” Program) of China under Grant No. 2015AA016009, the National Natural Science Foundation of China under Grant No. 61232005, and the Science and Technology Program of Shen Zhen, China under Grant No. JSGG20140516162852628.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Luo, Y., Shen, Q., Li, C., Chen, K., Wu, Z. (2015). Probing the Scheduling Algorithms in the Cloud Based on OpenStack. In: Huang, Z., Sun, X., Luo, J., Wang, J. (eds) Cloud Computing and Security. ICCCS 2015. Lecture Notes in Computer Science(), vol 9483. Springer, Cham. https://doi.org/10.1007/978-3-319-27051-7_44
Download citation
DOI: https://doi.org/10.1007/978-3-319-27051-7_44
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27050-0
Online ISBN: 978-3-319-27051-7
eBook Packages: Computer ScienceComputer Science (R0)