Skip to main content
SpringerLink
Log in

Security-Preserving Live Migration of Virtual Machines in the Cloud

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

Hypervisor-based process protection is a novel approach that provides isolated execution environments for applications running on untrusted commodity operating systems. It is based on off-the-shelf hardware and trusted hypervisors while it meets the requirement of security and trust for many cloud computing models, especially third-party data centers and a multi-tenant public cloud, in which sensitive data are out of the control of the users. However, as the hypervisor extends semantic protection to the process granularity, such a mechanism also breaks the platform independency of virtual machines and thus prohibits live migration of virtual machines, which is another highly desirable feature in the cloud. In this paper, we extend hypervisor-based process protection systems with live migration capabilities by migrating the protection-related metadata maintained in the hypervisor together with virtual machines and protecting sensitive user contents using encryption and hashing. We also propose a security-preserving live migration protocol that addresses several security threats during live migration procedures including timing-related attacks, replay attacks and resumption order attacks. We implement a prototype system base on Xen and Linux. Evaluation results show that performance degradation in terms of both total migration time and downtime are reasonably low compared to the unmodified Xen live migration system.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Heiser, J., Nicolett, M.: Assessing the security risks of cloud computing. http://www.gartner.com/DisplayDocument?id=685308, Jun 2008

  2. Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R.H., Konwinski, A., Lee, G., Patterson, D.A., Rabkin, A., Stoica, I., Zaharia, M.: Above the clouds: a Berkeley view of cloud computing. Technical Report UCB/EECS-2009-28, EECS Department, University of California, Berkeley, Feb 2009. http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.html

  3. Chen, H., Zhang, F., Chen, C., Chen, R., Zang, B., Yew, P., Mao, W.: Tamper-Resistant Execution in an Untrusted Operating System Using A Virtual Machine Monitor. Technical Report 2007-08001, Parallel Processing Institute, Fudan University, Aug 2007

  4. Chen, X., Garfinkel, T., Lewis, E.C., Subrahmanyam, P., Waldspurger, C.A., Boneh, D., Dwoskin, J., Ports, D.R.K.: Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. In: Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 2–13. ACM, New York (2008)

  5. Yang, J. Shin, K.G.: Using hypervisor to provide data secrecy for user applications on a per-page basis. In: Proceedings of ACM International Conference on Virtual Execution Environments, pp. 71–80 (2008)

  6. Chen, H., Chen, J., Mao, W., Yan, F.: Daonity–grid security from two levels of virtualization. Inf. Secur. Tech. Rep. 12(3), 123–138 (2007)

    Article  Google Scholar 

  7. Dewan, P., Durham, D., Khosravi, H., Long, M., Nagabhushan, G.: A hypervisor-based system for protecting software runtime memory and persistent storage. In: Proceedings of the Spring Simulation Multiconference. The Society for Computer Simulation, pp. 828–835. International San Diego, CA (2008)

  8. Sailer, R., Zhang, X., Jaeger, X., Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the USENIX Security Symposium, pp. 223–238 (2004)

  9. Clark, C., Fraser, K., Hand, S., Hansen, J.G., Jul, E., Limpach, C., Pratt, I., Warfield, A.: Live migration of virtual machines. In: Proceedings of the Symposium on Networked Systems Design and Implementation, pp. 273–286 (2005)

  10. Wood, T., Shenoy, P., Venkataramani, A., Yousif, M.: Black-box and gray-box strategies for virtual machine migration. In: Proceedings of Usenix Conference on Networked Systems Design and Implementation, pp. 229–242 (2007)

  11. Nelson, M., Lim, B.H., Hutchins, G.: Fast transparent migration for virtual machines. In: Proceedings of the USENIX Annual Technical Conference, pp. 391–394 (2005)

  12. McPhee, W.S.: Operating system integrity in OS/VS2. IBM J. Res. Dev. 13(3), 230 (1974)

    Google Scholar 

  13. Bishop, M., Dilger, M.: Checking for race conditions in file accesses. Comput. Syst. 2(2), 131–152 (1996)

    Google Scholar 

  14. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: Proceedings of the ACM Symposium on Operating Systems Principles, pp. 164–177. ACM, New York (2003)

  15. Zhang, F., Huang, Y., Wang, H., Chen, H., Zang, B.: PALM: security preserving VM live migration for systems with VMM-enforced protection. In: Proceedings of the 2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference, pp. 9–18. IEEE Computer Society (2008)

  16. Bratus, S., D'Cunha, N., Sparks, E., Smith, S.: TOCTOU, Traps, and Trusted Computing. Trusted Computing-Challenges and Applications, pp. 14–32 (2008)

  17. Trusted Computing Group. TPM Specification version 1.2, Revision 103, October 2006. http://www.trustedcomputinggroup.org

  18. Harrison, K., Xu, S.: Protecting cryptographic keys from memory disclosure attacks. In: Proceedings of Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 137–143 (2007)

  19. Percival, C.: Cache missing for fun and profit. In: Proceedings of BSDCan, Ottawa, Canada, 2005. http://www.daemonology.net/hyperthreading-considered-harmful

  20. Aciiçmez, O.: Yet another microarchitectural attack: exploiting I-Cache. In: Proceedings of ACM Workshop on Computer Security Architecture, pp. 11–18. ACM, New York (2007)

  21. Acıiçmez, O., Koç, Ç.K.: Trace-driven cache attacks on AES. Information and Communications Security, pp. 112–121 (2006)

  22. Acıiçmez, O., Koç, Ç., Seifert, J.P.: Predicting secret keys via branch prediction. Topics in Cryptology–CT-RSA 2007, pp. 225–242 (2007)

  23. Bernstein, D.J.: Cache-timing attacks on AES, 2005. http://cr.yp.to/papers.html#cachetiming

  24. Bonneau, J., Mironov, I.: Cache-collision timing attacks against AES. Cryptographic Hardware and Embedded Systems-CHES 2006, pp. 201–215 (2006)

  25. Osvik, D., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. Topics in Cryptology–CT-RSA 2006, pp. 1–20 (2006)

  26. Tom Espiner: http://news.zdnet.co.uk/security/0,1000000189,39290616,00.htm, 2007

  27. Amazon. Amazon web services customer agreement, Oct 2009. http://aws.amazon.com/agreement/#7

  28. Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold boot attacks on encryption keys. In: Proceedings of the USENIX Security Symposium, pp. 45–60 (2008)

  29. Kauer, B.: OSLO: improving the security of trusted computing. In: Proceedings of the USENIX Security Symposium (2007)

  30. Kursawe, K., Schellekens, D., Preneel, B.: Analyzing trusted platform communication. In: Proccedings of the CRASH Workshop: CRyptographic Advances in Secure Hardware (2005)

  31. Selhorst, M., Stiible, C.: Trusted grub, 2006. http://www.prosec.rub.de/trusted_grub.html

  32. Oberheide, J., Cooke, E., Jahanian, F.: Empirical exploitation of live virtual machine migration. In: Proceedings of BlackHat DC Convention (2008)

  33. EMC Corp. Daoli trust cloud infrastructure. http://www.daoliproject.org/, 2007

  34. Sapuntzakis, C.P., Chandra, R., Pfaff, B., Chow, J., Lam, M.S., Rosenblum, M.: Optimizing the migration of virtual computers. In: Proceedings of the 5th ACM Symposium on Operating Systems Design and Implementation (OSDI), pp. 377–390, Boston, MA Dec 2002

  35. Whitaker, A., Cox, R.S., Shaw, M., Gribble, S.D.: Constructing services with interposable virtual hardware. In: Proceedings of the Usenix Symposium on Networked Systems Design and Implementation (2004)

  36. Hansen, J.G., Henriksen, A.K.: Nomadic operating systems. Master’s thesis, Depaerment of Computer Science, University of Copenhagen, Denmark (2002)

  37. Jin, H., Deng, L., Wu, S., Shi, X., Pan, X.: Live virtual machine migration with adaptive memory compression. In: Proceedings of IEEE International Conference on Cluster Computing. IEEE (2009)

  38. Liu, H., Jin, H., Liao, X., Hu, L., Yu, C.: Live migration of virtual machine based on full system trace and replay. In: Proceedings of the 18th ACM International Symposium on High Performance Distributed Computing, pp. 101–110. ACM, New York (2009)

  39. Liu, P., Yang, Z., Song, X., Zhou, Y., Chen, H., Zang, B.: Heterogeneous live migration of virtual machines. In: Proceedings of International Workshop on Virtualization Technology (2008)

  40. Xianqin, C., Han, W., Sumei, W., Xiang, L.: Seamless virtual machine live migration on network security enhanced hypervisor. In Procceding of IEEE International Conference on Broadband Network and Multimedia Technology, pp. 847–853. IEEE (2009)

  41. VMware Corp. Virtual Infrastructure 3, 2007. http://www.vmware.com/products/vi

  42. Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. In: Proceedings of the ACM Symposium on Operating Systems Principles, pp. 193–206 (2003)

  43. Peinado, M., Chen, Y., England, P., Manferdelli, J.: NGSCB: a trusted open system. In: Proceedings of ACISP, pp. 86–97 (2004)

  44. Kuhlmann, D., Landfermann, R., Ramasamy, H., Schunter, M., Ramunno, G., Vernizzi, D.: An open trusted computing architecture-secure virtual machines enabling user-defined policy enforcement. Technical Report RZ3655, IBM Research, 2006. http://www.opentc.net/activities/otc_HighLevelOverview/OTC_Architecture_High_level_overview.pdf

  45. System Architecture Group. L4Ka::Pistachio Whitepaper. White paper, University of Karlsruhe, Germany (2003)

  46. Murray, D.G., Milos, G., Hand, S.: Improving Xen security through disaggregation. In: Proceedings of ACM International Conference on Virtual Execution Environments, pp. 151–160 (2008)

  47. Sailer, R., Valdez, E., Jaeger, T., Perez, R., van Doorn, L., Griffin, J.L., Berger, S.: sHype: Secure Hypervisor Approach to Trusted Virtualized Systems. Technical Report RC23511, IBM Research, Feb 2005

  48. Intel Corp. Intel Trusted Execution Technology, 2008. http://www.intel.com/technology/security

  49. Intel. LaGrande Technology Architectural Overview. Technical Report 252491-001, Intel Corporation, Sep. 2003

  50. Strongin, G.: Trusted computing using AMD. Inf. Secur. Tech. Rep. 10(2), 120–132 (2005)

    Article  MathSciNet  Google Scholar 

  51. Lie, D., Thekkath, C., Mitchell, M., Lincoln, P.: Architectural support for copy and tamper resistant software. In: Proceedings of International Conference on Architectural Support for Programming Languages and Operating Systems (2000)

  52. Lie, D., Thekkath, C.A., Horowitz, M.: Implementing an untrusted operating system on trusted hardware. In: Proceedings of ACM Symposium on Operating Systems Principles (2003)

  53. Champagne, D., Lee, R.B.: Scalable architectural support for trusted software. In: Proceedings of IEEE International Symposium on High-Performance Computer Architecture, Bangalore, India (2010)

  54. Lee, R.B., Kwan, P.C.S., McGregor, J.P., Dwoskin, J., Wang, Z.: Architecture for protecting critical secrets in microprocessors. In: Proceedings of International Symposium on Computer Architecture, pp. 2–13 (2005)

  55. Dwoskin, J., Lee, R.B.: Hardware-rooted trust for secure key management and transient trust. In: Proceedings of ACM conference on Computer and Communications Security, pp. 389–400, Alexandria, VA, Oct 2007

  56. Suh, G.E., O’Donnell, C.W., Sachdev, I., Devadas, S.: Design and implementation of the aegis single-chip secure processor using physical random functions. In: Proceedings of International Symposium on Computer Architecture, pp. 25–36 (2005)

  57. Suh, G.E., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: AEGIS: architecture for tamper-evident and tamper-resistant processing. In: Proceedings of the Annual international conference on Supercomputing, pp. 160–171. ACM Press, New York, NY (2003)

Download references

Acknowledgments

This work was funded by Shanghai Science and Technology Development Funds (No. 12QA1401700), China National Natural Science Foundation under grant numbered 61003002 and Fundamental Research Funds for the Central Universities in China.

Author information

Authors and Affiliations

  1. Parallel Processing Institute, Fudan University, Shanghai, China

    Fengzhe Zhang

  2. Institute of Parallel and Distributed Systems, School of Software, Shanghai Jiao Tong University, Room 1-307, Software Building, 800 Dongchuan Rd, Shanghai, China

    Haibo Chen

Authors
  1. Fengzhe Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Haibo Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Haibo Chen.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Zhang, F., Chen, H. Security-Preserving Live Migration of Virtual Machines in the Cloud. J Netw Syst Manage 21, 562–587 (2013). https://doi.org/10.1007/s10922-012-9253-1

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10922-012-9253-1

Keywords

Search

Navigation