Skip to main content
SpringerLink
Log in

A secure and rapid response architecture for virtual machine migration from an untrusted hypervisor to a trusted one

  • Research Article
  • Published:
Frontiers of Computer Science Aims and scope Submit manuscript

Abstract

Two key issues exist during virtual machine (VM) migration in cloud computing. One is when to start migration, and the other is how to determine a reliable target, both of which totally depend on whether the source hypervisor is trusted or not in previous studies. However, once the source hypervisor is not trusted any more, migration will be facing unprecedented challenges. To address the problems, we propose a secure architecture SMIG (secure migration), which defines a new concept of Region Critical TCB and leverages an innovative adjacent integrity measurement (AIM) mechanism. AIM dynamically monitors the integrity of its adjacent hypervisor, and passes the results to the Region Critical TCB, which then determines whether to start migration and where to migrate according to a table named integrity validation table. We have implemented a prototype of SMIG based on the Xen hypervisor. Experimental evaluation result shows that SMIG could detect amalicious hypervisor and start migration to a trusted one rapidly, only incurring a moderate overhead for computing intensive and I/O intensive tasks, and small for others.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Zhang F Z, Chen J, Chen H B, Zang B Y. Cloud Visor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In: Proceedings of the 23rd ACM Symposium on Operating Systems Principles. 2011, 203–216

    Google Scholar 

  2. Szefer J, Lee R B. Architectural support for hypervisor-secure virtualization. In: Proceedings of the 17th International Conference on Architectural Support for Programming Languages and Operating Systems. 2012, 437–450

    Google Scholar 

  3. Jin S, Ahn J, Cha S, Huh J. Architectural support for secure virtualization under a vulnerable hypervisor. In: Proceedings of the 44th Annual IEEE/ACMInternational Symposium on Microarchitecture. 2011, 272–283

    Google Scholar 

  4. Clark C, Fraser K, Hand S, Hansen J G, Jul E, Limpach C, Pratt I, Warfield A. Live migration of virtual machines. In: Proceedings of the 2nd Symposium on Networked Systems Design and Implementation. 2005, 273–286

    Google Scholar 

  5. Travostino F, Daspit P, Gommans L, Jog C, Laat C, Mambretti J, Monga I, Oudenaarde B V, Raghuath S, Wang P Y. Seamless live migration of virtual machines over the MAN/WAN. Future Generation Computer Systems, 2006, 22(8): 901–907

    Article  Google Scholar 

  6. Bradford R, Kotsovinos E, Feldmann A, Schioberg H. Live wide-area migration of virtual machines including local persistent state. In: Proceedings of the 3rd International ACM Conference on Virtual Execution Environments. 2007, 169–179

    Chapter  Google Scholar 

  7. Chanchio K, Thaenkaew P. Time-bound, thread-based live migration of virtual machines. In: Proceedings of the 14th IEEE/ACMInternational Symposium on Cluster, Cloud and Grid Computing. 2014, 364–373

    Google Scholar 

  8. Luo Y W, Zhang B B, Wang X L, Wang Z L, Sun Y F, Chen H G. Live and incremental whole-system migration of virtual machines using block-bitmap. In: Proceedings of IEEE International Conference on Cluster Computing. 2008, 99–106

    Google Scholar 

  9. Zhang F Z, Chen H B. Security-preserving live migration of virtual machines in the cloud. Journal of Network and Systems Management, 2013, 21(4): 562–587

    Article  Google Scholar 

  10. McCune J M, Li Y L, Qu N, Zhou Z W, Datta A, Gligor V, Perrig A. Trustvisor: efficient TCB reduction and attestation. In: Proceedings of IEEE Symposium on Security and Privacy. 2010, 143–158

    Google Scholar 

  11. Wang Z, Wu C, Grace M C, Jiang X X. Isolating commodity hosted hypervisors with Hyperlock. In: Proceedings of the 7th European conference on Computer systems. 2012, 127–140

    Google Scholar 

  12. Szefer J, Lee R B. A case for hardware protection of guest VMs from compromised hypervisors in cloud computing. In: Proceedings of the 31st IEEE International Conference on Distributed Computing Systems Workshops. 2011, 248–252

    Google Scholar 

  13. Xia Y B, Liu Y T, Chen H B. Architecture support for guest-transparent VMprotection from untrusted hypervisor and physical attacks. In: Proceedings of the 19th IEEE International Symposium on High Performance Computer Architecture. 2013, 246–257

    Google Scholar 

  14. Takemura C, Crawford L S. The Book of Xen: A Practical Guide for the System Administrator. San Francisco, CA: No Starch Press, 2009

    Google Scholar 

  15. Chiang J H, Li H L, Chiueh T. Introspection-based memory deduplication and migration. In: Proceedings of the 9th ACM SIGPLAN/ SIGOPS International Conference on Virtual Execution Environments. 2013, 51–62

    Google Scholar 

  16. Galloway M, Loewen G, Vrbsky S. Performance metrics of virtual machine live migration. In: Proceedings of the 8th IEEE International Conference on Cloud Computing. 2015, 637–644

    Google Scholar 

  17. Zhu G D, Li K, Liao Y B. Toward automatically deducing key device states for the live migration of virtual machines. In: Proceedings of the 8th IEEE International Conference on Cloud Computing. 2015, 1025–1028

    Google Scholar 

  18. Keahey K, Deshpande U. Traffic-sensitive live migration of virtual machines. In: Proceedings of the 15th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing. 2015, 51–60

    Google Scholar 

  19. Hou K Y, Shin K G, Sung J L. Application-assisted live migration of virtual machines with Java applications. In: Proceedings of the 10th European conference on Computer systems. 2015

    Google Scholar 

  20. Song X, Shi J C, Liu R, Yang J, Chen H B. Parallelizing live migration of virtual machines. In: Proceedings of the 9th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments. 2013, 85–96

    Chapter  Google Scholar 

  21. Chen H B, Chen J Y, Mao WB, Yan F. Daonity-grid security from two levels of virtualization. Information Security Technical Report, 2007, 12(3): 123–138

    Article  Google Scholar 

  22. Sailer R, Zhang X, Jaeger T, Van Doorn L. Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of USENIX Security Symposium. 2004, 223–238

    Google Scholar 

  23. Keller E, Szefer J, Rexford J, Lee R B. Nohype: virtualized cloud infrastructure without the virtualization. In: Proceedings of the 37th Annual International Symposium on Computer Architecture. 2010, 350–361

    Google Scholar 

  24. Szefer J, Keller E, Lee R B, Rexford J. Eliminating the hypervisor attack surface for a more secure cloud. In: Proceedings of the 18th Conference on Computer and Communications Security. 2011, 401–412

    Google Scholar 

  25. Steinberg U, Kauer B. NOVA: a microhypervisor-based secure virtualization architecture. In: Proceedings of the 5th European Conference on Computer Systems. 2010, 209–222

    Google Scholar 

  26. Wang Z, Jiang X X. Hypersafe: a lightweight approach to provide lifetime hypervisor control-flow integrity. In: Proceedings of IEEE Symposium on Security and Privacy. 2010, 380–395

    Google Scholar 

  27. Champagne D, Lee R B. Scalable architectural support for trusted software. In: Proceedings of the 16th IEEE International Conference on High Performance Computer Architecture. 2010, 1–12

    Google Scholar 

  28. Chen X X, Garfinkel T, Lewis E C, Subrahmanyam P, Waldspurger C A, Boneh D, Dwoskin J, Ports D R K. Overshadow: a virtualizationbased approach to retrofitting protection in commodity operating systems. In: Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems. 2008, 2–13

    Google Scholar 

  29. Hofmann O S, Kim S, Dunn A M, Lee M Z, Witchel E. Inktag: secure applications on an untrusted operating system. In: Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems. 2013, 265–278

    Google Scholar 

  30. Criswell J, Dautenhahn N, Adve V. Virtual Ghost: Protecting applications from hostile operating systems. In: Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems. 2014, 81–96

    Chapter  Google Scholar 

  31. Azab AM, Ning P, Wang Z, Jiang X, Zhang X, Skalsky N C. Hypersentry: enabling stealthy in-context measurement of hypervisor integrity. In: Proceedings of the 17th ACM Conference on Computer and Communications Security. 2010, 38–49

    Google Scholar 

  32. Azab A M, Ning P, Sezer E C, Zhang X. HIMA: a hypervisor-based integrity measurement agent. In: Proceedings of the 25th Annual Computer Security Applications Conference. 2009, 461–470

    Google Scholar 

  33. Liu Z Y, Lee J, Zeng J Y, Wen Y F, Lin Z Q, Shi W D. CPU transparent protection of OS kernel and hypervisor integrity with programmable DRAM. In: Proceedings the 40th Annual International Symposium on Computer Architecture. 2013, 392–403

    Google Scholar 

  34. Wang Z, Jiang X X, Cui W D, Ning P. Countering kernel rootkits with lightweight hook protection. In: Proceedings of the 16th ACM Conference on Computer and Communications Security. 2009, 545–554

    Google Scholar 

  35. Al-Ayyoub M, Jararweh Y, Daraghmeh M, Althebyan Q. Multi-agent based dynamic resource provisioning and monitoring for cloud computing systems infrastructure. Cluster Computing, 2015, 18(2): 919–932

    Article  Google Scholar 

  36. Calero J M. Mon PaaS: an adaptive monitoring platform as a service for cloud computing infrastructures and services. IEEE Transactions on Services Computing, 2015, 8(1): 65–78

    Article  Google Scholar 

  37. Zhang TW, Lee R B. Cloud Monatt: an architecture for security health monitoring and attestation of virtual machines in cloud computing. In: Proceedings of the 42nd ACM/IEEE International Symposium on Computer Architecture. 2015, 362–374

    Google Scholar 

  38. Qiu L L, Zhang Y, Wang F, Kyung M, Mahajan H R. Trusted computer system evaluation criteria. National Computer Security Center, 1985

    Google Scholar 

  39. McCune J M, Parno B, Perrig A, Reiter M K, Isozaki H. Flicker: an execution infrastructure for TCB minimization. In: Proceedings of the 3rd ACM SIGOPS/EuroSys European conference on Computer systems. 2008, 315–328

    Google Scholar 

  40. McCune J M, Parno B, Perrig A, Reiter M K, Seshadri A. Minimal TCB code execution. In: Proceedings of IEEE Symposium on Security and Privacy. 2007, 267–272

    Google Scholar 

  41. McCune J M, Parno B, Perrig A, Reiter M K, Seshadri A. How low can you go?: recommendations for hardware-supported minimal TCB code execution. In: Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems. 2008, 14–25

    Google Scholar 

  42. Singaravelu L, Pu C, Härtig H, Helmuth C. Reducing TCB complexity for security-sensitive applications: Three case studies. In: Proceedings of the 1st ACM SIGOPS/EuroSys European conference on Computer systems. 2006, 161–174

    Google Scholar 

Download references

Acknowledgements

The subject was sponsored by the National Science and Technology Major Project (2012ZX01039-004) and the National Natural Science Foundation of China (Grant No. 61305054)

Author information

Authors and Affiliations

  1. Institute of Software, Chinese Academy of Sciences, Beijing, 100190, China

    Tao Wu, Qiusong Yang & Yeping He

  2. State Key Laboratory of Computer Science, Chinese Academy of Sciences, Beijing, 100190, China

    Tao Wu

  3. University of Chinese Academy of Sciences, Beijing, 100049, China

    Tao Wu

Authors
  1. Tao Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qiusong Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yeping He
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tao Wu.

Additional information

Tao Wu received his MS degree in computer science from University of Science and Technology Beijing, China in 2010. He is currently a PhD candidate of University of Chinese Academy of Sciences, China. His research interests include system security and cloud security.

Qiusong Yang received his PhD degree in computer science from Graduate University of Chinese Academy of Sciences, China. He is currently a professor of University of Chinese Academy of Sciences. His research interests include system and software security.

Yeping He received his PhD degree from Nanjing University of Aeronautics and Astronautics, China. He is currently a professor of University of Chinese Academy of Sciences, China. His research interests include system security and trusted computing.

Electronic supplementary material

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wu, T., Yang, Q. & He, Y. A secure and rapid response architecture for virtual machine migration from an untrusted hypervisor to a trusted one. Front. Comput. Sci. 11, 821–835 (2017). https://doi.org/10.1007/s11704-016-5190-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11704-016-5190-6

Keywords

Search

Navigation