skip to main content
10.1145/1655008.1655021acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

Managing security of virtual machine images in a cloud environment

Published: 13 November 2009 Publication History

Abstract

Cloud computing is revolutionizing how information technology resources and services are used and managed but the revolution comes with new security problems. Among these is the problem of securely managing the virtual-machine images that encapsulate each application of the cloud. These images must have high integrity because the initial state of every virtual machine in the cloud is determined by some image. However, as some of the enefits of the cloud depend on users employing images built by third parties, users must also be able to share images safely.
This paper explains the new risks that face administrators and users (both image publishers and image retrievers) of a cloud's image repository. To address those risks, we propose an image management system that controls access to images, tracks the provenance of images, and provides users and administrators with efficient image filters and scanners that detect and repair security violations. Filters and scanners achieve efficiency by exploiting redundancy among images; an early implementation of the system shows that this approach scales better than a naive approach that treats each image independently.

References

[1]
Clam AntiVirus. http://www.clamav.net/.
[2]
Privacy protector. http://www.NetDuster.com/Privacy/.
[3]
Secureclean. http://www.secureclean.com/.
[4]
Cloud security stokes concerns at RSA, April 2009. Available at http://www.networkworld.com/news/2009/042309-rsa-cloud-security.html.
[5]
Security Guidance for Critical Areas of Focus in Cloud Computing, April 2009. Available at http://www.cloudsecurityalliance.org/guidance/csaguide.pdf.
[6]
Amazon. Amazon EC2, Developer Guide. http://docs.amazonwebservices.com/AWSEC2/latest/DeveloperGuide/
[7]
Amazon. Amazon Elastic Compute Cloud (Amazon EC2). http://aws.amazon.com/ec2.
[8]
Amazon. Amazon Simple Storage Service (Amazon S3). http://aws.amazon.com/s3.
[9]
M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, and et al. Above the clouds: A berkeley view of cloud computing. Technical Report UCB/EECS-2009-28, 2009. Available at http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.html.
[10]
K. Eshghi, M. Lillibridge, and et al. Jumbo store: providing efficient incremental upload and versioning for a utility rendering service. In FAST'07, 2007.
[11]
T. Garfinkel and M. Rosenblum. When virtual is harder than real: Security challenges in virtual machine based computing environments. In Tenth Workshop on Hot Topics in Operating Systems (HotOS'05).
[12]
Google. Google App Engine. http://code.google.com/appengine/.
[13]
B. Hayes. Cloud Computing. Commun. ACM, 51(7):9--11, 2008. Available at http://doi.acm.org/10.1145/1364782.1364786.
[14]
J. Heiser and M. Nicolett. Assessing the Security Risks of Cloud Computing, June 2008.
[15]
IBM. IBM AMIs on Amazon's EC2. http://developer.amazonwebservices.com/connect/kbcategory.jspa?categoryID=229.
[16]
IBM. IBM Cloud Computing. http://www.ibm.com/ibm/cloud.
[17]
IBM. IBM Tivoli License Compliance Manager. http://www.ibm.com/software/tivoli/products/license-mgr/.
[18]
Microsoft. Azure Services Platform. http://www.microsoft.com/azure/default.mspx.
[19]
Oracle. Oracle AMIs on Amazon's EC2. http://developer.amazonwebservices.com/connect/kbcategory.jspa?categoryID=205.
[20]
B. Pfaff, T. Garfinkel, and M. Rosenblum. Virtualization aware file systems: getting beyond the limitations of virtual disks. In Proceedings of the Third Symposium on Networked Systems Design and Implementation (NSDI '06), May 2006.
[21]
S. Quinlan and S. Dorward. Venti: a new approach to archival storage. In Proceedings of the 1th Usenix Conference on File and Storage Technologies, 2002.
[22]
D. Reimer, A. Thomas, G. Ammons, T. Mummert, B. Alpern, and V. Bala. Opening black boxes: Using semantic information to combat virtual machine image sprawl. In The 2008 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, March 5-7, 2008.
[23]
VMware. Virtual Applicance Marketplace. http://www.vmware.com/appliances/.
[24]
Eric Goldman. A Fresh Look at Web Development and Hosting Agreements. http://www.ericgoldman. org/Articles/freshlookarticle.htm.

Cited By

View all
  • (2024)Energy optimized container placement for cloud data centers: a meta-heuristic approachThe Journal of Supercomputing10.1007/s11227-023-05462-280:1(98-140)Online publication date: 1-Jan-2024
  • (2023)Data Placement for Multi-Tenant Data Federation on the CloudIEEE Transactions on Cloud Computing10.1109/TCC.2021.313657711:2(1414-1429)Online publication date: 1-Apr-2023
  • (2023)A review of security issues and solutions for precision health in Internet-of-Medical-Things systemsSecurity and Safety10.1051/sands/20220102(2022010)Online publication date: 31-Jan-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CCSW '09: Proceedings of the 2009 ACM workshop on Cloud computing security
November 2009
144 pages
ISBN:9781605587844
DOI:10.1145/1655008
  • Program Chairs:
  • Radu Sion,
  • Dawn Song
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 November 2009

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. cloud computing
  2. image repository
  3. virtual machine image

Qualifiers

  • Research-article

Conference

CCS '09
Sponsor:

Acceptance Rates

Overall Acceptance Rate 37 of 108 submissions, 34%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)20
  • Downloads (Last 6 weeks)1
Reflects downloads up to 20 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Energy optimized container placement for cloud data centers: a meta-heuristic approachThe Journal of Supercomputing10.1007/s11227-023-05462-280:1(98-140)Online publication date: 1-Jan-2024
  • (2023)Data Placement for Multi-Tenant Data Federation on the CloudIEEE Transactions on Cloud Computing10.1109/TCC.2021.313657711:2(1414-1429)Online publication date: 1-Apr-2023
  • (2023)A review of security issues and solutions for precision health in Internet-of-Medical-Things systemsSecurity and Safety10.1051/sands/20220102(2022010)Online publication date: 31-Jan-2023
  • (2022)Securing Cloud Virtual Machine Image Using Ethereum BlockchainInternational Journal of Information Security and Privacy10.4018/IJISP.29586816:1(1-22)Online publication date: 1-Apr-2022
  • (2022)Secure and Efficient Data Storage Operations by Using Intelligent Classification Technique and RSA Algorithm in IoT-Based Cloud ComputingScientific Programming10.1155/2022/21956462022Online publication date: 1-Jan-2022
  • (2022)An Enhancing the Security of Cloud Data via an Attribute-Based Encryption Model and Linked Hashing2022 Fourth International Conference on Emerging Research in Electronics, Computer Science and Technology (ICERECT)10.1109/ICERECT56837.2022.10060101(1-6)Online publication date: 26-Dec-2022
  • (2022)Security Issues and Defenses in VirtualizationProceedings of International Conference on Information Technology and Applications10.1007/978-981-16-7618-5_52(605-617)Online publication date: 21-Apr-2022
  • (2021)Fourth Industrial Revolution Application: Network Forensics Cloud Security IssuesSecurity Issues and Privacy Concerns in Industry 4.0 Applications10.1002/9781119776529.ch2(15-33)Online publication date: 30-Jul-2021
  • (2020)Security Issues of Cloud Migration and Optical Networking in Future InternetCyber Security of Industrial Control Systems in the Future Internet Environment10.4018/978-1-7998-2910-2.ch005(91-106)Online publication date: 2020
  • (2020)Quasi-optimal Data Placement for Secure Multi-tenant Data Federation on the Cloud2020 IEEE International Conference on Big Data (Big Data)10.1109/BigData50022.2020.9377953(1954-1963)Online publication date: 10-Dec-2020
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media