Networks - I: Virtual firewalling for migrating virtual machines in cloud computing

Abstract/Description

Cloud Computing (CC) uses virtualization to provide computing resources on demand via Internet. Small and large organizations benefit from CC because of reduced operating costs and increase in business agility. The migrating Virtual Machine (VM) is vulnerable from attacks such as fake migration initiations, service interruptions, manipulation of data or other network attacks. Hence, during live migration any security lax in VM firewall policy can put the VM at risk. A malicious VM can further pose threat to other VMs in its host and consequently for VMs in LAN. Hardware firewalls only protect VM before and after migration. Plus, they are blind to virtual traffic. Hence, virtual firewalls (VFs) are used to secure VMs. Mostly; they are deployed at Virtual Machine Monitor-level (VMM) under Cloud provider's control. Source VMM-Ievel VF provides security to VM before the migration incurs and the destination VMM-level VF starts securing VM after migration is completed. It thus, becomes possible for attacker to use the intermediate migrating window to launch attacks on VM. This research contributes towards providing understanding of having open source virtual firewall at VM-Ievel for migrating VMs to reduce attack window of VM during the migration. The final contribution is the validation and uptime evaluation of the implemented Packet Filter firewall for VM at VM-level during migration in City Network data center. Such an approach would enable hardened security for overall VM migration.

Location

Room M1

Session Theme

Networks - I

Session Type

Other

Session Chair

Dr. Sayeed Ghani

Start Date

15-12-2013 1:00 PM

End Date

15-12-2013 1:30 PM

Share

COinS
 
Dec 15th, 1:00 PM Dec 15th, 1:30 PM

Networks - I: Virtual firewalling for migrating virtual machines in cloud computing

Room M1

Cloud Computing (CC) uses virtualization to provide computing resources on demand via Internet. Small and large organizations benefit from CC because of reduced operating costs and increase in business agility. The migrating Virtual Machine (VM) is vulnerable from attacks such as fake migration initiations, service interruptions, manipulation of data or other network attacks. Hence, during live migration any security lax in VM firewall policy can put the VM at risk. A malicious VM can further pose threat to other VMs in its host and consequently for VMs in LAN. Hardware firewalls only protect VM before and after migration. Plus, they are blind to virtual traffic. Hence, virtual firewalls (VFs) are used to secure VMs. Mostly; they are deployed at Virtual Machine Monitor-level (VMM) under Cloud provider's control. Source VMM-Ievel VF provides security to VM before the migration incurs and the destination VMM-level VF starts securing VM after migration is completed. It thus, becomes possible for attacker to use the intermediate migrating window to launch attacks on VM. This research contributes towards providing understanding of having open source virtual firewall at VM-Ievel for migrating VMs to reduce attack window of VM during the migration. The final contribution is the validation and uptime evaluation of the implemented Packet Filter firewall for VM at VM-level during migration in City Network data center. Such an approach would enable hardened security for overall VM migration.