微信服务号

微信订阅号

2025-4-5- 13
Home > Archive>Volume 27, Issue 6, 2016 >1402-1416. DOI:10.13328/j.cnki.jos.005009
PDF HTML XML Export Cite reminder
Security Protection Model on Live Migration for KVM Virtualization
Author:
Affiliation:

Fund Project:

National Natural Science Foundation of China (61502486)

  • Article
    • | |
  • Metrics
    • |
  • Reference [30]
    • |
  • Related [20]
    • |
  • Cited by [2]
    • | |
  • Comments
    Abstract:

    Live migration of virtual machines is the transfer of running virtual machines from one host server to a new host server to ensure computing tasks completed without notifying the owners of virtual machines, which has many beneficial characteristics such as load balancing, hardware independent, and high efficiency utilization of resource. However, live migration of virtual machines exposes information of virtual machines and their users to the network, making its security in the virtualized environment a serious problem that concerns many users becomes a hot issue in the industry and academia. This article focuses on researching the mechanism of virtualization and the source code of virtualization operating system, and explores breakthrough in security problems of live migration. Firstly the article analyzes potential memory-leak security threat of live migration. Then it designs and puts forward a new security protection model based on hybrid random transform coding method. Combined with KVM (kernel-based virtual machine) virtualization structure, communication mechanism and migration mechanism, the model adds monitor module and security module at source and destination of live migration, ensuring the data security while the virtual machines are migrating. Finally, a series of experiments are designed to simulate and test the security protection capability of the model and its impact to virtual machine's performance. The simulation results show that the proposed model can ensure the security of live migration in the KVM virtualization environment, as well as balance the security of virtual machines and performance of live migration.

    Reference
    [1] Oberheide J, Cooke E, Jahanian F. Empirical exploitation of live virtual machine migration. In: Proc. of the BlackHat DC Convention. 2008.
    [2] Yamunadevi L, Aruna P, Sudha D D, Priya N. Security in virtual machine live migration for KVM. In: Proc. of the 2011 Int'l Conf. on Process Automation, Control and Computing (PACC). IEEE. 2011. 1-6. [doi: 10.1109/PACC.2011.5979008]
    [3] Han Y, Fan W, Liu C, Lu B, Wang RQ. Risk discovery and study on the virtual machine memory leak. Secrecy Science and Technology, 2012,2:19-23 (in Chinese with English abstract).
    [4] Huang XP, Chen L. A method of extracting text of word from Windows XP physical image. Computer and Modernization, 2013,1(8): 165-167 (in Chinese with English abstract). [doi: 10.3969/j.issn.1006-2475.2013.08.041]
    [5] Hu M, Yang JY, Jiang W. Data recovery algorithm based on file feature on windows platform. Journal of Computer Applications, 2011,31(2):527-529 (in Chinese with English abstract). [doi: 10.3724/SP.J.1087.2011.00527]
    [6] Zhang XF, Huang ZW. Coding-Based document recovery technology. Netinfo Security, 2011,(9):156-158 (in Chinese with English abstract). [doi: 10.3969/j.issn.1671-1122.2011.09.049]
    [7] Chen L, Jing K, Dong ZX. Searching physical memory method based on EPROCESS characteristics. Journal of Chongqing University of Posts and Telecommunications (Natural Science Edition), 2013,25(1) (in Chinese with English abstract). [doi: 10.3979/j.issn.1673-825X.2013.01.020]
    [8] Bin Sulaiman NA, Masuda H. Evaluation of a secure live migration of virtual machines using IPSEC implementation. In: Proc. of the IIAI 3rd Int'l Conf. on Advanced Applied Informatics (IIAIAAI). IEEE, 2014. 687-693. [doi: 10.1109/IIAI-AAI.2014.142]
    [9] Patil VP, Patil GA. Migrating process and virtual machine in the cloud: Load balancing and security perspectives. Int'l Journal of Advanced Computer Science and Information Technology, 2012,1(1):11-19.
    [10] Nagin K, Hadas D, Dubitzky Z, Glikson A, Loy I, Rochwerger B, Schour L. Inter-Cloud mobility of virtual machines. In: Proc. of the 4th Annual Int'l Conf. on Systems and Storage. New York: ACM, 2011. [doi: 10.1145/1987816.1987820]
    [11] Berger S, Cáceres R, Goldman KA, Perez R, Sailer R, Doorn LV. vTPM: Virtualizing the trusted platform module. In: Proc. of the 15th Conf. on USENIX Security Symp. 2006. 305-320.
    [12] Wan X, Zhang X F, Chen L, Zhu JX. An improved vTPM migration protocol based trusted channel. In: Proc. of the 2012 Int'l Conf. on Systems and Informatics. 2012. 871-875. [doi: 10.1109/ICSAI.2012.6223146]
    [13] Wang W, Zhang Y, Lin B, Wu XX, Miao K. Secured and reliable vm migration in personal cloud. In: Proc. of the IEEE 2nd Int'l Conf. on Computer Engineering and Technology. 2010. 705-709. [doi: 10.1109/ICCET.2010.5485376]
    [14] Aslam M, Gehrmann C, Bjorkman M. Security and trust preserving vm migrations in public clouds. In: Proc. of the IEEE 11th Int'l Conf. on Trust, Security and Privacy in Computing and Communications. 2012. 869-876. [doi: 10.1109/TrustCom.2012.256]
    [15] Shetty J, Anala MR, Shobha G. A survey on techniques of secure live migration of virtual machine. Int'l Journal of Computer Applications, 2012,39(12):34-39. [doi: 10.5120/4875-7305]
    [16] Chen XQ, Wan H, Wang SM, Long X. Seamless virtual machine live migration on network security enhanced hypervisor. In: Proc. of the IEEE 2nd Int'l Conf. on Broadband Network & Multimedia Technology. 2009. 847-853. [doi: 10.1109/ICBNMT.2009. 5347800]
    [17] Fan W, Huang WQ, Jiang F, Liu C, Lu B, Wang RQ. Research on the virtual machine memory leak in live migration. In: Proc. of the 24th Information Security Conf. 2014. 12-17 (in Chinese with English abstract).
    [18] Wang FX, Zhou K. Application of affine password to the file encryption. Journal of Wuhan Polytechnic University, 2010,29(3): 62-64 (in Chinese with English abstract). [doi: 10.3969/j.issn.1009-4881.2010.03.014]
    [19] Gu LZ, Zhen SH, Yang YX. Modern Cryptography Course. Beijing: Beijing University of Posts and Telecommmunications Press, 2009. 166-169 (in Chinese).
    [20] Forouzan BA. Cryptography and Network Security. New York: McFraw-Hill, 2008. 219-222.
    [21] Huang D, Ye D, He Q, Chen J, Ye k. Virt-LM: A benchmark for live migration of virtual machine. In: Proc. of the 2nd ACM/SPEC Int'l Conf. on Performance Engineering. New York: ACM, 2011. 307-316. [doi: 10.1145/1958746.1958790]
    附中文参考文献:
    [3] 韩奕,范伟,刘超,吕彬.虚拟化内存泄漏的风险探知及研究.保密科学技术,2013,2:19-23.
    [4] 黄休平,陈龙.一种从内存镜像中获取Word文本的方法.计算机与现代化,2013,1(8):165-167.
    [5] 胡敏,杨吉云,姜维.Windows下基于文件特征的数据恢复算法.计算机应用,2011,31(2):527-529.
    [6] 张雪峰,黄志炜.基于编码方式的文档恢复技术.信息网络安全,2011,(9):156-158. [doi: 10.3969/j.issn.1671-1122.2011.09.049]
    [7] 陈龙,敬凯,董振兴,田庆宜.基于EPROCESS特征的物理内存查找方法.重庆邮电大学学报:自然科学版,2013,25(1). [doi: 10. 3979/j.issn.1673-825X.2013.01.020]
    [17] 范伟,黄伟庆,姜放,刘超,吕彬,王冉晴.虚拟化技术中动态迁移的内存泄漏安全问题研究.见:第24届全国信息保密学术会议(IS2014)论文集.2014.12-17.
    [18] 王防修,周康.仿射密码在文件加密中的应用.武汉工业学院学报,2010,29(3):62-64. [doi: 10.3969/j.issn.1009-4881.2010.03.014]
    [19] 谷利泽,郑世慧,杨义先.现代密码学教程.北京:北京邮电大学出版社,2009.166-169.
    Comments
    Comments
    分享到微博
    Submit
Get Citation

范伟,孔斌,张珠君,王婷婷,张杰,黄伟庆. KVM虚拟化动态迁移技术的安全防护模型.软件学报,2016,27(6):1402-1416

Copy
Share
Article Metrics
  • Abstract:5793
  • PDF: 8350
  • HTML: 3248
  • Cited by: 0
History
  • Received:August 15,2015
  • Revised:October 09,2015
  • Online: January 22,2016
Links:Institute of Software, CASChina Computer FederationCASNSFC
You are the first2033169Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063