AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
PDF (13.8 MB)
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

Cloud Virtual Machine Lifecycle Security Framework Based on Trusted Computing

Xin JinQixu Wang( )Xiang LiXingshu ChenWei Wang
College of Computer Science, Sichuan University, Chengdu 610065, China.
College of Cybersecurity, Sichuan University, Chengdu 610065, China.
Show Author Information

Abstract

As a foundation component of cloud computing platforms, Virtual Machines (VMs) are confronted with numerous security threats. However, existing solutions tend to focus on solving threats in a specific state of the VM. In this paper, we propose a novel VM lifecycle security protection framework based on trusted computing to solve the security threats to VMs throughout their entire lifecycle. Specifically, a concept of the VM lifecycle is presented divided up by the different active conditions of the VM. Then, a trusted computing based security protection framework is developed, which can extend the trusted relationship from trusted platform module to the VM and protect the security and reliability of the VM throughout its lifecycle. The theoretical analysis shows that our proposed framework can provide comprehensive safety to VM in all of its states. Furthermore, experiment results demonstrate that the proposed framework is feasible and achieves a higher level of security compared with some state-of-the-art schemes.

References

[1]
Y. Han, J. Chan, T. Alpcan, and C. Leckie, Using virtual machine allocation policies to defend against co-resident attacks in cloud computing, IEEE Trans. Depend. Secure Comput., vol. 14, no. 1, pp. 95-108, 2017.
[2]
M. S. Dildar, N. Khan, J. B. Abdullah, and A. S. Khan, Effective way to defend the hypervisor attacks in cloud computing, in Proc. 2017 2nd Int. Conf. Anti-Cyber Crimes, Abha, Saudi Arabia, 2017, pp. 154-159.
[3]
K. S. Tep, B. Martini, R. Hunt, and K. K. R. Choo, A taxonomy of cloud attack consequences and mitigation strategies: The role of access control and privileged access management, in Proc. 2015 IEEE Trustcom/BigDataSE/ISPA, Helsinki, Finland, 2015, pp. 1073-1080.
[4]
K. Scarfone, M. Souppaya, and P. Hoffman, Guide to Security for Full Virtualization Technologies. Gaithersburg, MD, USA: National Institute of Standards & Technology, 2011.
[5]
Y. Yu, M. H. Au, G. Ateniese, X. Y. Huang, W. Susilo, Y. S. Dai, and G. Y. Min, Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage, IEEE Trans. Inf. Foren. Secur., vol. 12, no. 4, pp. 767-778, 2017.
[6]
S. M. N. Islam and M. M. Rahman, Securing virtual machine images of cloud by encryption through Kerberos, in Proc. 2017 2nd Int. Conf. Convergence in Technology, Mumbai, India, 2017, pp. 1074-1079.
[7]
M. Masdari, S. S. Nabavi, and V. Ahmadi, An overview of virtual machine placement schemes in cloud computing, J. Network Comput. Appl., vol. 66, pp. 106-127, 2016.
[8]
F. Tao, C. Li, T. W. Liao, and Y. J. Laili, BGM-BLA: A new algorithm for dynamic migration of virtual machines in cloud computing, IEEE Trans. Serv. Comput., vol. 9, no. 6, pp. 910-925, 2016.
[9]
W. B. Mao, Method and apparatus for securing the full lifecycle of a virtual machine, US Patent 20130061293, March 7, 2013.
[10]
N. Barak, A. Jerbi, E. Hadar, and M. Kletskin, System and method for enforcement of security controls on virtual machines throughout life cycle state changes, US Patent 9389898, July 12, 2016.
[11]
R. J. Forrester, W. W. Starnes, and F. A. Tycksen Jr., Method and apparatus for lifecycle integrity verification of virtual machines, US Patent 9450966, September 20, 2016.
[12]
R. Schwarzkopf, Virtual machine lifecycle management in grid and cloud computing, http://archiv.ub.uni-marburg. de/diss/z2015/0407/pdf/drs.pdf, 2015.
[13]
Top Threats Working Group, The Treacherous 12: Cloud Computing Top Threats in 2016, http://www.storm-clouds. eu/services/2017/04/the-treacherous-12-cloud-computing-top-threats-in-2016, 2016.
[14]
M. Henson and S. Taylor, Memory encryption: A survey of existing techniques, ACM Comput. Surveys, vol. 46, no. 4, p. 53, 2014.
[15]
I. O. Nunes and G. Tsudik, KRB-CCN: Lightweight authentication & access control for private content-centric networks, arXiv preprint arXiv: 1804.03820, 2018.
[16]
C. Alcaraz and S. Zeadally, Critical infrastructure protection: Requirements and challenges for the 21st century, Int.J. Crit. Infrastruct. Prot., vol. 8, pp. 53-66, 2015.
[17]
D. J. Chen, N. Zhang, R. X. Lu, N. Cheng, K. Zhang, and Z. G. Qin, Channel precoding based message authentication in wireless networks: Challenges and solutions, IEEE Network, vol. 33, no. 1, pp. 99-105, 2018.
[18]
N. Zhang, N. Cheng, N. Lu, X. Zhang, J. W. Mark, and X. M. Shen, Partner selection and incentive mechanism for physical layer security, IEEE Trans. Wirel. Commun., vol. 14, no. 8, pp. 4265-4276, 2015.
[19]
X. P. Liang, S. Shetty, L. C. Zhang, C. Kamhoua, and K. Kwiat, Man In The Cloud (MITC) defender: SGX-based user credential protection for synchronization applications in cloud computing platform, in Proc. 2017 IEEE 10th Int. Conf. Cloud Computing, Honolulu, HI, USA, 2017, pp. 302-309.
[20]
M. Plauth, F. Teschke, D. Richter, and A. Polze, Hardening Application Security using Intel SGX, in Proc. 2018 IEEE Int. Conf. Software Quality, Reliability and Security (QRS), Lisbon, Portugal, 2018, pp. 375-380.
[21]
W. Arthur, D. Challener, and K. Goldman, Platform security technologies that use TPM 2.0, in Proc. A Practical Guide to TPM 2.0, Berkeley, CA, USA, 2015, pp. 331-348.
[22]
J. X. Li, D. S. Li, Y. M. Ye, and X. C. Lu, Efficient multi-tenant virtual machine allocation in cloud data centers, Tsinghua Sci. Technol., vol. 20, no.1, pp. 81-89, 2015.
[23]
X. M. Ye, X. S. Chen, H. Z. Wang, X. M. Zeng, G. L. Shao, X. Y. Yin, and C. Xu, An anomalous behavior detection model in cloud computing, Tsinghua Sci. Technol., vol. 21, no. 3, pp. 322-332, 2016.
[24]
X. Jin, X. S. Chen, C. Zhao, and D. D. Zhao, Trusted attestation architecture on an infrastructure-as-a-service, Tsinghua Sci. Technol., vol. 22, no. 5, pp. 469-477, 2017.
[25]
X. Wan, X. F. Zhang, L. Chen, and J. X. Zhu, An improved vTPM migration protocol based trusted channel, in Proc. 2012 Int. Conf. Systems and Informatics, Yantai, China, 2012, pp. 870-875.
[26]
D. G. Sun, J. Zhang, W. Fan, T. T. Wang, C. Liu, and W. Q. Huang, SPLM: Security protection of live virtual machine migration in cloud computing, in Proc. 4th ACM Int. Workshop on Security in Cloud Computing, New York, NY, USA, 2016, pp. 2-9.
[27]
N. T. Hieu, M. Di Francesco, and A. Y. Jääski, A virtual machine placement algorithm for balanced resource utilization in cloud data centers, in Proc. 2014 IEEE 7th Int. Conf. Cloud Computing, Anchorage, AK, USA, 2014, pp. 474-481.
[28]
F. L. Pires and B. Baran, A virtual machine placement taxonomy, in Proc. 2015 15th IEEE/ACM Int. Symp. Cloud and Grid Computing, Shenzhen, China, 2015, pp. 159-168.
[29]
Z. Zhou, Z. G. Hu, T. Song, and J. Y. Yu, A novel virtual machine deployment algorithm with energy efficiency in cloud computing, J. Cent. South Univ., vol. 22, no. 3, pp. 974-983, 2015.
[30]
ISO/IEC, ISO/IEC 11889-1: 2015 Information technology —Trusted platform module library—Part 1: Architecture, Geneva, Switzerland, 2015.
[31]
Trusted computing group, Trusted Computing: An Effective Approach to Cybersecurity Defense. Beaverton, OR, USA: TCG, 2013.
[32]
Trusted computing group, TPM Main Part 1 Design Principles, Specification Version 1.2, Revision 116. Beaverton, OR, USA, TCG, 2011.
[33]
D. Challener, K. Yoder, and R. Catherman, A Practical Guide to Trusted Computing. London, UK: Pearson Education, 2007.
[34]
R. Perez, R. Sailer, and L. Doorn, vTPM: Virtualizing the trusted platform module, in Proc. 15th Conf. USENIX Security Symp., San Diego, CA, USA, 2006, pp. 305-320.
[35]
C. H. Devassy, M. Prasad, and V. Anil, Mastering KVM Virtualization. Birmingham, UK: Packt Publishing Ltd., 2016, pp. 155-156.
[36]
Y. Shi, B. Zhao, Z. Yu, and H. G. Zhang, A security-improved scheme for virtual TPM based on KVM, Wuhan Univ. J. Nat. Sci., vol. 20, no. 6, pp. 505-511, 2015.
[37]
S. Berger, K. Goldman, D. Pendarakis, D. Safford, E. Valdez, and M. Zohar, Scalable attestation: A step toward secure and trusted clouds, in Proc. 2015 IEEE Int. Conf. Cloud Engineering, Tempe, AZ, USA, 2015, pp. 185-194.
[38]
W. Arthur and D. Challener, A Practical Guide to TPM 2.0: Using the New Trusted Platform Module in the New Age of Security. Springer, 2015, pp. 156-161.
[39]
Trusted computing group, Virtualized Trusted Platform Architecture Specification, Specification Version 1.0, Revision 0.26. Beaverton, OR, USA, TCG, 2011.
[40]
X. Li, X. Jin, Q. X. Wang, M. S. Cao, and X. S. Chen, SCCAF: A secure and compliant continuous assessment framework in cloud-based IoT context, Wirel. Commun.Mob. Comput., vol. 2018, p. 3078272, 2018.
Tsinghua Science and Technology
Pages 520-534
Cite this article:
Jin X, Wang Q, Li X, et al. Cloud Virtual Machine Lifecycle Security Framework Based on Trusted Computing. Tsinghua Science and Technology, 2019, 24(5): 520-534. https://doi.org/10.26599/TST.2018.9010129

656

Views

39

Downloads

10

Crossref

N/A

Web of Science

18

Scopus

5

CSCD

Altmetrics

Received: 10 October 2018
Accepted: 10 November 2018
Published: 29 April 2019
© The author(s) 2019
Return