An automated VM security framework for live migration

Abstract

With the unbounded growth in the infrastructures for application hosting, demand from the consumers of the applications and the trade-off between the application availability with cost for application hosting is pushing the application providers towards cloud.The support from the cloud computing towards the application development are the dynamic load balancing, saving cost for energy and in premises hardware dependency. The dynamic load balancing is made possible by the concept of migrations of virtual machines or VMs. The migration includes identification of high loads on specific hosts, identification of possible virtual machines to be migrated and possible target hosts, where the VMs can be migrated. The challenge of migrating the virtual machines from the source to the destination physical hosts is during the migration process the virtual machines are exposed to the network and the other users available or have access to the same communication channels. Also, the virtual machines data to be made live in the target physical system, popularly called the VM images, are treated as regular files before those are live. Hence in the migration cycle, starting from the transfer of the virtual machine image and till the transferred virtual machine is live, there is a gap of security and which needs to be filled. The virtual machine images often contain the application, data generated by the application and data to be consumed by the application. Regardless to mention these three components are critical and must be prevented from the unauthorised access. Hence, a number of research attempts have proposed various schemes to secure the VM images by employing various encryption mechanisms. There methods are criticised for consuming high amount of computing capabilities for encrypting – decrypting VM images and resulting into violation of service level agreements by making the application not available for higher time.Thus, this work proposes a novel method for encrypting a higher volume VM image in less time by deploying a progressive and adaptive encryption method. The work also establishes the thought of the improvement by testing the algorithm in the light of SLA violation reduction compared with existing methods.