Detecting VM Live Migration using a Hybrid External Approach

Sebastian Fiebig, Melanie Siebenhaar, Christian Gottron, Ralf Steinmetz

2013

Abstract

Cloud computing has become a paradigm of our time. It is not only a technical solution, but a business model to sell and rent computing power and servers. Virtual machines (VMs) are used to allow a dynamic and transparent server utilization, which is made possible by VM live migration. VM live migration allows to move VMs within and out of data centers while the VM is still running. Thus, resource usage becomes more efficient. However, VM live migration also provides an opportunity for new attack vectors, which can be used by malicious attackers. They can compromise hypervisors and afterwards steal VMs from data centers to gain control over resources. In the worst case scenario, the theft remains undetected by both system administrators and customers. In this paper, we present the first taxonomy of possible VM live migration detection approaches. There are two different monitoring approaches, i.e., internal or external monitoring, as well as different detection approaches, which correspond to the different approaches to detect migration. Moreover, we propose a hybrid external approach using delay measurement with ICMP ping and time-lag detection with the network time protocol (NTP) to detect VMlive migration. We show that VM live migration can be detected by using a prototype of our hybrid external approach.

References

  1. Akoush, S., Sohan, R., Rice, A., Moore, A., and Hopper, A. (2010). Predicting the Performance of Virtual Machine Migration. In IEEE International Symposium on Modeling, Analysis Simulation of Computer and Telecommunication Systems (MASCOTS'10), pages 37-46.
  2. Broomhead, T., Cremean, L., Ridoux, J., and Veitch, D. (2010). Virtualize Everything but Time. In Proceedings of the 9th Conference on Operating Systems Design and Implementation (OSDI'10), pages 1-6.
  3. Clark, C., Fraser, K., Hand, S., Hansen, J. G., Jul, E., Limpach, C., Pratt, I., and Warfield, A. (2005). Live Migration of Virtual Machines. In Proceedings of the 2nd Symposium on Networked Systems Design and Implementation (NSDI'05), pages 273-286.
  4. Ferrie, P. (2006). Attacks on Virtual Machine Emulators. Symantec Security Response.
  5. Gottron, C., Fiebig, S., König, A., Reinhardt, A., and Steinmetz, R. (2012). Visualizing the Migration Process of Virtual Machines. In Proceedings of the 12th Euroview.
  6. König, A. and Steinmetz, R. (2011). Detecting Migration of Virtual Machines. In Proceedings of the 11th Euroview.
  7. Nirschl, J. (2011). Virtualized guest live migration profiling and detection. Graduate Theses and Dissertations. Paper 12055.
  8. Oberheide, J., Cooke, E., and Jahanian, F. (2008). Empirical Exploitation of Live Virtual Machine Migration. BlackHat DC convention.
  9. Silvera, E., Sharaby, G., Lorenz, D., and Shapira, I. (2009). IP Mobility to Support Live Migration of Virtual Machines Across Subnets. In Proceedings of SYSTOR 2009: The Israeli Experimental Systems Conference (SYSTOR'09), pages 13:1-13:10.
  10. Sonnek, J. and Chandra, A. (2009). Virtual Putty: Reshaping the Physical Footprint of Virtual Machines. In Proceedings of the 2009 conference on Hot topics in cloud computing (HotCloud'09).
  11. Tsai, H.-Y., Siebenhaar, M., Miede, A., Huang, Y., and Steinmetz, R. (2012). Threat as a Service?: Virtualization's Impact on Cloud Security. IT Professional, 14(1):32-37.
  12. Wang, W., Zhang, Y., Lin, B., Wu, X., and Miao, K. (2010). Secured and Reliable VM Migration in Personal Cloud. In 2nd International Conference on Computer Engineering and Technology (ICCET'10), pages 705-709.
  13. Xia, Y., Liu, Y., Chen, H., and Zang, B. (2012). Defending against VM Rollback Attack. In IEEE/IFIP 42nd International Conference on Dependable Systems and Networks Workshops (DSN-W'12), pages 1-5.
Download


Paper Citation


in Harvard Style

Fiebig S., Siebenhaar M., Gottron C. and Steinmetz R. (2013). Detecting VM Live Migration using a Hybrid External Approach . In Proceedings of the 3rd International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-8565-52-5, pages 483-488. DOI: 10.5220/0004376904830488


in Bibtex Style

@conference{closer13,
author={Sebastian Fiebig and Melanie Siebenhaar and Christian Gottron and Ralf Steinmetz},
title={Detecting VM Live Migration using a Hybrid External Approach},
booktitle={Proceedings of the 3rd International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2013},
pages={483-488},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004376904830488},
isbn={978-989-8565-52-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - Detecting VM Live Migration using a Hybrid External Approach
SN - 978-989-8565-52-5
AU - Fiebig S.
AU - Siebenhaar M.
AU - Gottron C.
AU - Steinmetz R.
PY - 2013
SP - 483
EP - 488
DO - 10.5220/0004376904830488