Security Model for VM in Cloud 1
Venkataramana.Kanaparti, 2Naveen Kumar R, 3Rajani.S, 4Padmavathamma M,5Anitha.C 1,2,3,5 Research Scholars, 4Research Supervisor 1,2,3,4,5 Dept. of Computer Science, 1,2,3,4 S.V.University – Tirupati, A.P, India 1
[email protected],
[email protected],
[email protected], 4
[email protected],
[email protected] ABSTRACT
Cloud computing is a new approach emerged to meet ever-increasing demand for computing resources and to reduce operational costs and Capital Expenditure for IT services. As this new way of computation allows data and applications to be stored away from own corporate server, it brings more issues in security such as virtualization security, distributed computing, application security, identity management, access control and authentication. Even though Virtualization forms the basis for cloud computing it poses many threats in securing cloud. As most of Security threats lies at Virtualization layer in cloud we proposed this new Security Model for Virtual Machine in Cloud (SMVC) in which every process is authenticated by Trusted-Agent(TA) in Hypervisor as well as in VM. Our proposed model is designed to with-stand attacks by unauthorized process that pose threat to applications related to Data Mining, OLAP systems, Image processing which requires huge resources in cloud deployed on one or more VM’s. Keywords: Virtualization, Hypervisor Cloud server, Trusted Agent, Authentication, Digital certificate, ESX-Server, Data Mining, Image processing systems.
1.INTRODUCTION Cloud computing is a new promising computing paradigm which has developed on the base of distributed computing, grid computing, virtualization mechanisms, and utility computing. Cloud computing has been defined by the U.S. National Institute of Standards and Technology (NIST) as follows: "A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three delivery models, and four deployment models" [1]. The cloud computing model as defined by NIST, consists of cloud providers and cloud consumers. A cloud provider is a person, organization or entity responsible for making an infrastructure, platform or software available to cloud consumers as a service (IaaS, PaaS or SaaS). The person or organization that maintains a business relationship with, and uses one or more of these services (i.e. IaaS, PaaS or SaaS) from cloud service providers, is a cloud consumer and cloud tenants.fig-1 [2][3]. Mell and Grance identify the five essential characteristics as On-demand self-service. Broad network access. Resource pooling. Rapid elasticity, measured Service.[4]. For the above Five Characteristics of a Cloud to be implemented virtualization plays very important role by its very nature takes the operating systems/software and abstracts it from the physical hardware on which it is running. As a result, virtualization has several key attributes like Sharing of Infrastructure, Scalability and Elasticity Resiliency and Redundancy, Agility, Location Independence. Due to virtualization which permits customers to run different Operating Systems and applications in their virtual machines, it is difficult task for the cloud service provider to secure their customer data and applications running in VM‟s will not access other VM‟s. The problem is that unless the traffic from each VM can be
monitored, you cannot verify that traffic is not possible between VMs. So it is better to enhance the security by using techniques with slight modification by adding layer to existing ones without modifying entire strategy. The provision and management of security will become more critical as organizations increasingly virtualize their server infrastructures. If VM‟s are compromised in security large data stored in Clouds used for various Data mining and decision making purposes will lead to disastrous results. A hypervisor is one of many virtualization techniques which allow multiple operating systems, termed guests, to run concurrently on a host computer, a feature called hardware virtualization. It is so named because it is conceptually one level higher than a supervisor. The hypervisor presents to the guest operating systems a virtual operating platform and monitors the execution of the guest operating systems. Multiple instances of a variety of operating systems may share the virtualized hardware resources. Generally, Hypervisor is installed on server hardware whose only task is to run guest operating systems.[Fig-2]. To better enhance the security at VM Level we have proposed this model by using an Trusted Agent.
2 RELATED WORK Even though Virtualization provides more benefits to Cloud computing it has its own drawbacks when concerned with security like given below • VM Hoping • VM Diversity • VM Denial of Service • VM Mobility[9] While hardware virtualization approaches provide kernel confinement from the host OS, it does not, by default, provide network confinement, which prevents an infected process from causing damage on the network. Real-time detection of unknown threats coupled with automated recovery to a known pristine image is necessary to prevent an infected virtual machine from compromising user sessions and credentials or attacking other machines on the network. Finally, the virtualization layer itself might be attacked by malicious code through vulnerabilities in its interface with software running in the virtual machine. Advanced inspection techniques can be employed to vouch for the virtualization layer‟s integrity to ensure it isn‟t compromised by malicious software.[5] VMs have to communicate and also share data with each other or between two clouds in case of computations in data mining applications. If these communications didn't meet significant security parameters then they have potential of becoming attacks target[6].In a virtualization environment a hypervisor has own security zone and it is the controlling agent for everything within the virtualization host. Hypervisor can touch and affect all acts of the VMs running within the virtualization host [7]. In an attack known as “hyperjacking,” malware that has penetrated one VM may attack the hypervisor. When a guest VM attempts this attack, it is often called a “guest VM escape” because the guest VM breaks out of, or escapes, its isolated environment and attacks the host hypervisor. Once compromised, a hypervisor can then attack other guest VMs on that host.[10]. By considering above readings we analyze that VM is attacked if an unauthorized process executes in VM, so we propose a new model which authenticates the every process to and from a VM for a service in cloud by using an Trusted Agent (TA) in Hypervisor. TA will authenticate process before it is directed to VM for granting a service by executing it. Notation Description TA Trusted Agent ESX-TA TA in Hypervisor VM-TA TA in Virtual machine EDC ESX Digital Certificate DSR Data storage repository TAgid ID of Trusted Agent Table-1 Notations used in the SMVC
3. ARCHITECTURE OF SMVC The SMVC is developed by considering ESX server architecture of VMWare cloud [8] as in fig-3. In this model each request to VM is verified by VCServer, Hypervisor and VM itself before executing it. Hypervisor creates each VM with a Trusted agent VM-TA for verifying the process. In Hypervisor also each request from VCServer is handled by ESX-TA. Various notations used in proposing this model is given in Table-1. The components used in our cloud environment model are VMware ESX Server is a cloud hosting server which contains Hypervisor that provides a virtualization layer that abstracts the processor, memory, storage, and networking resources of the physical host into multiple virtual machines. VC Server/VCloud Server A service that acts as a central administration point for ESX/ESXi hosts connected on a network. This service directs actions on the virtual machines and the hosts. ESX-TA is software process known as ESX-Trusted Agent which is used to authenticate request to VM. DSR is Data Storage Repository used by TA‟s to store or to access Digital certificates for authentication. It stores data in encrypted form. VM-TA (VM-Trusted Agent) is a software process in each VM which contacts with ESX-TA for execution of any process in VM. In our proposed model SMVC, clients connect to domain which is deployed in VM (contained in ESX server) through VCServer. Clients are registered with VCserver to access the cloud services according to SLA. At the system start up along with VMM or VMX process ESX-TA‟s are created by ESX server for serving request from clients directed by VCserver. Each ESX-TA has id (TAgId) stored in VCServer for that cloud along with EDC (ESX-Digital Certificate) which will be discussed in next section. The request from client is sent valid TA along with EDC in ESX-Server. Creation of TA‟s are dynamic and created based on cloud credentials, date, time of its creation by server and updated same to VM-TA as well as VCloud Sever. EDC is calculated by Server for each cloud TA and stored in DSR of ESXTA,VM-TA,VC Server as digital certificates.
Fig-3 SMVC
4. WORKING OF PROPOSED MODEL The proposed SMVC model provides security at VCServer, at Hypervisor as well as the VM level which works in three phases as given below a) Creation of Trusted Agents b) Generation of ESX-Digital Certificate (EDC) c) Trust Verification for process execution
4.1 Creation of Trusted Agent In First phase ESX-TA‟s are created by ESX server for each Cloud or if possible for each VM along with VMX or VMM process. Its information is given to VM-TA which is created along with each VM which comprises cloud. Each process in VM is executed only after authentication of VM-TA otherwise it is kept in dead state.
4.2 Generation of ESX-Digital Certificate (EDC) In this Phase ESX-Digital Certificate(EDC) is created by ESX Certificate Creation Process it is divided into 3 parts EDC1,EDC2,EDC3 and stored at DSR,VM-TA and at VCServer which after authentication is sent along with Client request to ESX-TA. EDC is created by using following algorithm 1. The Sever chooses large prime C randomly and computes N=2*C n where n is the no of VM‟s in cloud that ESXTA will serve. 2. From N the Group ZN* is generated 3. Server chooses r1, r2,r3 ∈ ZN* for each VM r1= gk1 mod N and r2=gk2 mod N r3=gk3 mod N where „g‟ is the generator ie., the primitive root of ZN* and k1,k2,k3 ∈ Zǿ(N) 4. Server computes EDC=r1*r2 *r3 mod N 5. EDC stores EDC1=r1*r2*r3 EDC2=r1*r2,EDC3=r3 in DSR,VM-TA and at VCServer as a Digital Certificates respectively.
4.3 Trust Verification of a Process In third phase when a request is made by client to access service through VCServer it authenticates the client and service request is sent to ESX-TA having TAgid along with EDC3. Hypervisor verifies TAgid and request is handed to ESX-TA. ESX-TA computes valid EDC-2(EDC2=r2*EDC3) for the client-id process to be executed and if it fails the process in killed as it may be malware program or from a unauthorized client. If it is valid process ESX-TA sends EDC2 to VM-TA which will computes to get EDC1(EDC1=r1*EDC2) to allow process to run in VM for results. If EDC1 is not computed VM-TA denies the request and process is killed and never executed, thus secures VM .
5 SECURITY ANALYSIS As discussed in Section-2 regarding Security threats posed to virtualization in cloud environment we are giving following solutions to reduce or eliminate threats with our model A VM Hoping: It can be avoided in the proposed model since the attackers EDC1,EDC2,EDC3 will be computed only by the appropriate ESX-TA,VM-TA for that request as given in section 4 if any of EDC-2 or EDC-3 are invalid process in killed. B VM Diversity: Since our model uses Agent process for securing VM‟s they can be created any VM‟s thus reduces the threats due to VM Diversity. C VM Denial of Service: In the proposed scheme processes are controlled by Trusted agents and different VM will not have same EDC so as to use entire VM. Each valid process uses only resource as per the SLA since it is not any malware program or attacker. C VM Mobility: Even if VM‟s are copied or moved to other place they should be done along with the ESX-Digital certificate No other attacker with different EDC‟s can use that VM or execute process which may harm the VM. D. VM Rootkit: Rootkits in this model can be eliminated as any process in VM is not execute unless it is authorize d by VCServer, ESX-TA, VM-TA having valid Digital Certificate. E. Hyperjacking : It is not possible to process to hijack Hypervisor from VM as the process is trusted by TA in Hypervisor itself and also in VM.
6.CONCLUSION Virtualization plays vital role in cloud computing, its security vulnerabilities poses threat to cloud development. For VM security we propose this model in which entire process to be executed in VM are under the control of Trusted Agents which will provide security at VM level. The proposed model is based on simple authentication mechanism in which TA in VM or in Hypervisor authenticates process by verifying Digital certificate before allocating resource to execute in VM thus avoiding possible attacks. Many Data Mining, Decision making, image processing applications etc... running in cloud may suffer due to unauthorized process attacks so by using this model we can provide better security with less computation effort. We have given brief security analysis for this model theoretically and in future we can publish results and information regarding attacks.
7.REFERENCES [1] The NIST Definition of Cloud Computing, http://csrc.nist. Gov/publications/drafts/SOO-145 IDraft -SP-SOO- 1 45- cloud definition.pdf, NIST Special Publication SOO- 145, January (2011). [2] Kim, J., Kim, H., “Cloud Computing Industry Trend and Introduction Effect”, IT Insight, National IT Industry promotion Agency (2010) [3] Lee, J., “Cloud Computing, Changes IT Industry Paradigm”, IT Insight, pp. 40-46,(2009) [4] Vic (J.R.) Winkler, “Securing the Cloud”, Elsevier Inc , ISBN: 978-1-59749-592-9,(2011) [5] Chris Greamo and A Ghosh, “Sandboxing and Virtualization”, Security & Privacy Journal, IEEE, (2011) [6] Farzad Sabahi,“Virtualization-Level Security in Cloud Computing”, IEEE,(2011) [7] Texiwill,“Is Network Security the Major Component of Virtualization Security”, www.virtualizationpractice.com, (2009) [8] vmware,”ESX and vCenter Server Installation Guide”, www.vmware.com (2011) [9] Hsin-Yi Tsai, Melanie Siebenhaar and André Miede, “Virtualization impact on Cloud Security”, IT PRO , IEEE,(2012) [10] Trend Micro,”Virtualization and Cloud Computing: Security Threats to Evolving Data Centers”, Trend Micro,(2008)
