PARAMETRIC ANALYSIS TO ENHANCE SECURITY IN CLOUD COMPUTING TO PREVENT ATTACKS IN LIVE MIGRATION

: Cloud computing is an emerging field of today’s era to provide numerous services to the users. By using application software’s like net browser, IT users will get these services dynamically over the internet. Virtualization technology can provide these kinds of services by live migration. During live migration process VMs are reallocated from one physical host to another without disconnecting the application.In the live migration technique security of the vrtual machines is a very important issue. Existing security models does not guarantee complete security of live migration process. In this paper, we tend to discuss the various security concerns, attacks on LM and solution approaches that are Network Isolation (VLAN), v-TPM LM protocol, NSE-H and The CoM Security Framework, role based migration, SPLM Model, The Live Migration Defence Framework and The Protection Aegis for Live Migration (PALM). The comparison among these solutions based on the security dimensions is also given.


INTRODUCTION
This paper presents techniques for secure live migration in cloud computing. Cloud computing is the delivery of on demand infinite computing resources over the Internet. In each trade and academe, cloud computing has attracted significant attention [16]. Cloud computing is a pay-per-use model wherever Infrastructure (IaaS), Platform (PaaS) and software (SaaS) system are often accessed as a service. Cloud computing uses the conception of virtualization and utility computing [18]. Virtualization technology was planned in the late 1960s by IBM, could be a framework or methodology are suggested for dividing the resources of a computer into varied execution environments [7]. Virtual Machine (VM) act as a guest machine on a host machine, same as a Physical Machine (PM) has united resource levels of input/output (I/O) devices, processor, and memory [19]. Hypervisors additionally called Virtual Machine Monitor (VMM) is the most significant part of virtualization that acts as a layer between the real hardware and virtualized operating system [9]. Virtualization technology permits the sharing of same physical resources among many users which helps to make utilization of resources efficiently and effectively [6]. The type 1 hypervisors are most popular over type 2 hypervisor as a result of type 1 hypervisor deal directly with the hardware and thus give higher performance efficiency, availability and security [9]. Live migration of Virtual Machines is a fundamental highlight of virtualization. Usually, migration of VM's has been done in an offline fashion. On the destination side, the Virtual Machine (VM) operations need arranging to make resumed, at a point when the migrated started with particular case server on an additional. More recently, on-line migration technology (Live Migration) has become obtainable [17]. Live migration is a process refers to the migration of a virtual machine (or entire OS and its associated applications) in a dynamic and transparent manner from one physical machine to a different whereas the virtual machine remains running. The Virtual machines are migrated lively with a minimum time period and while not interrupting the application running on the source VM [3]. A protected live relocation needs:  Confirmed and approved administration capacities (i.e. VM creation, cancellation, relocation and so on).  A system to identify and report suspicious exercises.  The source and destination stages are trustworthy.  The migration information should remain confidential and unrestricted throughout the transmission. Generally, the live movement technique needs the standard safeguard inside and out approach for it to be secured [8]. Figure1: Secure VM migration [4] Security is a major concern in the live migration process. Attaining ability is difficult and guaranteeing consistency of all VMs could be a basic issue. The analysis relies on the approaches for live VM migration with vulnerabilities within the relocation method. Additionally, some security methods to reduce the attacks and threats during live migration of VM's are also mentioned.

Procedure of live migration
Running Virtual machines are migrated from one physical host to another using Post-copy and Pre-Copy methods in live migration. This process involves several stages [2]. Stage 1: In the starting phase, the virtual machine to be migrated from one platform to another is chosen and after that TCP connections are established [2]. Stage 2: Memory pages of a virtual machine are shifted from source machine to destination platform in memory shifting stage [4].

Stage 3: Storage Transfer Stage
Control storage from Storage devices (such as virtual hard disks) transferred from one physical server to the destination host then destination host will be an updated virtual machine and access to any associated data-storage medium [2].

Stage 4: Network Clean-up Stage
For a clear migration, all system associations that were open before relocation should stay open after relocation finishes. Since every VM will have Virtual Network Interface card (VNIC) which is recognized by a MAC address, the VM needs to refresh the switches in the system with the goal that the virtual machine activity will be sent through the relating switch port.

Pre Copy Post Copy
To begin with exchange the memory and later exchange the execution from one host to another To begin with exchange the execution and later exchange the memory from one host to another Downtime is less than one second. On aborting migration, system doesn't crash because of running VM in source host As we know downtime varies with the type of the migration technique. Downtime is more in Post Copy method as compared to Pre Copy Overhead of duplicate page transmission Memory transferred during a single pass and has less network overhead This paper is prepared as follows. Section 2 describes security dimensions of live migration, subsequent section 3 includes some solutions to prevent attacks in live migration, section 4 include a comparison of various encryption algorithms, the last section consists of conclusion.

VARIOUS SECURITY DIMENSIONS IN CONTEXT OF LIVE MIGRATION TECHNIQUE
Requirements for Secure Live Migration are as follows: Access Control or Authorization  Used to control the access of particular data or information.  Inaccurate access control strategies may enable an unapproved client to control virtual machines, for example, beginning, halting, or moving virtual machines.  With a specific end goal to keep the virtual machine from being assaulted, the ACL (Access Control List) must be executed to anticipate unauthorized access [10].

Authenticity
 Its main purpose is to confirm the identity of the individual. In this, we determine whether or not the user has an access to an exact kind of resources and the usage authority to prevent the attacker from getting access to resources of legitimate users.  Live relocation can be powerless against a few attacks like Man-In-The-Middle Attack, Denial of-Service (DOS) and Stack over flow [2]. To avoid the MITM (Man-In-The-Middle) Attack, DOS (Denial of Service) Source and Destination host must perform mutual authentication or common confirmation when the virtual machine is ready to migrate [10]. Figure2: MITM (Man-In-The-Middle) Attack launch by attacker in migration procedure using route hijacking [10]  LM is normally started from heavily loaded VMM to a different less loaded one in Dynamic Load Balancing. In this, a malicious Virtual Machine (VM under control of attacker) might hamper the migration process. Another possible scenario is once a malicious end-consumer exploit this option by way of overloading a server and creates a huge number of VMs designated the load balancing function to migrate one or more than one VMs to a different host [13].  In addition, System Administrator can control the migration process through the management console. Because Administrator is approved personnel with rights to perform pivotal configuration and set-ups, so it may be attacked by an attacker and the attacker will fake to be a supervisor to implement malicious migration [2].

Non-Repudiation
During the Live Migration process, there is a need to control and monitor all the activities privately by the System Administrator either automatically or manually.

Data Confidentiality & Integrity
Data is not automatically encrypted in LM, so it can be hacked by an attacker. By using Security techniques data must encrypt properly on the server side before transmission. This will help to avoid attacks during migration, such as passive attacks (leakage of sensitive data) and memory manipulation in LM [2].

Link transmission security
An Attacker can perform various attacks on an unprotected transmission channel. Passive attacks include sensitive information, confidential information, passwords or user account. Active Attacks are more serious because it directly affects the Virtual Machine, destroying the virtual machine eventually [13].
So to avoid such attacks we need to protect transmission channels for migration using SSL channel or VPN tunnel mechanism [13].

Secrecy or Privacy
In secrecy, a malicious user might migrate a malicious virtual machine to the physical server, and alternative virtual machines on the physical machine will simply be damaged by the malicious virtual machine and the corresponding user info is simple to leak [20].

ATTACKS ON VM AND EXISTING SOLUTIONS FOR SECURE LIVE MIGRATION TECHNIQUE
Jon Oberheide et al express the requirement for secure migration process using observations [21]. To overload goal server, an unapproved attacker will provoke large quantity of outgoing migrations onto a legitimate virtualized host server and it decreasing its performance of service. This is known as a denial of service attack [8]. The unauthorized attacker can migrate VM to authentic target hypervisor with malicious code, provides a platform for malicious VM to accomplish internet attacks on a target machine and gaining control over the hypervisor [8]. Here we tend to discuss some existing solutions, which may provide a secure system.

A. VLAN -Network Isolation
In this approach, a group of VM's is formed in order to separate the migration traffic.The limitation of this method is that by increasing the VMs on network, the complexity of network and maintaining cost also grows [7].

B. An improved Virtual-Trusted Platform Module (v-TPM) LM protocol
This protocol basically makes a secure connection between the source machine and destination machine. This protocol works in following four phases: Phase A: Authentication (Secure, trusted & private Session Establishment) To select an encryption standard (like AES, ECC, RSA) to protect integrity and confidentiality of data, TLS (Transaction Layer Security) protocol is used for handshaking. As shown below, using RSA encryption method pre master key is exchanged and then using pre master key two keys (Key enc , Key mac ) are generated for further encryption and integrity checking using SHA-1 [8] Figure4: Secure, trusted & private Session Establishment [8] Phase B: Firstly source will create a nonce and sends attestation request to the destination machine. Then destination creates a new nonce two and sends to the source, which helps to make sure freshness of the VM-vTPM transfer within the next part. The source will send two types of messages to the destination: a. For locking, it sends SVR_ATT_OK message. b. In case of failure, it sends SVR_ATT_FAILED [8] Phase C: Data transfer stage (vTPM and VM transfer) Concatenation of vTPM corresponds to its VM is encrypted using key enc . Then (Resulting message + HMACK) is computed using Key mac . Then source can move this encrypted knowledge towards the destination. On successful completion of method, source platform can get acknowledgment DONE from the destination side [8]. Phase D: The last stage of this method is a deletion of the v-TPM at the source side.

C. SPLM (Security Protection of Live Migration) Model
For a large number of VMs, SPLM model is more suitable. Figure 5 shows the architecture of SPLM model. In this model, CMP (Centralized Management Platform) is for the security of centralized management by supporting the security policies. VSG protect the communication between virtual machines by getting communication data through HAE. More detail about this model given in [13] paper. At last, we say that this model is better for a large number of VMs as compare to other models [13].
SPLM model is based on encryption. Migration time in SPLM is more as compare to other traditional methods due to the encryption of migration data.

D. Network Security Engine (NSE)-Hypervisor (The CoM Security Framework):
Figure6: Main Task of the CoM Security Framework [2] In this approach, a migration information security context is transferred in order that VM is restored on target stage [7]. The NSE firewall work in state full method, NSE maintain security context (SC) for every packet and additionally construct selections supported security context (SC) and content of the packet. The problem arises at the destination, which has an effect on as a result at the destination the VM is rejected due to missing or not matching needed security context. Figure 7 shows the architecture and components of COM framework [19]. -VMMA is acting as an agent which interacts with the hypervisors VMMA of the target system. -SCMA is also an agent which encapsulates and sends VM related SC set at once via a dedicated channel -Live migration coordinator (LMC) is a coordinator which immediately works together with target system hypervisors LMC and schedules the 2 agents parallel carry out a task of migration. Preparation, Iterative Synchronization, Final Synchronization and Resumption are the four Stages of CoM architecture [19].

(Part of the NSE)
The CoM Security Framework Enabled by

F. The Live Migration Defence Framework-(LMDF)
While considering enforcing live migration on a huge scale which includes in Cloud environment, it's far essential to keep in mind the fact that various data centers hold by cloud vendors are in distinct international areas and they do not provide particular data whether internal live migrations are used. Because of this running VMs may be live migrated without the expertise of the owners who keep their data inside these VMs. When the VMs are near the national borders while crossing then the internal data in the VM can become subject to a different legislation. Moreover, during live migration, VMs may need a manipulation in the untrustworthy area. Figure9: The LMD Framework [11] So, Live Migration Defence Framework (LMDF) has been introduced to overcome this problem of untrustworthy. It ensures the integrity and confidentiality of internal data before migration starts. The framework goals at performing as many measurements as feasible and transmits those values for later evaluation before the live migration is completed [11].

G. PALM-(The Protection Aegis for Live Migration)
PALM is depended on the VMM protection machine. In order to protect the method granularity, the VM is no longer a black-box. The VMM can have the right to understand the processes and their runtime states. Therefore the info of them is kept within the VMM, even each protected page. However, authentication and authorization security dimensions do not provide by PALM and also in this system due to the migration of metadata, the downtime is more [14].

COMPARISON OF LIVE MIGRATION SECURITY SOLUTIONS ON THE BASIS OF SECURITY DIMENSIONS
Two comparison tables are shown below, one is based on the comparison of some existing solutions for security in LM and in the second table we compare the various papers based on some of the main points which includes the name of the article, revealed year of the paper, models, tools, techniques, metric(s) names that's been used in the paper, the main objective and problems that paper mentioned followed by strengths and limitations that have been discovered within the paper.

CONCLUSION AND FUTURE WORK
In this survey paper, we have mentioned various security parameters, attacks and also mentioned various solutions to tackle these threats. Till now plenty of research papers have been published on the security of live migration, several frameworks have been already proposed by authors to secure live migration process but no solution addressed all the security issues (like authentication, access control, security etc.) and does not ensure the whole system security.
In future, this addressed problem can be extended to make an integrated solution atmosphere that addresses these security concerns of live virtual machine migration and provides an accurate secure system.