Kororā: A Secure Live Virtual Machine Job Migration Framework for Cloud Systems Integrity

Abstract

The article introduces an innovative framework called Kororā, which aims to enhance the security and integrity of live virtual machine migration in a public cloud computing environment. The framework incorporates a trusted platform module to ensure the integrity of the migration process. It offers a new approach for virtual machine migration and has been specifically designed and implemented on a public infrastructure-as-a-service cloud platform.

The primary research problem identified is the vulnerability of virtual machine instances to attacks during the live migration procedure. The evaluation used involves running the framework simultaneously on the same hardware components (such as I/O, CPU, and memory) and utilizing the same hypervisor's platform (Xen's open-source hypervisor). In addition, the security aspect of live migration is a crucial consideration due to the possibility of security threats across different area: data plane, control plane, and migration plane. Potential attackers may employ both passive and active attack techniques, putting the live migration at risk and resulting in a decline in performance. This poses a significant and alarming risk to the overall platform.

To address the research gap, the Kororā framework emerged as a successful approach for achieving control-flow integrity by incorporating the Clark-Wilson security model proved effective in bridging the research gaps while maintaining system integrity. The primary achievement of this research is the introduction of the Kororā framework, which consists of seven agents operating within the Xen-privileged dom0 and establishing communication with the hypervisor. Overall, the finding indicate that the suggested framework offers an effective defence mechanism for moving a virtual machine from one host to another host with minimal disruption to normal operation with enhanced integrity.