Virtual Machine Migration for Secure Out-of-band Remote Management in Clouds T.Unoki, S.Futagami, K.Kourai (Kyushu Institute of Technology) OUT-OF-BAND.

Slides:

Advertisements

Similar presentations

Live migration of Virtual Machines Nour Stefan, SCPD.

Advertisements

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

Gefördert durch das Kompetenzzentrenprogramm DI Alfred Wertner 19. September 2014 Ubiquitous Personal Computing © Know-Center Security.

 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Remote Desktop Connection Techniques Wireless Communication Networks.

IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.

Towards Application Security On Untrusted OS

Virtualized EPC integrated with SDN Contact: Dr

Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.

Condor Overview Bill Hoagland. Condor Workload management system for compute-intensive jobs Harnesses collection of dedicated or non-dedicated hardware.

Linux Security.

Secure Remote Access to an Internal Web Server Christian Gilmore, David Kormann, and Aviel D. Rubin ATT Labs - Research “The security policy usually amounts.

Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.

Elad Hayun Agenda What's New in Hyper-V 2012 Storage Improvements Networking Improvements VM Mobility Improvements.

Your storage on the ground; Your files in the cloud.

Network Configuration Charles (Cal) Loomis & Mohammed Airaj LAL, Univ. Paris-Sud, CNRS/IN2P October 2013.

Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.

VNC Greg Fankhanel Jessica Nunn Jennifer Romero. What is it? Stands for Virtual Network Computing It is remote control software which allows you to view.

Secure Out-of-band Remote Management Using Encrypted Virtual Serial Consoles in IaaS Clouds Kenichi Kourai Tatsuya Kajiwara Kyushu Institute of Technology.

Troubleshooting Windows Vista Security Chapter 4.

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

Zero-copy Migration for Lightweight Software Rejuvenation of Virtualized Systems Kenichi Kourai Hiroki Ooba Kyushu Institute of Technology.

Identity on Force.com & Benefits of SSO Nick Simha.

High Performance File System Service for Cloud Computing Kenji Kobayashi, Osamu Tatebe University of Tsukuba, JAPAN.

Windows XP Professional Features ©Richard L. Goldman February 5, 2003.

Drive-by pharming is an interesting type of networking attack that combines multiple networking vulnerabilities and average user laziness to create an.

VPN Security Policy By: Fred Cicilioni. VPN, or Virtual Private Network, is a protocol that allows remote access, allowing the user to connect to all.

Server VirtualizationServer Virtualization Hyper-V 2012.

Dynamic and Secure Application Consolidation with Nested Virtualization and Library OS in Cloud Kouta Sannomiya and Kenichi Kourai (Kyushu Institute of.

Synchronized Co-migration of Virtual Machines for IDS Offloading in Clouds Kenichi Kourai and Hisato Utsunomiya Kyushu Institute of Technology, Japan.

SECURING SELF-VIRTUALIZING ETHERNET DEVICES IGOR SMOLYAR, MULI BEN-YEHUDA, AND DAN TSAFRIR PRESENTED BY LUREN WANG.

Module 3: Planning Administrative Access. Overview Determining the Appropriate Administrative Model Designing Administrative Group Strategies Planning.

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

1 Firewalls - Introduction l What is a firewall? –Firewalls are frequently thought of as a very complex system that is some sort of magical, mystical..

Firewalls Priyanka Verma & Jessica Wong. What is it? n A firewall is a collection of security measures designed to prevent unauthorised electronic access.

TCP/IP Protocol Suite Suresh Kr Sharma 1 The OSI Model and the TCP/IP Protocol Suite Established in 1947, the International Standards Organization (ISO)

By: Collin Molnar. Overview  Intro to Android  Security basics  Android architecture  Application isolation  Application permissions  Physical access.

Secure Offloading of Legacy IDSes Using Remote VM Introspection in Semi-trusted IaaS Clouds Kenichi Kourai Kazuki Juda Kyushu Institute of Technology.

An Analysis on NAT Security

Chapter 40 Internet Security.

Module 4 Remote Login.

Kenichi Kourai Hiroki Ooba Kyushu Institute of Technology, Japan

TYPES OF SERVER. TYPES OF SERVER What is a server.

3.2 Virtualisation.

Introduction to Networks

Shohei Miyama Kenichi Kourai Kyushu Institute of Technology, Japan

How do You attend the meetings?

Sho Kawahara and Kenichi Kourai Kyushu Institute of Technology, Japan

Concept of VLAN (Virtual LAN) and Benefits

I'm Kenichi Kourai from Kyushu Institute of Technology.

Features of LanSchool:

CS 140 Lecture Notes: Virtual Machines

I'm Kenichi Kourai from Kyushu Institute of Technology.

I'm Kenichi Kourai from Kyushu Institute of Technology.

Network Layer The network layer is responsible for the source-to-destination delivery of a packet, possibly across multiple networks (links). Whereas the.

Specialized Cloud Architectures

TELNET BY , S.AISHWARYA III-IT.

SCONE: Secure Linux Containers Environments with Intel SGX

ONLINE SECURE DATA SERVICE

CS 140 Lecture Notes: Virtual Machines

Virtual machine monitors & Secure operation

Kenichi Kourai Kyushu Institute of Technology

T. Kashiwagi, M. Suetake , K. Kourai (Kyushu Institute of Technology)

What’s New In WatchGuard Wi-Fi Cloud v8.6

Getting Started With LastPass Enterprise

Efficient Migration of Large-memory VMs Using Private Virtual Memory

Presentation transcript:

Virtual Machine Migration for Secure Out-of-band Remote Management in Clouds T.Unoki, S.Futagami, K.Kourai (Kyushu Institute of Technology) OUT-OF-BAND REMOTE MANAGEMENT 図 admin Clouds provide users with a method for indirectly accessing VMs Using VMs’ virtual devices E.g., virtual keyboards and video cards Users can manage VMs even on network configuration errors inside VMs virtualized system password virtual device steal INFORMATION LEAK FROM VIRTUAL DEVICES Virtual devices are managed by system admins Not all of the admins are trusted in clouds 28% of cybercrimes are caused by insiders 35% of admins have accessed sensitive information Untrusted admins can steal I/O data via virtual devices E.g., typed password and video screen user SECURE OUT-OF-BAND REMOTE MANAGEMENT Prevent information leak from virtual devices Virtualize the entire virtualized system Run virtual devices outside the virtualized system These are called shadow devices Admins cannot access shadow devices Intercept I/O requests and redirect them to shadow devices VSBypass USShadow Enable the migration of VMs with shadow devices VM migration moves VMs to other hosts Save, transfer, and restore the state of shadow devices As well as other VM states Encrypt and decrypt the state in shadow devices Prevent information leak migration receiver virtualized system source destination migration sender save restore shadow device user shadow device shadow device We compared VSBypass and USShadow with the traditional system The throughput was almost the same The response time was 1.2 ms longer The migration time was almost the same The downtime increased by 0.3 seconds PERFORMANCE