当前位置:
X-MOL 学术
›
Int. J. Netw. Manag.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Security and trust preserving inter‐ and intra‐cloud VM migrations
International Journal of Network Management ( IF 1.5 ) Pub Date : 2020-02-17 , DOI: 10.1002/nem.2103 Mudassar Aslam 1, 2 , Simon Bouget 1 , Shahid Raza 1
International Journal of Network Management ( IF 1.5 ) Pub Date : 2020-02-17 , DOI: 10.1002/nem.2103 Mudassar Aslam 1, 2 , Simon Bouget 1 , Shahid Raza 1
Affiliation
|
This paper focus on providing a secure and trustworthy solution for virtual machine (VM) migration within an existing cloud provider domain, and/or to the other federating cloud providers. The infrastructure‐as‐a‐service (IaaS) cloud service model is mainly addressed to extend and complement the previous Trusted Computing techniques for secure VM launch and VM migration case. The VM migration solution proposed in this paper uses a Trust_Token based to guarantee that the user VMs can only be migrated and hosted on a trustworthy and/or compliant cloud platforms. The possibility to also check the compliance of the cloud platforms with the pre‐defined baseline configurations makes our solution compatible with an existing widely accepted standards‐based, security‐focused cloud frameworks like FedRAMP. Our proposed solution can be used for both inter‐ and intra‐cloud VM migrations. Different from previous schemes, our solution is not dependent on an active (on‐line) trusted third party; that is, the trusted third party only performs the platform certification and is not involved in the actual VM migration process. We use the Tamarin solver to realize a formal security analysis of the proposed migration protocol and show that our protocol is safe under the Dolev‐Yao intruder model. Finally, we show how our proposed mechanisms fulfill major security and trust requirements for secure VM migration in cloud environments.
中文翻译:
保留安全性和信任度的云间和云内虚拟机迁移
本文着重于为现有云提供商域内和/或其他联盟云提供商的虚拟机(VM)迁移提供安全可靠的解决方案。基础架构即服务(IaaS)云服务模型主要用于扩展和补充用于安全VM启动和VM迁移案例的先前可信计算技术。本文提出的VM迁移解决方案使用Trust_Token保证用户VM只能在可信赖和/或兼容的云平台上迁移和托管。还可以检查云平台是否符合预定义的基准配置,这使我们的解决方案可以与现有的广为接受的基于标准,以安全为重点的云框架(如FedRAMP)兼容。我们提出的解决方案可用于云间和云内虚拟机迁移。与以前的方案不同,我们的解决方案不依赖于活跃的(在线)受信任的第三方。也就是说,受信任的第三方仅执行平台认证,并不参与实际的虚拟机迁移过程。我们使用Tamarin解算器对拟议的迁移协议进行形式化安全分析,并证明我们的协议在Dolev-Yao入侵者模型下是安全的。最后,
更新日期:2020-02-17
中文翻译:
保留安全性和信任度的云间和云内虚拟机迁移
本文着重于为现有云提供商域内和/或其他联盟云提供商的虚拟机(VM)迁移提供安全可靠的解决方案。基础架构即服务(IaaS)云服务模型主要用于扩展和补充用于安全VM启动和VM迁移案例的先前可信计算技术。本文提出的VM迁移解决方案使用Trust_Token保证用户VM只能在可信赖和/或兼容的云平台上迁移和托管。还可以检查云平台是否符合预定义的基准配置,这使我们的解决方案可以与现有的广为接受的基于标准,以安全为重点的云框架(如FedRAMP)兼容。我们提出的解决方案可用于云间和云内虚拟机迁移。与以前的方案不同,我们的解决方案不依赖于活跃的(在线)受信任的第三方。也就是说,受信任的第三方仅执行平台认证,并不参与实际的虚拟机迁移过程。我们使用Tamarin解算器对拟议的迁移协议进行形式化安全分析,并证明我们的协议在Dolev-Yao入侵者模型下是安全的。最后,
京公网安备 11010802027423号