Virtual machines image protection in Cloud computing

Abstract

Virtualization is a primary feature of Cloud computing that enables a sin- gle system to concurrently run multiple isolated virtual machines. A virtual machine uses a single le called disk image to represent the hard drive of its operating system. Although, extensive research has been carried out to increase the security of Cloud virtualization, there are still open challenges related to the security of disk images used by virtual machines. Virtual ma- chine images can be compromised in many ways, for instance by unauthorized access, zero day attacks or installation of malicious software. With the in- creased adoption of Cloud infrastructure in information technology industry, there is an urgent need to safeguard disk images against prospective malicious attacks both for protecting the sensitive customer data and maintaining the integrity of virtual machines. The contribution of this thesis is two folds. First, we have analyzed the security of Cloud virtualization components including service provider, hypervisor, virtual machines and disk images from three di erent aspects. These aspects include the security requirements for virtualization, possible attacks on di erent components and the existing security solutions for the protection of virtualization environment in the Cloud. Therefore, an holistic picture of virtualization security in the Cloud is provided through structured analysis in which security requirements, attacks and solutions correspond to each other. Secondly, to protect virtual machines images from: infrastructure, hy- pervisor and storage attacks, we have proposed a security mechanism that encrypts virtual machines images in the Cloud storage. In particular, we have built an encryption system for disk images by using Advanced Encryp- tion Standard AES-256. Our proposed methodology not only preserves the integrity and con dentiality of data in stored disk images but also protects images against attacks. The image is decrypted only when it is required by the virtual machine. Our system is implemented and validated on OpenStack (an open source Cloud computing platform). The performance evaluation of our solution shows that it incurs only a minor overhead of 15 percent.