Content uploaded by Mustafa Musa Jaber
Author content
All content in this area was uploaded by Mustafa Musa Jaber on Jul 11, 2023
Content may be subject to copyright.
Content uploaded by Sura Khalil Abd
Author content
All content in this area was uploaded by Sura Khalil Abd on Jul 10, 2023
Content may be subject to copyright.
Journal of Engineering Science and Technology
Vol. 16, No. 3 (2021) 2629 - 2651
© School of Engineering, Taylor’s University
2629
USING ENERGY EFFICIENT SECURITY
TECHNIQUE TO PROTECT LIVE VIRTUAL MACHINE
MIGRATION IN CLOUD COMPUTING INFRASTRUCTURE
SURA K. ABD1, DONYA A. KHALID2,
MUSTAFA M. JABER2,3,*, ROSILAH HASSAN4, AHMED MERI5
1 Department of Computer Techniques Engineering, Dijlah University College, Alma Safi
St, doura, 10021, Baghdad, Iraq
2 Department of Medical Instruments Engineering Techniques, Dijlah University College,
AlMasafi St, doura, 10021, Baghdad, Iraq
3Alturath University College, Baghdad, Iraq
4Centre for Cyber Security, Faculty of Information Science & Technology, Universiti
Kebangsaan Malaysia, 43600 UKM, Bangi, Selangor, Malaysia
5Department of Medical Instrumentation Techniques Engineering,
Al-Hussain University Collage, Karbala, Iraq
*Corresponding Author: mustafa.musa@duc.edu.iq
Abstract
The moving process of a running virtual machine between specific hosts with no
client recognized interruption called live VM migration. In cloud computing
environment, clients cannot notice live migrations nor prevent it from happening.
Many advantages come out from live VM migration process such as workload
balancing, fault takeover, hardware maintenance, and high availability. However,
it can lead to many security vulnerabilities through migration. In this paper, we
propose a lightweight encryption technique combined with securely key
exchange and authentication mechanism to face security vulnerabilities through
live VM migration. Furthermore, we investigate active attacks on virtual cloud
environment that can lead to increase energy consumption, and we prove that by
using our proposed technique, energy can be reduced comparing to the situation
of system under attacks. Implementation and effectiveness prove of the proposed
technique is achieved using CloudSim toolkit. Our experimental results show that
our presented work can secure data migrated in cloud not on the account of
energy consumption. The end results will be produced by comparing the energy
consumption with security, without security and with attacks probabilities.
Keywords: Light weight cryptography, Live VM migration, Power consumption,
VM migration security, VM migration vulnerabilities.
2630 S. K. Abd et al.
Journal of Engineering Science and Technology June 2021, Vol. 16(3)
1. Introduction
In IT industry, cloud computing as an emerging technology has been grew rapidly due
to the benefits of different sub-technologies and concepts such as distributed
networks, processing power, virtualization, sharing, connectivity, and storage [1].
Recently, enterprises and users have been provided with unlimited storage areas
and on demand services via cloud-based services which make the cloud very
preferable technology [1].
Despite the significant advantages of the cloud technology, there are several
critical issues that could impact the efficiency and reliability of this modernistic
ongoing technology [2]. Load balancing and power consumption are two of these
critical concerns that affect cloud environment efficiency [3, 4]. Some researchers
tried to solve these issues using virtual machine (VM) migration [5-7]. VM
migration service is defined as the moving process of a VM from an under-loaded
or overloaded host machine to another one to improve load balancing or resources
and power consumption reduction [8]. Non live migration and live migration are
two used techniques of VM migration [9].
Non-live migration is migration of a switch off VM [10]. This migration suffers
from some drawbacks such as losing VM status and interrupting user service [10].
To avoid this drawback, minimize down time and improve migration performance,
live VM migration is used [11]. VM live migration allows migrating the running
VM or application from a specific physical host to other eliminating application or
client disconnection [12]. Live VM migration is commonly used to balance the
work of PMs, provide better sharing of infrastructure, elastic scaling, better fault
tolerance and ease hardware maintenance [13].
However, when VM contents are migrated, the migrated data can be exposed to
many security and integrity issues due to the connectivity network [14]. In addition,
even the VM code can be vulnerable to various attacks [15]. As a result, the attacker
can have the ability to compromise the migration module where the VM can be
relocated to a compromised server or controlled by a compromised hypervisor [14].
Therefore, live VM migration is a serious process that requires being achieved
securely [15]. To protect the migrated VM, some investigators suggested VLAN
[16], CoM [17], IPSec [18] and Role based migration [19]. The main issues of these
approaches are the growing in administrative costs and complexity since the VM
population grows [20].
On the other hand, encryption algorithms as a security solution for live VM
migration can eliminate the demands for further hardware or even dedicated
networks. Moreover, it can be employed in various networks such as local area
network (LAN), metropolitan area networks (MAN), campus area networks
(CAN), and wide area networks (WAN) [20]. Therefore, it seems that encryption
could be an attractive solution to secure data through live VM migration. However,
some researchers claimed that different security models can consume energy with
different percentages depending on model complexity (hardware and software),
authentication technique and transaction size [21]. Even cryptography methods can
consume energy with different percentages depending on key size, processing time
and migrated data size [22]. This can create a confliction with one of the reasons of
using live migration which is reducing power consumption.
Technique to Protect Live Virtual Machine Migration in Cloud Computing . . . . 2631
Journal of Engineering Science and Technology June 2021, Vol. 16(3)
In this paper, we propose a lightweight encryption algorithm combined with
DHKE and Blind signature to secure data migrated through live VM migration.
Lightweight encryption technique is a sort of symmetric cryptographic algorithms
designed to be implemented in restricted environments such as health-care devices,
contactless smart cards, sensors, RFID tags, and so on. The percentage of energy
consumption and chip size are two significant measures that used to evaluate the
properties of lightweight technique in hardware applications. Whereas in software
applications, RAM size and smaller code are utilized for the evaluation [23].
Generally, block cipher and stream cipher are the two main classification of
lightweight encryption technique. In block cipher, a fixed plaintext block size is
encrypted while a byte of plaintext is encrypted at a time in lightweight stream
cipher. Comparing to stream cipher, block is more commonly employed to encrypt
computer communications [24]. We prove that our proposed lightweight not only
secure the live VM migration but can also conserve energy when the system is
under attack.
Specifically, our contributions include: (1) investigating active attacks on
virtual cloud environment that can lead to increase energy consumption; (2)
discussing current security techniques that have been proposed to counter these
threats and discuss its advantages and drawbacks; (3) proposing a new secure
method including lightweight encryption algorithm, which not only reduces the
probability of live VM attack, but also satisfies the power consumption constraints;
(4) testing the live migration phase by investigating the parameters system
performance, migration downtime, energy consumed in migration without
suggested security model, with suggested security model, on attack without
security model and with security model; and (5) implementing and verifying the
effectiveness of our new policy using CloudSim simulation.
2. Literature Review
Workloads balancing, VM consolidation, online system maintenance, and fault
tolerance are all benefits gained via employing live migration [25]. Unfortunately,
the disclosed vulnerabilities of VM live migration caused serious security concerns.
In industry, these concerns impact on utilizing this technology for sensitive
implementations [26]. The research achieved by former investigators on live
migration do not take in consider or concentrate on its security issue. There are
several security challenges are discovered when implementing the technique of VM
live migration in Xen, VMware, etc. [27].
Lack of data migrated encryption by the migration protocol could be the most
significant security challenge in VM live migration. The whole VM data are
migrated as a clear text including kernel memory, sensitive information like
passwords and keys, current state of running implementations. Based on that, the
migrated data is considered exposed and hence can be accessible by attackers [28].
Oberheide et al. [29] proved empirically that live VM migration is prone to passive
and active attacks. These attacks are classified based on the causes that let them
occur to improper access control plan, unsecure migration channel, and loopholes
in migration module.
2632 S. K. Abd et al.
Journal of Engineering Science and Technology June 2021, Vol. 16(3)
2.1. Improper access control plan
An improper access control plan allows an unauthorized user initiating a VM
migration and termination process. Besides, this plan is responsible for making
decisions related to sharing resource, accessing hypervisor (VMM), isolating
among VMs located on the same PM, etc. [1]. Lax security arrangements can assist
an attacker in performing the following attacks:
• Inter VM attack
• False resource sharing
• Guest VM attack
• Internal attacks
• Denial of service attack
The operations of VMM including initiating and managing live VM migration
need to be resistant against tampering and authenticated [30].
2.2. Unsecure migration channel
Generally, in migration process, memory contents including application data and
kernel states are migrated from one PM to another. The unsecure migration channel
can be an issue due to the used migration protocol. The data migrated over the
networks employs a migration protocol that does not encrypt the migrated VM
contents which make them vulnerable to be attacked [31].
DNS and ARP spoofing can be utilized by the attacker to launch man in the
middle attack (MITM) over unprotected communication network. Based on this,
passive and active attacks can be produced during the migration. Comparing to
active attack, which is a serious issue, passive attacks give the attacker the ability
to secretly read the migrated data which can contains sensitive information such as
keys and passwords or capture the genuine packets and reply it later. Thus, to
reduce tampering and snooping tries on migrated data, the used channel should be
protected and secure [32].
2.3. Loopholes in migration module
The functionality of VM migration is implemented via software component
defined as a migration module. In migration module, there are several loopholes
that can be exploited by the attacker including stack, heap, and integer overflow
etc. They can be utilized for injecting malicious code, compromising VMM, or
even stopping the migration [33].
3. Attack Identified
Some of the attacks are identified at virtualization layer. Below is a description for
some of the attacks occur during live migration process.
3.1. Man in middle attack
During dynamic consolidation of VMs in cloud data centres, VMs are migrated
from one host to another according to their current resource requirements. To
perform MITA, attacker may logically locate himself in the transit path of VM
migration utilizing some mechanisms like route hijacking, DNS poisoning, and
Technique to Protect Live Virtual Machine Migration in Cloud Computing . . . . 2633
Journal of Engineering Science and Technology June 2021, Vol. 16(3)
ARP spoofing. Figure 1 shows how an attacker can modify the original VM with
malicious VM during live migration [34].
Fig. 1. Man in middle attack in VM live migration.
3.2. Co-residence attack
In co-resident attack, a side channel is built in by an attacker to extract sensitive
information from VMs co-located on the same server or different server especially
through VM placement [35]. Potential loopholes in live migration can be exploited by the
attacker to increase their co-locating probability with the target. The attacker in this type
of attack can exploit timing information or power consumption to attack the system [36].
3.3. Attack between VMs or between VMs and VMM
Most important feature of virtualization is isolation, which means that any guest
VM is not able to access more resources than it has been granted. If this feature is
not deployed carefully by VMM, then it can become loophole for an attacker [37].
Improper configurations within host allows attacker to break out the isolation,
which further allows attacker to perform [38]:
• Denial of service: Attacker can modify VM to acquire all resources (storage,
CPU cycles, and memory) of the host and preventing other VMs to execute
their task units.
• System halt: Attacker can introduce an instruction which can force the
hypervisor or VM to crash.
• VM escape: Attacker takeover complete control over another VM. Attacker
can access memory of other VMs or of host and can execute its malicious
content on takeover system.
3.4. VM sprawl
In a virtual environment, the improper managing of VMs causes VM sprawling.
The main reason behind back to the continuous growth of VMs number where most
of them are idle or cannot recovered from sleep mode. As a result, the host machine
(HM) resources can be wasted [39].
3.5. VM controlled by host machine
HM controls the VM management, thus it is crucial to protect it from being
attacked. HM is responsible for starting, shutting down, and restarting the VMs
2634 S. K. Abd et al.
Journal of Engineering Science and Technology June 2021, Vol. 16(3)
running within a host, observing, and observing resources according to VMs
requirements, viewing and modifying VM images, and in some cases monitoring
applications or tasks running inside VMs. Thus, if HM gets attacked, attacker can
breach any of the above responsibility of HM [40].
3.6. Denial of service attack
In virtual environments, denial of service attack (DoS) is a serious VMs threat.
This attack may occur due to VMM misconfiguration that allows a specified VM
consuming all the available resources. Thus, all other VMs running on the same
PM can be suffered from starving. Hence, the network hosts can be functioned
inappropriately because of the shortage of hardware resources [41]. Distributed
Denial of Service (DDoS) attack can occur when multiple VMs compromise the
system [42].
4. Computer Security Requirements for VM Migration
In cloud environment, there are some main security requirements that need to be
presented to get secure live VM migration and incorporated in it. These
requirements are explained and formulated in this section [32, 43].
4.1. Authentication
In migration process, ARP poisoning and route hijacking mechanisms
are employed by the attacker to launch MITM attack. Avoiding MITM attack
can be achieved by allowing the VM source and target to authenticate each
other mutually.
4.2. Platform integrity verification
For trust establishment, the VM destination should identify itself cryptographically
to the VM source.
4.3. Integrity and confidentiality of VMs during migration
To immune an attacker from gaining any VM contents during migration besides
detecting any improper attempts to modify these contents, an encrypted channel
must be utilized. Based on this, some active and passive attacks can be avoided
involving memory manipulation and sensitive information leakage.
4.4. Authorization
To protect the process of live VM migration, a proper access control policy should
be presented. By employing access control list (ACL's) in VMM, unauthorized
actions can be prohibited.
4.5. Source non-repudiation
Source host cannot deny from the operation of VM migration. Public key certificate
can be utilized to achieve this feature.
Technique to Protect Live Virtual Machine Migration in Cloud Computing . . . . 2635
Journal of Engineering Science and Technology June 2021, Vol. 16(3)
4.6. Replay resistance
In VM migration, data migrated can be captured by the attacker and replayed latter
to gain authentication. Thus, the process of live VM migration should be replayed
resistant. Preventing replay attack can be accomplished via utilizing Nonce's.
In next section, an analysis of existing security solutions is surveyed with
respect to previous security requirements.
5. Secure Live Migration: Suggested Solutions
There are many approaches that suggested by authors to protect live VM
migration in cloud datacentres. Some of these approaches and its limitations
are studied in this section.
5.1. Isolating the migration traffic
One of the common solutions employed to protect the migration process is isolating the
traffic of the migration. This can be achieved via creating a mini VMs group or only
one VM to its own host-based virtual local area network (VLAN). In migration process,
a secure transmission channel can be defined by utilizing an isolating and segmentation
tool VLAN. In addition, the defined traffic can be isolated from another network traffic
[16]. However, this solution can face an issue related to the administrative cost and
complication growth is the growth due to the growing of VM population [44].
5.2. Network security engine-hypervisor
The concept of enclosing the hypervisor with the security engines of a network as
a way for intrusions uprooting is employed by the network security engine-
hypervisor approach (NSE)-VMM. In virtual environment, security can be
achieved by providing multiple components such as firewall, intrusion detection
and prevention system, and intelligent packet processing capability which all
included in NSE. For each migrated packet, the security context (SC) can be
maintained by NSE. In addition, based on the packet contents and SC, decisions
can be constructed [17]. The issue with this technique is in the transmission phase
where the execution context (EC) is encapsulated, but not SC. Thus, the VM can
be rejected at destination due to missing or not matching the demanded SC [45].
Figure 2 explains the framework architecture of live migration based on NSE-
VMM which proposed by Xianqin et al. [17] and defined as CoM architecture. The
framework consists of VM migration agent (VMMA), SC migration agent
(SCMA), live migration coordinator (LMC), NSE, and hypervisor core. VMMA is
an agent that interacts with the target machine VMM to provide it with the VM
encapsulated states. SCMA is employed to encapsulate and transmit the related SC
set directly via a dedicated channel. LMC is a coordinator works directly with
destination hypervisors LMC to perform the migration task parallelly.
Based on this framework, the traditional mechanisms of security (e.g., IDS and
firewall) can be applied effectively in the migration process. However, NSE-VMM
does not support all the security requirements mentioned in previous section.
2636 S. K. Abd et al.
Journal of Engineering Science and Technology June 2021, Vol. 16(3)
Fig. 2. Architecture of CoM framework.
5.3. Role based migration
This method depends on utilizing Intel vPro and TPM hardware to protect
migration process which is also called secure VM-vTPM. Figure 3 shows the
method high level architecture. According to this architecture, some components
should be involved [46, 47]:
• Attestation Service: This module is employed to establish a secure session for
subsequent communication by allowing the running VMM to introduce itself
cryptographically to the distention VMM. For verifying the integrity of the
system, the source performs a remote attestation after establishing a secure and
authenticated channel.
• Seal Storage: This module employed to insist storing role-based policies and
private key. The private key is utilized to encrypt the data responsible on
attestation. The hash of the booted relied OS is incorporated with the encrypted
data in which only a relied OS with the same hash is allowed to unseal it.
• Policy Service: To manage policies of VM migration decisions such as from
which host the VM should be migrated and which one has the power to receive
it, policy service is used.
• Migration Service: The remote server can employ the migration service to
check if the target machine meets the migration security requirements before
taken the migration decision. Thus, attestation requests are used to initiate the
remote server.
• Secure Hypervisor: Protecting the process of guest OS requires this module
to utilize the memory measurement at runtime.
However, this security method cannot be integrated with current deployed
infrastructure due to required changes at hardware and software stages. In addition,
the vTPM keys are located outside the TPM. Thus, they are vulnerable to
unauthorized modification and leakage. Besides, the migration time can be
increased which causes system overhead as the vTPM state is also migrated.
Technique to Protect Live Virtual Machine Migration in Cloud Computing . . . . 2637
Journal of Engineering Science and Technology June 2021, Vol. 16(3)
Fig. 3. Role based migration architecture.
5.4. IPSec tunnel
Another live migration security method can be achieved via initiating an internet
protocol security (IPSec) tunnel. IPSec is a protocol used to protect the internet
traffic. Each migrated packet is encrypted and authenticated when pass via the
tunnel. Thus, using this method can secure the migrated data and make it difficult
to be traced. However, employing IPSec tunnel to provide secure transmission
increases the VM downtime due to further required processing and overhead which
can cause a longer duration service disruption [18].
5.5. VM mobility using SSH tunnel
Another solution proposed by authors of [48]. They presented a framework
involves an inter cloud proxies; secure channel connected these proxies, and virtual
network migration with non-shared storage. Accesses to inter cloud VM mobility
hosts can be restricted by employing inter cloud proxies. To provide a secure
migration, SSH tunnel is utilized among proxies where the VM state and memory
are also migrated. However, this method does not support authorization
requirements. In addition, a forwarding port is required on firewalls.
5.6. Trusted cloud security level (TCSL)
This technique presented a new framework for the cloud environment with set of
policies to customize zones. In cloud, VMs can be united logically, and trusted zones
can be isolated based on VM security requirements by utilizing TCSL. In trusted cloud,
each trusted zone has a level of security and each VM migrated is managed via using a
module of reliable migration. This module includes cloud and central security
management, security attributes and migration layers waiting queue [49]. In cloud
trusted zone, VMs can be also isolated using TCSL based on their security level.
This method faces an issue that it does not have the ability to be integrated with
the existing cloud infrastructures. Thus, some cloud platform modifications are
required to achieve secure and reliable features which can cost the system.
2638 S. K. Abd et al.
Journal of Engineering Science and Technology June 2021, Vol. 16(3)
5.7. RSA with SSL
To protect the data migrated through migration process, some investigators
proposed RSA with SSL technique [50]. This technique includes three main stages.
First is calculating the PM load. Second, employing RSA with SSL technique to
get encryption and authentication requirements besides providing a privacy and
protection for memory contents. Eventually, pre-copy or post-copy mechanisms are
utilized to migrate the data from the source to the target machine. In migration
process, to get authentication, this method is required the public keys of all VMMs
which adds extra difficulty to manage them.
5.8. Trusted token (TT)
Another proposed method is Trusted Token (TT) which includes a set of policies
such as migration implementing and auditing. For VM migration, user's policy
involves the acceptable Trust Assurance Level (TAL) value of the target cloud
platform. TT is a trust credential that includes TAL value initiated by platform trust
assurance authority (PTTA) based on the platform software and hardware
components. The migration process is achieved when TAL value of the target
platform is acceptable against the one of user migration policy. TPM-based bind
key pair is utilized for VM encryption [51].
The complexity in this method can be grown due to users' number that performs
the migration simultaneously. In addition, TAL value is dependent upon on the
platform software and hardware components. Thus, a little platform modification
requires new TAL value signed by PTTA. Besides, the performance can be
degraded due to TPM bottleneck.
5.9. Encryption algorithms
Extra hardware and dedicated networks requirement can be avoided by using
encryption techniques. In addition, it can be employed to secure the migration
process in various sorts of networks such as LAN, MAN, CAN, and WAN.
A drawback of encryption is that it may slow down the VM migration in high-
bandwidth low-delay networks if the processing of encryption/decryption is slow.
For instance, it is an open question whether the fastest VM migration approach
without encryption will remain the fastest approach with encryption [52].
6. Proposed Method
The objective of our proposed work is to secure data migrated through live
migration process while preserving energy consumption level. Lightweight
encryption algorithm combined with DHKE and blind signature is proposed to
secure the key, authenticate the VM destination and protect the migrated data.
Moreover, specified attacks applied on the system to prove its security and make a
comparison regarding to system performance and consumed energy. Downtime is
also calculated with and without security system.
6.1. Security model
Consider VM source Vs and VM destination Vd are two VMs in the cloud computing
that the data migrated from Vs to Vd. In our proposed architecture, we are utilizing
Technique to Protect Live Virtual Machine Migration in Cloud Computing . . . . 2639
Journal of Engineering Science and Technology June 2021, Vol. 16(3)
three protection techniques scheme. DHKE is used to exchange keys and generate
secret key. For authentication, blind signature is used; thereafter AES encryption
algorithm used to encrypt data migrated. The procedure of protecting data migrated
from Vs to Vd using authenticated DHKE combined with AES is described as below:
Guaranteeing high security implementation requires a prime number p to be
higher than 128 bits as it considers a shared public key. In addition, private keys (a)
and (b) must be big enough for strong exponential hard problem. Both VMs generate
their own private key (a) and (b). Vs calculates public key A signs A to A' then delivers
it to Vd. Vd signs blindly A' using its private key b and delivers the result S' back to
Vs. Vs verify S' to check if Vd is a valid VM not an attacker. Vs uses r in verifying S'. r
is a random value which is relatively prime to N where gcd (r,N)=1. N is a public
modulus. If the verification is correct, then Vs delivers its public key to Vd to calculate
shared key K using Vs public key and its private key b. Same time Vs also calculates
K using delivered Vd public key B and Vs private key a. Finally, shared secret key K
employed as AES symmetric key to encrypt migrated data M to M'. Thus, to
guarantee a strong data encryption of AES, p must be a big prime number. Figure 4
describes the proposed security model through live migration process.
Fig. 4. Live migration: security model.
6.2. Migration attacks
As mentioned earlier in previous section, there are some attack types that can not only
affect system security, but also increase system energy consumption. In our work,
two attacks are chosen to check the effectiveness of the proposed security model.
These attacks are chosen regarding to its popularities in attacking migration process
and its disastrous effects on the system as a security and energy consumption issues
[53, 54]. These two attacks are MIMA and co-resident attack through live migration.
Both types of these attacks, the attacker pretend or co- locate to be a valid VM.
Obviously, the attacker needs to use or co-locate with many destinations by
2640 S. K. Abd et al.
Journal of Engineering Science and Technology June 2021, Vol. 16(3)
minimum number of VMs. Therefore, attacked system performance Pt can be
considered as the gains divided by the costs. It is equal the VMs number where
attackers are co-located with at least one of the destinations D, divided by the total
VMs number produced by the malicious.
((,)) = (,)
(,) (1)
where VM (a,t) is the VMs set launched by (a) malicious in an attack time (t) and (Suc
VM (a,t)) is a VM (a,t) subset co-located with at least one of the VM destinations D.
6.3. Comparison of downtime and system performance
During live VM migration process, the system performance can be evaluated using
two significant parameters. The duration of the whole live migration process which
is called total migration time and the service interruption time of the running
migrated VM which is knows as migration downtime.
In addition, migration bandwidth and the rate dirty pages are two factors than
can impact the performance. The rate of dirty pages relies on the migrated VM
workload where it cannot be changed. Thus, improving the performance depends
on allocating appropriate migration bandwidth.
Let N be the total VM pages number. Ni (i ≥ 1) refers to the pages number that
migrated in i-th round of the pre-copy phase. Bp defines the migration bandwidth
evaluated by the unit pages/second. Bm and k is the maximum bandwidth and the
total iterations number in the phase. Tt and Td refers to the total migration time
and migration downtime. In pre-copy phase, Tt and Td can be obtained as:
=
(2)
= (
) +
(3)
To evaluate the characteristics of system performance during migration process,
Td, Tt, and the amount of migrated data are utilized. As Td represents the migrated
VM suspend time, the VM availability can be measured during the migration. On the
other hand, the whole duration started from initiating the migration request till the
whole migrated VM contents reach the target machine is defined by Tt. Finally, the
total migrated memory pages number is clarified by the amount of migrated data.
6.4. Comparison of power consumption
Power consumption by computing nodes in data centres is generally dictated by the
CPU, memory, and storage capacity and communication link. In live migration,
power is consumed by migration a VM server from the original PM server to the
target one. Migration power cost is evaluated via calculating two parameters: the
power utilized by the original PM server to initiate the migration process, and the
one utilized by the target server. Increasing the resources used during migration can
be the main cause behind the cost including storage (e.g., disk, memory),
computational (e.g., CPU), and I/O resources (e.g., network).
Two metrics are used to calculate power utilization through migration process.
Total power consumed by the data centre through migration process Pm and Total
Technique to Protect Live Virtual Machine Migration in Cloud Computing . . . . 2641
Journal of Engineering Science and Technology June 2021, Vol. 16(3)
power consumed by cloud physical equipment Pe. By taking the division of these
two metrics as shown in Eq. (4), total system power utilization Pu is calculated.
=
(4)
Two other power utilization values will be calculated in this section which are
power consumed in case of system attacked Pt and power consumed in case of
suggested security system applied Ps in Eqs. (5) and (6) respectively.
= ( + )
(5)
= ( + )
(6)
We tried in this paper to prove that Pus is less comparing to Put and preserving
the value of Pu.
7. Experimental Simulation
For evaluating the performance of the algorithms, we perform a simulation. In our
project, we have chosen the CloudSim Toolkit as a simulating environment. We
have also added some settings into the CloudSim Toolkit when we conduct the
experiment. In addition, the framework is extended to allow estimating the energy
consumed through migration. Besides, a security model is incorporated to ensure
VM security during migration. The settings at the designed data centre have 100
hosts. The CPU core processor speeds are equivalent to 1000, 1500, 3000 MIPS
etc. The amount of RAM is 40GB and storage capacity is 11TB.
An experimental testbed is developed to examine the effects of the attacks on
the energy consumption. The model topology includes VS, VD and VMAttacked entities.
VS and VD are two VMs engaged through migration process as part from allocation
process. The migrated data could be sensitive such as sensitive information, private
data, and security codes. Under this transmission channel, the aim of a malicious
user is breaking any existing security wall and stealing the migrated data or
destroying the transmission.
7.1. Communication model
In the first stage of the experiment, the data are migrated from VS to VD without added
security mechanisms so as minimum amount of energy is consumed. When the data
are started to be migrated, if the migrated data does not reach the destination, the
system would raise the power level to override the issue. However, this cannot solve
the issue totally as the attacker may apply severe jamming attack, or the
communication channel could be occupied by another transmission or migration.
Based on that, the system usually employs an energy detection to discover the
channel that is energy free. However, the detected channel could be found out by the
attacker in case he exists. Then, the new channel is started to be jammed by the attacker.
This process can be dangerous in case no security mechanism exist as the migrated data
can be vulnerable to eavesdropping. Thus, the security model is presented between the
two VMs. The required computational power to encrypt and decrypt migrated data may
assist in delaying the migration process. Based on this, the time required to migrate the
same data can be greater which impacts on growing the demanded amount of energy.
2642 S. K. Abd et al.
Journal of Engineering Science and Technology June 2021, Vol. 16(3)
In some cases, the attacker can have the ability to perform jamming attack where the
migrated data can be dropped if the migrated data cannot be decoded due to the security
mechanism. Increasing the power level and detecting a new channel procedure will
have to be performed once more to override the attack.
7.2. Attacker model
The attacker aim is breaking any security constraints between VS and VD. The
VMAttacked can start by identifying the migration channel scanning for the available
ones till finding the specified one. Then, the migration data is subjected to several
attempts of decoding. In this case, two scenarios could be happened. Firstly, if the
migration process does not involve security model, then the attacker can easily
decode the migration data. On the other hand, if the security model is employed,
then the only way available for the attacker is jamming attack as he cannot steal the
key as it transferred securely combined with authentication method. Finally, the
attacker always has the ability to apply jamming attack independently whether a
security model included or not.
8. Simulation Results
In this section, the results are evaluated in term of security risk, system
performance, and energy consumption. Various scenarios are employed where the
consumed energy is calculated. The basic idea involves migrating data between two
VMs under security model or without it. Three various tests are applied to
investigate the vulnerabilities based on the energy consumption of attack model.
The migrated data length used is 102 bytes. Then, the test is applied on 1000
migrated packets each 102 bytes. Simulation parameters is illustrated in Table 1.
Table 1. Simulation parameters.
Parameters
Value
Migrated Packets
1000 packets
Migrated Data Length
102 bytes
Number of task
3
Migration time
0-35 ec
8.1. Migration without security
The first case tests the migration process without any security concentrating on
system performance and the consumed energy. Based on successful migrations, an
energy consumption and migration performance investigations are carried out as is
depicted in Figs. 5, 6, and 7, respectively. This situation is applied to present the
basic migration model. In this scenario, the attacker has the ability to decode the
migrated data as discussed in previous section. Even if the system spends the
minimum amount of energy and no migration downtime which increases the
performance efficiency in this situation, the migration involves many privacy and
security issues. If these issues are existed, then the energy and performance
efficiency will be impacted as shown in section 8.3.
Technique to Protect Live Virtual Machine Migration in Cloud Computing . . . . 2643
Journal of Engineering Science and Technology June 2021, Vol. 16(3)
8.2. Migration with security
The second discussed case is when the migration process subjects to the security
model. The migrated data is decoded using AES-128. In addition, the encryption keys
are transferred securely by utilizing DHKE and the data are authenticated using blind
signature. The migrated data in this situation reaches the destination with a small
amount of delay time due to the security model processing. Figures 5 and 7 show the
percentage of energy consumption in this scenario and the migration time.
The demanded time to migrate the same data is 36% greater when security
model is activated. Besides, the percentage of energy will be increased in minimal
amount due to the computational power of security process. On the other hand, the
migration data is immune to attack by MITM attack or co-located as it cannot be
eavesdropped or decode the data due to encryption mechanism and secure key
exchange. Even VMAttacker cannot pretend to be VD due to the authentication process
performed by blind signature.
8.3. Migration on attack
In final scenario, two situations are discussed: without security and with security.
In case there is no security model, the data can be stolen easily by MITA or co-
located VMAttacker. These two attacks can increase the energy consumption by
employing fake VMs which should not be part of the system or even if they manage
to get the migrated data, the system may first realize that there is a dropped packet
due to interference caused by external transmission.
The reason behind could be jamming attack or the channel is already occupied.
Multiple trails will be done in this case to re-migrate the data. In case the issue
continues happening, an energy detection would be performed to find the most
convenient channel in term of energy. When the specified channel is allocated, the
level of the power is reduced to its minimum value. The piecemeal power growth
and channel detection process would have an impact on raising the consumption of
energy. Finally, if the system detects that there is an attack, then the affected VMs
or even host will be shutdown which leads to performance degradation. The
attacker can notice that there is no migration on the previous channel and a new
one is assigned. Therefore, his next step is detecting and attacking the new specified
channel and the procedure will be repeated.
On the other hand, if the security mechanism is activated as mentioned in
previous section, then it will be difficult for the attacker to decode or even listen to
the migrated data as it is encoded. Thus, the best attacker scenario will be
destroying the communication channel such as jamming attack. In this situation,
the procedure will be the same as in previous paragraph, yet more delay is added
through migration due to the security model computation time.
Figure 5 demonstrates the energy consumption comparison among the three
scenarios. When the security model is enabled, there is an increment of 25%
compared with the migration without it. However, when the system is attacked, the
increase on the energy consumption is more than 43% compared to the migration
free of attack. Thus, energy consumption on system under attack is increased to
more than 18% comparing to one under security model.
2644 S. K. Abd et al.
Journal of Engineering Science and Technology June 2021, Vol. 16(3)
Fig. 5. Comparison of energy consumption.
Figures 6 and 7 present the comparison of migration downtime total migration
time, respectively. It can be noticed that system combined with the security
mechanisms increases the downtime and the total migration time due to the
encoding, key exchange, and authentication process. In addition, with each
increasing in the amount of migrated data, the computational process of the security
mechanism takes more time. However, this can be solved by providing a fast
processor dedicated for security computation and by increasing the percentage of
the migrated data per second. Finally, this increment in migration time due to
activating security mechanism considers accepted comparing to system under
attack where the migrated data can be stolen or never reach the specified
destination. Moreover, it will cost the system extra time and energy to re-migrate
the data or even trying to recover after attack.
Fig. 6. Comparison of migration downtime.
Fig. 7. Comparison of total migration time.
0
0.1
0.2
0.3
0.4
0.5
Total Energy Consum
Numberof Task Migrated
X 10
5
X10
4
1
2
3
0.5 1 1.5 2 2.5 3
0
200
400
600
800
1000
1200
Migration Downtime (ms)
1
2
3
Pre-cop y 64 128 256 512 1024
0
5
10
15
20
25
30
35
Migration Time (s)
1
2
3
Pre-copy 64 128 256 512 1024
Technique to Protect Live Virtual Machine Migration in Cloud Computing . . . . 2645
Journal of Engineering Science and Technology June 2021, Vol. 16(3)
Depends on that the device typically uses an energy detection system to discover
the energy-free channel with security mechanism. And if it exists, the detected channel
may be discovered by the attacker using security parameters. Then the attacker begins
to jam a new channel securely. In the event that no security mechanism exists, this
method can be risky as the migrated data can be vulnerable to eavesdropping.
Therefore, between two VMs, the security model is presented. The necessary
computational power to encrypt and decrypt migrated data can help to delay the process
of migration. Based on this it is possible to increase the time required to migrate the
same data, which has an effect on increasing the required amount of energy. Figure 8
shows the attributes of security level with existing and proposed methods.
Fig. 8. Attributes of security
9. Conclusions and Future work
In this paper, a security model including a lightweight encryption algorithm,
authentication mechanism, and secure key transferring method is proposed. The
purpose of presenting this method is protecting the data transferred through VM
migration in cloud computing environment. Using a lightweight encryption
algorithm can assist in consuming less amount of the system energy comparing to
system under attack. Moreover, some of the proposed security techniques may
require providing dedicated network or extra hardware. However, using lightweight
encryption can avoid these extra requirements that can consume more energy. In
addition, the proposed lightweight is supported by a blind signature mechanism to
provide more authentications to the proposed model and secure key exchange
method. Finally, it has been proven that migration downtime and total time can be
affected by algorithm complexity and the size of the migrated data. By experiment,
the lightweight encryption can consume extra time to migrate the data, but it
considers accepted comparing if the system exposes to attack.
In future, advanced securely key exchange and authentication mechanisms has been
used to face security vulnerabilities over live VM migration.
2646 S. K. Abd et al.
Journal of Engineering Science and Technology June 2021, Vol. 16(3)
Nomenclatures
(a) & (b)
Private keys
A
Public key
A’
Signed A
Bm
Maximum bandwidth
Bp
Migration bandwidth
k
Total iteration
M
Migrated data
M’
Signed M
N
Public modulus
N
Total VM pages number
Ni
Pages number that migrated in i-th round of the pre-copy phase
p
Prime number
P
m
Total power consumed by the data centre through migration
process
Ps
Power consumed in case of suggested security system applied
Pt
Attack system performance
Pt
Power consumed in case of system attacked
Pu
Power utilization
Pu
Total power consumed by cloud physical equipment
Pus
Power utilization in case of security system
Put
Power utilization in case system attack
r
Random value
S’
Result of A' b mod N
t
Attack time
Td
Migration downtime
Tt
Total migration time
Vd
VM destination
VM(a)
Malicious in VM
V
s
VM source
Abbreviations
ACL
Access control list
AES
Advance encryption standard
ARP
Address resolution protocol
CAN
Campus area network
CoM
Component Object Model
CPU
Central processing unit
DDoS
Distributed denial of service
DHKE
Diffie-Helman key exchange
DNS
Domain name system
DoS
Denial of service
EC
Execution context
HM
Host machine
IDS
Intrusion detection system
IPSec
Internet protocol security
LAN
Local area network
LMC
Live migration coordination
MAN
Metropolitan area network
MITM
Man in the middle attack
NSE-
VMM
Network security engine-hypervisor approach
OS
Operating system
Technique to Protect Live Virtual Machine Migration in Cloud Computing . . . . 2647
Journal of Engineering Science and Technology June 2021, Vol. 16(3)
PM
Physical machine
PTTA
Platform trust assurance authority
RAM
Random access memory
RFID
Radio frequency identification
RSA
Ron Rivest, Adi Shamir, and Leonard Adleman
SC
Security context
SCMA
SC migration agent
SSL
Secure socket layer
TAL
Trust assurance level
TCSL
Trusted cloud security level
TPM
Trusted platform module
TT
Trusted token
VLAN
Virtual local aera network
VM
Virtual machine
VMM
Virtual machine migration
vPro
Validated platform
WAN
Wide area network
References
1. Upadhyay, A.; and Lakkadwala, P. (2014). Secure live migration of VM’ s in
cloud computing: A survey. Proceeding of the 3rd International Conference
on Reliability, Infocom Technologies and Optimization. Noida, India.
2. Moghaddam, F.F.; Ahmadi, M.; Sarvari, S.; Eslami, M.; and Golkar, A.
(2015). Cloud computing challenges and opportunities: A survey. Proceeding
of the First International Conference on Telematics and Future Generation
Network. Kuala Lumpur, Malaysia.
3. Negru, C.; Pop, F.; Cristea, V.; Bessisy, N.; and Li, J. (2013). Energy efficient
cloud storage service: Key issues and challenges. Proceeding of the 4th
International Conference on Emerging Intelligent Data and Web
Technologies. Xi’an, China. 763-766.
4. Rastogi, G.; and Shushil, R. (2015). Analytical Literature survey on existing
load balancing schemes in cloud computing. Proceeding of the First
International Conference on Green Computing and Internet of Things. Greater
Noida, India. 1506-1510.
5. Hongyou, L.; Jiangyong, W.; Jian, P.; Junfeng, W.; and Tang, L. (2013).
Energy-aware scheduling scheme using workload-aware consolidation
technique in cloud data centres. China Communication, 10(12), 114-124.
6. Perreas, G.; and Lampsas, P. (2014). A centralized architecture for energy-
efficient job management in data centers. Proceeding of the Fifth International
Conference on Cloud Computing, GRIDs, and Virtualization. Venice, Italy.
44-48.
7. Dhanoa, I.S.; and Khurni, S.S. (2014). Energy-efficient virtual machine live
migration in cloud data centers. International Journal Computer Science and
Technology 5(1), 43-47.
8. Ding, Y.; Qin, X.; Liu, L.; and Wang, T. (2015). Energy efficient scheduling
of virtual machines in cloud with deadline constraint. Future Generation
Computer System, 50, 62-74.
9. Jain, L.C.; Patnaik, S.; and Ichalkaranje, N. (2015). Intelligent computing,
communication and devices. Switzerland: Springer.
2648 S. K. Abd et al.
Journal of Engineering Science and Technology June 2021, Vol. 16(3)
10. Liaqat, M.; Ninoriya, S.; Shuja, J.; Ahmad, R.W.; and Gani, A. (2016). Virtual
machine migration enabled cloud resource management: A challenging task.
arXiv, 1601.03854, 1-7.
11. Kaur, P. and Rani, A. (2014). Virtual machine migration in cloud computing.
International Journal of Grid Distribution Computing. 8(5), 337-342.
12. Motru, V.R.; Raja, P.V.K.; Kote, A.; Rao, G.N.; and Duvvuru, R. (2015). A
guideline for virtual machine migration algorithm in cloud computing
environment. International Journal of Computer Communication Engineering
Research. 3(5), 93-97.
13. Zhang, Q.; Wu, Y.; Huang, T.; and Zhu, Y. (2013). An intelligent anomaly
detection and reasoning scheme for VM live migration via cloud data mining.
Proceeding of 25th International Conference on Tools with Artificial
Intelligent. Washington DC, USA. 412-419.
14. Shirazi, N.H.; Simpson, S.; Marnerides, A.K.; Watson, M.; Mauthe, A.; and
Hutchison, D. (2014). Assessing the impact of intra-cloud live migration on
anomaly detection. Proceeding of the 3rd International Conference on Cloud
Networking, Luxembourg. 52-57.
15. Ali, M.; Khan, S.U.; and Vasilakos, A.V. (2015). Security in cloud computing:
Opportunities and challenges. Information Science. 305, 357-383.
16. Barjatiya, S.; and Saripalli, P. (2012). BlueShield: A layer 2 appliance for
enhanced isolation and security hardening among multi-tenant cloud
workloads. Proceeding of the 5th International Conference on Utilities and
Cloud Computing. Washington DC, USA. 195-198.
17. Xianqin, C.; Han, W.; Sumei, W.; and Xiang, L. (2009). Seamless virtual
machine live migration on network security enhanced hypervisor. Proceeding
of Second International Conference on Broadband Network and Multimedia
Technology. Beijing, China. 847-853.
18. Kadam, R.R.; and Bangare, M. (2014). A survey on security issues and
solutions in live virtual machine migration. International Journal of Advance
Foundation and Research in Computer. 1(12), 131-137.
19. Sammy, K.; Shengbing, R.; and Wilson, C. (2012). Energy efficient security
preserving VM live migration in data for cloud computing. International
Journal of Computer Sciences. 9(3), 33-39.
20. Petroulakis, N.E.; Tragos, E.Z.; and Askoxylakis, I.G. (2012). An
experimental investigation on energy consumption for secure life-logging in
smart environments. Proceeding of 17th International Workshop on Computer
Aided Modeling and Design of Communication links and Networks. Barcelona,
Spain. 292-296.
21. Bidkar, K.N. (2015). Energy analysis of algorithms in public key cryptography
of WSN. International Journal of Advance Research in Computer Science and
Management Studies. 3(3), 190-197.
22. Masram, R.; Shahare, V.; Abraham, J.; and Moona, R. (2014). Analysis and
comparison of symmetric key cryptographic algorithms based on various file
features. International Journal of Network Security and its Applications.
6(4), 43-52.
23. Zegers, W.; Chang, S.Y.; Park, Y.; and Gao, J. (2015). A lightweight
encryption and secure protocol for smartphone cloud, Proceeding of
Technique to Protect Live Virtual Machine Migration in Cloud Computing . . . . 2649
Journal of Engineering Science and Technology June 2021, Vol. 16(3)
Symposium on Service-Oriented System Engineering. California, San
Francisco, USA. 259-266.
24. Ojha, S.K.; Kumar, N.; Jain, K.; and Sangeeta. (2009). TWIS-A lightweight
block cipher. Proceeding of 5th International Conference on Information
System Security. Kolkata, India. 280-291.
25. Liu, H.; and He, B. (2015). VMbuddies: Coordinating live migration of multi-
tier applications in cloud environments. IEEE Transactions on Parallel
Distribution Systems. 26(4), 1192-1205.
26. Huang, T.; Zhu, Y.; Wu, Y.; Bressan, S.; and Dobbie, G. (2016). Anomaly
detection and identification scheme for VM live migration in cloud
infrastructure. Future Generation Computer Systems. 56, 736-745.
27. Zhang, F.; and Chen, H. (2013). Security-preserving live migration of virtual
machines in the cloud. Journal of Network and System Management. 21, 562-587.
28. Rehman, A.; Alqahtani, S.; Altameem, A.; and Saba, T. (2014). Virtual
machine security challenges: Case studies. International Journal of Machine
Learning and Cybernetics. 5, 729-742.
29. Oberheide, J.; Cooke, E.; and Jahanian, F. (2008). Empirical exploitation of
live migration of virtual machines. Proceeding of Black Hat DC. 2168-7161.
30. Xia, Y.; Liu, Y.; Chen, H.; and Zang, B. (2012). Defending against VM
rollback attack. Proceeding of Third International Conference on
Dependeable Systems and Networks Workshops. Boston, USA. 1-5.
31. Studnia, I.; Alata, E.; Deswarte, Y.; Kaâniche, M.; and Nicomette, V. (2012).
Survey of security problems in cloud computing virtual machines. Computer
and Electronics Security Applications Rendez-vous. 61-74.
32. Ahmad, N.; Kanwal, A.; and Shibli, M.A. (2013). Survey on secure live virtual
machine (VM) migration in cloud. Proceeding of the Second National
Conference on Information Assurance. Rawalpindi, Pakistan. 101-106.
33. Suresh, N.R.; and Mathew, S.V. (2011). Security concerns for cloud
computing in aircraft data networks. Proceeding of the Third International
Conference for Internet Technology and Secured Transactions. Abu Dhabi,
United Arab Emirates. 132-136.
34. Anala, M.R.; Shetty, J.; and Shobha, G. (2013). A framework for secure live
migration of virtual machines. Proceeding of the First International
Conference on Advances in Computing, Communication and Informatics.
Mysore, India. 243-248.
35. Pitropakis, N.; Pikrakis, A.; and Lambrinoudakis, C. (2014). Behaviour
reflects personality: Detecting co-residence attacks on xen-based cloud
environments. International Journal of Information Security. 14, 299-305.
36. Bates, A.; Mood, B.; Pletcher, J.; Pruse, H.; Valafar, M.; and Butler, K. (2014).
On detecting co-resident cloud instances using network flow watermarking
techniques. International Journal of Information Security. 13, 171-189.
37. Jin, H.; Xiang, G.; Zou, D.; Wu, S.; Zhao, F.; Li, M.; and Zheng, W. (2013).
A VMM-based intrusion prevention system in cloud computing environment,
Journal of Supercomputing. 66, 1133-1151.
2650 S. K. Abd et al.
Journal of Engineering Science and Technology June 2021, Vol. 16(3)
38. Ahmad, R.W.; Gani, A.; Hamid, S.H.A.; Shiraz, M.; Xia, F.; and Madani, S.A.
(2015). Virtual machine migration in cloud data centers: A review, taxonomy,
and open research issues. Journal of Supercomputing. 71, 2473-2515.
39. Breitgand, D.; Dubitzky, Z.; Epstein, A.; Feder, O.; Glikson, A.; Shapira, I.;
and Toffetti, G. (2014). An adaptive utilization accelerator for virtualized
environments. Proceeding of the Second International Conference on Cloud
Computing. Boston, MA, USA. 165-174.
40. Fernandes, D.A.B.; Soares, L.F.B.; Gomes, J.V.; Freire, M.M.; and Inácio,
P.R.M. (2014). Security issues in cloud environments: A survey. International
Journal of Information Security. 13, 113-170.
41. Hatem, S.S.; Wafy, M.H.; and El-Khouly, M.M. (2014). Malware detection in
cloud computing. International Journal of Advanced Computer Science and
Application. 5(4), 187-192.
42. Yan, Q.; and Yu, F.R. (2015). Distributed denial of service attacks in
software-defined networking with cloud computing. IEEE Communication
Magazine. 53(4), 52-59.
43. Sulaiman, N.A.; and Masuda, H. (2014). Evaluation of a secure live migration of
virtual machines using Ipsec implementation. Proceeding of the Third International
Conference on Advanced Applied Informatics. Kokura, Japan. 687-693.
44. Duncan A.; Creese S.; Goldsmith M.; and Quinton J.S. (2013). Cloud
computing: Insider attacks on virtual machines during migration. 2013 12th
IEEE International Conference on Trust, Security and Privacy in Computing
and Communications n., 493-500.
45. Denz, R.; and Taylor, S. (2013). A survey on securing the virtual cloud.
Journal of Cloud Computing: Advances Systems and Applications, 2,
17(2013), 1-9.
46. Liang, X.; Jiang, R.; and Kong, H. (2013). Secure and reliable VM-vTPM
migration in private cloud. Proceeding of the Second International Symposium
on Instrumentation and Measurement, Sensor Network and Automation.
Toronto, ON, Canada. 510-514.
47. Fan, P.; Zhao, B.; Shi, Y.; Chen, Z.; Ni, M. (2015). An improved vTPM-VM live
migration protocol. Wuhan University Journal of Natural Science. 20, 512-520.
48. Nagin, K.; Hadas, D.; Dubitzky, Z.; Glikson, A.; Loy, I.; Rochwerger, B.; and
Schour, L. (2011). Inter-cloud mobility of virtual machines. Proceeding of the
4th Annual Conference on System and Storage. Haifa, Israel. 1-12.
49. Chen, Y.; Shen, Q.; Sun, P.; Li, Y.; Chen, Z.; and Qing, S. (2012). Reliable migration
module in trusted cloud based on security level - design and implementation.
Proceeding of the 28th International Parallel and Distributed Processing
Symposium Workshops and PhD Forum. Shanghai, China. 2230-2236.
50. Patil, V.P.; and Patil, G.A.(2012). Migrating process and virtual machine in
the cloud: Load balancing and security perspectives. International Journal of
Advanced Computer Science and Information Technology. 1(1), 11-19.
51. Aslam, M.; Gehrmann, C.; and Bjorkman, M. (2012). Security and trust
preserving VM migrations in public clouds. Proceeding of the 11th
International Conference on Trust, Security and Privacy in Computing and
Communication. Liverpool, UK. 869-876.
Technique to Protect Live Virtual Machine Migration in Cloud Computing . . . . 2651
Journal of Engineering Science and Technology June 2021, Vol. 16(3)
52. Hu, Y.; Panhale, S.; Li, T.; Kaynar, E.; Chan, D.; Deshpande, U.; Yang, P.;
and Gopalan, K. (2015). Performance analysis of encryption in securing the
live migration of virtual machines. Proceeding of the 8th International
Conference on Cloud Computing. New York, USA.
53. Han, Y. ; Chan, J.; Alpcan, T.; and Leckie, C. (2014). Virtual machine allocation
policies against co-resident attacks in cloud computing. Proceeding of the 27th
International Conference on Communication. Sydney, Australia. 786-792.
54. Khader, A.S.; and Lai, D. (2015). Preventing man-in-the-middle attack in
Diffie-Hellman key exchange protocol. Proceeding of the 22nd International
Conference on Telecommunication. Sydney, Australia. 204-208.
