Analysis of VM communication for VM-based cloud security systems

Cloud computing's seemingly limitless scalability lies in part, in the ability for cloud consumers to instantiate virtual resources when demand scales up, and terminate them when demand recedes. Cloud consumers access resources on-demand and with minimum upfront investments into the infrastruct...

Full description

Saved in:
Bibliographic Details
Published in2018 Fifth International Conference on Software Defined Systems (SDS) pp. 182 - 188
Main Authors Mthunzi, Siyakha N., Benkhelifa, Elhadj, Alsmirat, Mohammad A., Jararweh, Yaser
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.04.2018
Subjects
Cloud
Cloud computing
Inter-VM Communication
Memory management
Monitoring
Security
Sequencing
Sockets
Virtual machine monitors
Vulnerabilities
Online AccessGet full text

Cover

More Information
Summary:Cloud computing's seemingly limitless scalability lies in part, in the ability for cloud consumers to instantiate virtual resources when demand scales up, and terminate them when demand recedes. Cloud consumers access resources on-demand and with minimum upfront investments into the infrastructure, making cloud cost effective. Central to the cloud paradigm is a virtualization technology whose core is the virtual machine (VM). Hence, the communication capabilities of VMs, whether co-located or otherwise, is paramount, given the critical nature of high performance computing (HPCs) applications. For cloud users, poor VM communication among other things prolongs tenant tasks and VM lease time, ultimately increases costs. More interestingly, poor communication among VM introduces security vulnerabilities. Our analysis indicates that VM communication is mainly discussed from a performance perspective, e.g. quality of service, energy consumption, scheduling, live migration, etc. In contrast, security works are limited, and only focus on intrusion and anomaly detection, and integrity and trust logging. In this paper, we thus analyse Xen-based VM technologies communication. To the best of our knowledge, no paper offers a comprehensive analysis of VM communication from a security perspective. We propose and construct scenario-based hypothesis to extract interesting communication sequences. We achieve this by introducing trigger scenarios for each communication hypothesis. Our work shows that it is possible to extract VM communication sequences from trigger scenarios. This is significant as a formal method; as it enables the construction of model scenarios for VM communication, to aid in cloud computing implementations and VM-based systems design.
DOI:10.1109/SDS.2018.8370441