Login | Register

Towards Migrating Security Policies along with Virtual Machines in Cloud


Towards Migrating Security Policies along with Virtual Machines in Cloud

Sadri, Sahba (2013) Towards Migrating Security Policies along with Virtual Machines in Cloud. Masters thesis, Concordia University.

[thumbnail of Sadri_MASc_S2014.pdf]
Text (application/pdf)
Sadri_MASc_S2014.pdf - Accepted Version


Multi-tenancy and elasticity are important characteristics of every cloud. Multi-tenancy can be economical; however, it raises some security concerns. For example, contender companies may have Virtual Machines (VM) on the same server and have access to the same resources. There is always the possibility that one of them tries to get access to the opponent's data. In order to address these concerns, each tenant in the cloud should be secured separately and firewalls are one of the means that can help in that regard. Firewalls also protect virtual machines from the outside threats using access control lists and policies. On the other hand, virtual machines migrate frequently in an elastic cloud and this raises another apprehension about what happens to the security policies that are associated with the migrated virtual machine.
In this thesis, we primarily contribute by proposing a novel framework that coordinates the mobility of the associated security policies along with the virtual machine in Software-Defined Networks (SDN). We then design and develop a prototype application called Migration Application (MigApp), based on our framework that moves security policies and coordinates virtual machine and security policy migration. MigApp runs on top of SDN controllers and uses a distributed messaging system in order to interact with virtual machine monitor and other MigApp instances. We integrate MigApp with Floodlight controller and evaluate our work through simulations.
In addition, we prepare a test-bed for security testing in clouds that are based on traditional networks. We focus on virtual machine migration and use open-source utilities to equip this test-bed. We design an architecture based on GNS3 network emulator in order to provide a distributed testing environment. We then propose a virtual machine migration framework on Oracle VirtualBox; and finally, we enrich the security aspect of framework by adding firewall rule migration and security verification mechanisms into it.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:Sadri, Sahba
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Information Systems Security
Date:20 December 2013
Thesis Supervisor(s):Debbabi, Mourad and Wang, Lingyu
ID Code:978154
Deposited By: SAHBA SADRI
Deposited On:19 Jun 2014 17:05
Last Modified:18 Jan 2018 17:46
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top