PALM: Security Preserving VM Live Migration for Systems with VMM-enforced Protection
Live migration of virtual machine (VM) is a desirable feature for distributed computing such as Grid Computing and recent Cloud Computing by facilitating fault tolerance, load balance, and hardware maintenance. Virtual Machine Monitor (VMM) enforced process protection is a newly advocated approach to provide a trustworthy execution environment for processes running on commodity operating systems.While VMM-enforced protection systems extend protection to the processes in the virtual machine (VM), it also breaks the mobility of VMs since a VM is more closely bound to the VMM. Furthermore, several security vulnerabilities exists in migration, especially live migration of such systems that may degrade the protection strength or even break the protection.In this paper, we propose a secure migration system that provides live migration capability to VMs in VMM-enforced process protection systems, while not degrading the protection level. We implemented a prototype system base on Xen and GNU Linux to evaluate the design. The results shows that no serious performance degradation is incurred comparing to Xen live migration system.
Fengzhe Zhang Yijian Huang Huihong Wang Haibo Chen Binyu Zang
Parallel Processing Institute Fudan University
国际会议
Third Asia-Pacific Trusted Infrastructure Technologies Conference(第三届亚太地区可信基础架构技术大会)(APTC 2008)
武汉
英文
9-18
2008-10-14(万方平台首次上网日期,不代表论文的发表时间)