Discover and Secure (DaS): An Automated Virtual Machine Security Management Framework

Cloud computing is very appealing for its convenient central management, the elasticity of resource provisioning and its economic benefits. Undoubtedly, the non-transparent nature of the Cloud infrastructure introduces significant security concerns. Naively, Virtual Machine (VM) migration can weaken or even nullify the security protection on a VM. Attackers compromise such vulnerable hosts and can either take control over their resources or use them as a channel for future attacks. To overcome the hidden security risk, this paper proposes Discover and Secure (DaS) framework for automated VM security management. This framework accomplishes two qualities: 1) to discover whether the VM is an inadvertent security victim 2) to secure the VM and the mission-critical applications running inside them. Modules in this framework detect, extract and measures the new identifiers assigned to the VM. Comparing the new identifiers to the reference table containing the old measured identifier values, verifies the identifier/s status. Transformed identifiers are perceived and replaced with new valid ones, hence, restoring the nullified security. This framework is implemented as VM-Internal security, self-supplied by the user and VM-introspection security, host-supplied by the cloud provider. Experimental results show that DaS framework can armor the VM from obscured security problems and seal the hidden door against attackers.