Asee peer logo

A Pilot Study on VM Template Authentication

Download Paper |

Conference

2015 ASEE Annual Conference & Exposition

Location

Seattle, Washington

Publication Date

June 14, 2015

Start Date

June 14, 2015

End Date

June 17, 2015

ISBN

978-0-692-50180-1

ISSN

2153-5965

Conference Session

Emerging Computing and Information Technologies I

Tagged Division

Computing & Information Technology

Tagged Topic

Diversity

Page Count

16

Page Numbers

26.82.1 - 26.82.16

DOI

10.18260/p.23423

Permanent URL

https://peer.asee.org/23423

Download Count

746

Paper Authors

biography

Forough Sheikh-Ansari Purdue University

visit author page

Forough Sheikh Ansari is currently a Masters student at the Department of Computer and Information Technology in the Purdue University, West Lafayette, IN.
Her research area is mainly on the controllability of the complex networks, and application of big data and cloud computing.

visit author page

biography

Baijian Yang Purdue University, West Lafayette

visit author page

Dr. Baijian Yang received his Ph.D. in Computer Science from Michigan State University in 2002. He is currently an Associate Professor at Department of Computer and information Technology, Purdue University. His research interests in includes Cybersecurity education, Security visualization, and applied security in SDN/NFV networks, Fog networks, and IoT. In addition, he has published two books on Windows Phone programming.

visit author page

Download Paper |

Abstract

A Pilot Study on VM Template AuthenticationSecurity is the top concerns when moving IT infrastructure and the business data to thecloud environment. Three common service models defined by NIST are Infrastructure Asa Service (IaaS), Platform As a Service (PaaS), and Software As a Service (SaaS). Thiswork focuses on the authenticity and integrity of virtual machine templates in IaaSenvironment. The research question is significant because virtual machines are oftencloned from the templates to provide rapid deployment for customers. As a result, anyattacks on the VM template can be catastrophic.So how do we prove the authenticity of the VM template and how do we protect VMtemplate from being manipulated? If cryptophytic approach is applied, how long will ittake to authenticate VM templates? This work will first study related work and propose acryptography based solution to authenticate VM templates. A few real virtual machinetemplates of different sizes will be tested to measure the performance of differentapproaches. The results will demonstrate if cryptographically based solution is practicaland if so what approach is likely produce better results. From practical point of view, thisstudy will provide insights and benefits for both the cloud consumers and the cloudproviders.In this article, the following key concepts will be visited:  Accessibility and visibility of different layers of cloud service models.  VM template authentication techniques o VM template authentication using Digital Signature o VM template authentication using cryptographic hash functions o VM template authentication using Message Authentication Code (MAC)  Cryptographic architecture of Amazon EC2  Proposed PKI based VM template authentication o Experiments and results o Conclusions and recommendationsIn short, VM Template validation is an important task to secure virtual machinedeployment in the cloud environment. Existing cryptography based approaches will bereviewed and a new approach will be proposed and evaluated to gain better understandingof the performance the complications of VM template authentication techniques.References:Following articles/sites will be reviewed:[1] Final Version of NIST Cloud Computing Definition Published. Retrieved on April 20, 2014 from http://www.nist.gov/itl/csd/cloud-102511.cfm.[2] P. Mell and T. Grance, The NIST definition of cloud computing (NIST SP 800-145), National Institute of Standards and Technology, U.S. Department of Commerce (2011). Retrieved from http://csrc.nist. gov/publications/nistpubs/800-145/SP800- 145.pdf[3] Chandramouli, R., Iorga, M., & Chokhani, S. (2014). Cryptographic Key Management Issues and Challenges in Cloud Services (pp. 1-30). Springer New York.[4] Liu, F., Tong, J., Mao, J., Bohn, R., Messina, J., Badger, L., & Leaf, D. (2011). NIST cloud computing reference architecture. NIST Special Publication, 500, 292.[5] Grobauer, B., Walloschek, T., & Stocker, E. (2011). Understanding cloud computing vulnerabilities. Security & privacy, IEEE, 9(2), 50-57.[6] Di Costanzo, A., De Assuncao, M. D., & Buyya, R. (2009). Harnessing cloud technologies for a virt ualized distributed computing infrastructure. Internet Computing, IEEE, 13(5), 24-33.[7] Amazon-Elastic-Compute-Cloud-Amazon-EC2. Retrieved on April 22, 2014 from http://searchaws.techtarget.com/definition/Amazon-Elastic-Compute-Cloud-Amazon- EC2[8] Amazon EC2. Retrieved on April 22, 2014 from http://aws.amazon.com/ec2/[9] The Top 20 Infrastructure as a Service (IaaS) Vendors. Retrieved on April 22, 2014 from http://www.clouds360.com/iaas.php[10] Amazon Elastic Compute Cloud. Retrieved on April 22, 2014 from http://en.wikipedia.org/wiki/Amazon_ec2[11] George Reese. (2008). Key Security Issues for the Amazon Cloud. Retrieved on April 22, 2014 from http://broadcast.oreilly.com/2008/11/key-security-issues-for-the- am.html[12] Stephen Akiki. Getting the SHA-1 (or MD5) hash of a directory. Retrieved on April 25, 2014 from http://akiscode.com/getarticle.php?id

Sheikh-Ansari, F., & Yang, B. (2015, June), A Pilot Study on VM Template Authentication Paper presented at 2015 ASEE Annual Conference & Exposition, Seattle, Washington. 10.18260/p.23423

ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2015 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015