A Pilot Study on VM Template Authentication

Forough Sheikh-Ansari; Baijian Yang

Download Paper | Permalink

Conference: 2015 ASEE Annual Conference & Exposition
Location: Seattle, Washington
Publication Date: June 14, 2015
Start Date: June 14, 2015
End Date: June 17, 2015
ISBN: 978-0-692-50180-1
ISSN: 2153-5965
Conference Session: Emerging Computing and Information Technologies I
Tagged Division: Computing & Information Technology
Tagged Topic: Diversity
Page Count: 16
Page Numbers: 26.82.1 - 26.82.16
DOI: 10.18260/p.23423
Permanent URL: https://peer.asee.org/23423
Download Count: 746

Paper Authors

biography

Forough Sheikh-Ansari Purdue University

visit author page

Forough Sheikh Ansari is currently a Masters student at the Department of Computer and Information Technology in the Purdue University, West Lafayette, IN.
Her research area is mainly on the controllability of the complex networks, and application of big data and cloud computing.

visit author page

biography

Baijian Yang Purdue University, West Lafayette

visit author page

Dr. Baijian Yang received his Ph.D. in Computer Science from Michigan State University in 2002. He is currently an Associate Professor at Department of Computer and information Technology, Purdue University. His research interests in includes Cybersecurity education, Security visualization, and applied security in SDN/NFV networks, Fog networks, and IoT. In addition, he has published two books on Windows Phone programming.

visit author page

Download Paper | Permalink

Abstract

A Pilot Study on VM Template AuthenticationSecurity is the top concerns when moving IT infrastructure and the business data to thecloud environment. Three common service models defined by NIST are Infrastructure Asa Service (IaaS), Platform As a Service (PaaS), and Software As a Service (SaaS). Thiswork focuses on the authenticity and integrity of virtual machine templates in IaaSenvironment. The research question is significant because virtual machines are oftencloned from the templates to provide rapid deployment for customers. As a result, anyattacks on the VM template can be catastrophic.So how do we prove the authenticity of the VM template and how do we protect VMtemplate from being manipulated? If cryptophytic approach is applied, how long will ittake to authenticate VM templates? This work will first study related work and propose acryptography based solution to authenticate VM templates. A few real virtual machinetemplates of different sizes will be tested to measure the performance of differentapproaches. The results will demonstrate if cryptographically based solution is practicaland if so what approach is likely produce better results. From practical point of view, thisstudy will provide insights and benefits for both the cloud consumers and the cloudproviders.In this article, the following key concepts will be visited:  Accessibility and visibility of different layers of cloud service models.  VM template authentication techniques o VM template authentication using Digital Signature o VM template authentication using cryptographic hash functions o VM template authentication using Message Authentication Code (MAC)  Cryptographic architecture of Amazon EC2  Proposed PKI based VM template authentication o Experiments and results o Conclusions and recommendationsIn short, VM Template validation is an important task to secure virtual machinedeployment in the cloud environment. Existing cryptography based approaches will bereviewed and a new approach will be proposed and evaluated to gain better understandingof the performance the complications of VM template authentication techniques.References:Following articles/sites will be reviewed:[1] Final Version of NIST Cloud Computing Definition Published. Retrieved on April 20, 2014 from http://www.nist.gov/itl/csd/cloud-102511.cfm.[2] P. Mell and T. Grance, The NIST definition of cloud computing (NIST SP 800-145), National Institute of Standards and Technology, U.S. Department of Commerce (2011). Retrieved from http://csrc.nist. gov/publications/nistpubs/800-145/SP800- 145.pdf[3] Chandramouli, R., Iorga, M., & Chokhani, S. (2014). Cryptographic Key Management Issues and Challenges in Cloud Services (pp. 1-30). Springer New York.[4] Liu, F., Tong, J., Mao, J., Bohn, R., Messina, J., Badger, L., & Leaf, D. (2011). NIST cloud computing reference architecture. NIST Special Publication, 500, 292.[5] Grobauer, B., Walloschek, T., & Stocker, E. (2011). Understanding cloud computing vulnerabilities. Security & privacy, IEEE, 9(2), 50-57.[6] Di Costanzo, A., De Assuncao, M. D., & Buyya, R. (2009). Harnessing cloud technologies for a virt ualized distributed computing infrastructure. Internet Computing, IEEE, 13(5), 24-33.[7] Amazon-Elastic-Compute-Cloud-Amazon-EC2. Retrieved on April 22, 2014 from http://searchaws.techtarget.com/definition/Amazon-Elastic-Compute-Cloud-Amazon- EC2[8] Amazon EC2. Retrieved on April 22, 2014 from http://aws.amazon.com/ec2/[9] The Top 20 Infrastructure as a Service (IaaS) Vendors. Retrieved on April 22, 2014 from http://www.clouds360.com/iaas.php[10] Amazon Elastic Compute Cloud. Retrieved on April 22, 2014 from http://en.wikipedia.org/wiki/Amazon_ec2[11] George Reese. (2008). Key Security Issues for the Amazon Cloud. Retrieved on April 22, 2014 from http://broadcast.oreilly.com/2008/11/key-security-issues-for-the- am.html[12] Stephen Akiki. Getting the SHA-1 (or MD5) hash of a directory. Retrieved on April 25, 2014 from http://akiscode.com/getarticle.php?id

Citation
Format

Sheikh-Ansari, F., & Yang, B. (2015, June), A Pilot Study on VM Template Authentication Paper presented at 2015 ASEE Annual Conference & Exposition, Seattle, Washington. 10.18260/p.23423

TY - CPAPER
AB - A Pilot Study on VM Template AuthenticationSecurity is the top concerns when moving IT infrastructure and the business data to thecloud environment. Three common service models defined by NIST are Infrastructure Asa Service (IaaS), Platform As a Service (PaaS), and Software As a Service (SaaS). Thiswork focuses on the authenticity and integrity of virtual machine templates in IaaSenvironment. The research question is significant because virtual machines are oftencloned from the templates to provide rapid deployment for customers. As a result, anyattacks on the VM template can be catastrophic.So how do we prove the authenticity of the VM template and how do we protect VMtemplate from being manipulated? If cryptophytic approach is applied, how long will ittake to authenticate VM templates? This work will first study related work and propose acryptography based solution to authenticate VM templates. A few real virtual machinetemplates of different sizes will be tested to measure the performance of differentapproaches. The results will demonstrate if cryptographically based solution is practicaland if so what approach is likely produce better results. From practical point of view, thisstudy will provide insights and benefits for both the cloud consumers and the cloudproviders.In this article, the following key concepts will be visited:  Accessibility and visibility of different layers of cloud service models.  VM template authentication techniques o VM template authentication using Digital Signature o VM template authentication using cryptographic hash functions o VM template authentication using Message Authentication Code (MAC)  Cryptographic architecture of Amazon EC2  Proposed PKI based VM template authentication o Experiments and results o Conclusions and recommendationsIn short, VM Template validation is an important task to secure virtual machinedeployment in the cloud environment. Existing cryptography based approaches will bereviewed and a new approach will be proposed and evaluated to gain better understandingof the performance the complications of VM template authentication techniques.References:Following articles/sites will be reviewed:[1] Final Version of NIST Cloud Computing Definition Published. Retrieved on April 20, 2014 from http://www.nist.gov/itl/csd/cloud-102511.cfm.[2] P. Mell and T. Grance, The NIST definition of cloud computing (NIST SP 800-145), National Institute of Standards and Technology, U.S. Department of Commerce (2011). Retrieved from http://csrc.nist. gov/publications/nistpubs/800-145/SP800- 145.pdf[3] Chandramouli, R., Iorga, M., &amp; Chokhani, S. (2014). Cryptographic Key Management Issues and Challenges in Cloud Services (pp. 1-30). Springer New York.[4] Liu, F., Tong, J., Mao, J., Bohn, R., Messina, J., Badger, L., &amp; Leaf, D. (2011). NIST cloud computing reference architecture. NIST Special Publication, 500, 292.[5] Grobauer, B., Walloschek, T., &amp; Stocker, E. (2011). Understanding cloud computing vulnerabilities. Security &amp; privacy, IEEE, 9(2), 50-57.[6] Di Costanzo, A., De Assuncao, M. D., &amp; Buyya, R. (2009). Harnessing cloud technologies for a virt ualized distributed computing infrastructure. Internet Computing, IEEE, 13(5), 24-33.[7] Amazon-Elastic-Compute-Cloud-Amazon-EC2. Retrieved on April 22, 2014 from http://searchaws.techtarget.com/definition/Amazon-Elastic-Compute-Cloud-Amazon- EC2[8] Amazon EC2. Retrieved on April 22, 2014 from http://aws.amazon.com/ec2/[9] The Top 20 Infrastructure as a Service (IaaS) Vendors. Retrieved on April 22, 2014 from http://www.clouds360.com/iaas.php[10] Amazon Elastic Compute Cloud. Retrieved on April 22, 2014 from http://en.wikipedia.org/wiki/Amazon_ec2[11] George Reese. (2008). Key Security Issues for the Amazon Cloud. Retrieved on April 22, 2014 from http://broadcast.oreilly.com/2008/11/key-security-issues-for-the- am.html[12] Stephen Akiki. Getting the SHA-1 (or MD5) hash of a directory. Retrieved on April 25, 2014 from http://akiscode.com/getarticle.php?id
AU - Forough Sheikh-Ansari
AU - Baijian Yang
CY - Seattle, Washington
DA - 2015/06/14
PB - ASEE Conferences
TI - A Pilot Study on VM Template Authentication
UR - https://peer.asee.org/23423
DO - 10.18260/p.23423
ER -