icccnt16_final_draft.pdf (333.6 kB)
Download fileExploring the firewall security consistency in cloud computing during live migration
Virtualization technology adds great opportunities and challenges to the cloud computing paradigm. Resource management
can be efficiently enhanced by employing Live Virtual Machine Migration (LVMM) techniques. Based on the literature
of LVMM implementation in the virtualization environment, middle-boxes such as firewalls do not work effectively after LVMM as it introduces dynamic changes in network status and traffic, which may lead to critical security vulnerabilities. One key security hole is that the security context of the firewall do not move with the Virtual Machine
after LVMM is triggered. This leads to inconsistency in the firewall level of protection of the migrated Virtual Machine.
There is a lack in the literature of practical studies that address this problem in cloud computing platform. This paper demonstrates a practical analysis using OpenStack testbed to study the firewalls limitations in protecting virtual machines after LVMM. Two network scenarios are used
to evaluate this problem. The results show that the security context problem does not exist in the stateless firewall but can exist in the stateful firewall.
History
School
- Science
Department
- Computer Science
Published in
International Conference on Computing Communication and Networking TechnologiesIssue
7thCitation
AL-AMRI, S.M. and GUAN, L., 2016. Exploring the firewall security consistency in cloud computing during live migration. In: ICCCNT '16 Proceedings of the 7th International Conference on Computing Communication and Networking Technologies Article No. 40. Dallas, TX, USA — July 06 - 08, 2016Publisher
ACMVersion
- AM (Accepted Manuscript)
Rights holder
© ACMPublisher statement
© ACM 2016. This is the author's version of the work. It is posted here for your personal use. Not for redistribution.Acceptance date
2016-05-20Publication date
2016Notes
© 2016. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in ICCCNT '16 Proceedings of the 7th International Conference on Computing Communication and Networking Technologies, http://dx.doi.org/10.1145/2967878.2967922Publisher version
Language
- en