Exploring the firewall security consistency in cloud computing during live migration
conference contributionposted on 2017-01-13, 14:53 authored by Shadha Al-Amri, Lin GuanLin Guan
Virtualization technology adds great opportunities and challenges to the cloud computing paradigm. Resource management can be efficiently enhanced by employing Live Virtual Machine Migration (LVMM) techniques. Based on the literature of LVMM implementation in the virtualization environment, middle-boxes such as firewalls do not work effectively after LVMM as it introduces dynamic changes in network status and traffic, which may lead to critical security vulnerabilities. One key security hole is that the security context of the firewall do not move with the Virtual Machine after LVMM is triggered. This leads to inconsistency in the firewall level of protection of the migrated Virtual Machine. There is a lack in the literature of practical studies that address this problem in cloud computing platform. This paper demonstrates a practical analysis using OpenStack testbed to study the firewalls limitations in protecting virtual machines after LVMM. Two network scenarios are used to evaluate this problem. The results show that the security context problem does not exist in the stateless firewall but can exist in the stateful firewall.
- Computer Science
Published inInternational Conference on Computing Communication and Networking Technologies
CitationAL-AMRI, S.M. and GUAN, L., 2016. Exploring the firewall security consistency in cloud computing during live migration. In: ICCCNT '16 Proceedings of the 7th International Conference on Computing Communication and Networking Technologies Article No. 40. Dallas, TX, USA — July 06 - 08, 2016
- AM (Accepted Manuscript)
Rights holder© ACM
Publisher statement© ACM 2016. This is the author's version of the work. It is posted here for your personal use. Not for redistribution.
Notes© 2016. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in ICCCNT '16 Proceedings of the 7th International Conference on Computing Communication and Networking Technologies, http://dx.doi.org/10.1145/2967878.2967922