icccnt16_final_draft.pdf (333.6 kB)
Download file

Exploring the firewall security consistency in cloud computing during live migration

Download (333.6 kB)
conference contribution
posted on 13.01.2017, 14:53 by Shadha Al-Amri, Lin GuanLin Guan
Virtualization technology adds great opportunities and challenges to the cloud computing paradigm. Resource management can be efficiently enhanced by employing Live Virtual Machine Migration (LVMM) techniques. Based on the literature of LVMM implementation in the virtualization environment, middle-boxes such as firewalls do not work effectively after LVMM as it introduces dynamic changes in network status and traffic, which may lead to critical security vulnerabilities. One key security hole is that the security context of the firewall do not move with the Virtual Machine after LVMM is triggered. This leads to inconsistency in the firewall level of protection of the migrated Virtual Machine. There is a lack in the literature of practical studies that address this problem in cloud computing platform. This paper demonstrates a practical analysis using OpenStack testbed to study the firewalls limitations in protecting virtual machines after LVMM. Two network scenarios are used to evaluate this problem. The results show that the security context problem does not exist in the stateless firewall but can exist in the stateful firewall.

History

School

  • Science

Department

  • Computer Science

Published in

International Conference on Computing Communication and Networking Technologies

Issue

7th

Citation

AL-AMRI, S.M. and GUAN, L., 2016. Exploring the firewall security consistency in cloud computing during live migration. In: ICCCNT '16 Proceedings of the 7th International Conference on Computing Communication and Networking Technologies Article No. 40. Dallas, TX, USA — July 06 - 08, 2016

Publisher

ACM

Version

AM (Accepted Manuscript)

Rights holder

© ACM

Publisher statement

© ACM 2016. This is the author's version of the work. It is posted here for your personal use. Not for redistribution.

Acceptance date

20/05/2016

Publication date

2016

Notes

© 2016. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in ICCCNT '16 Proceedings of the 7th International Conference on Computing Communication and Networking Technologies, http://dx.doi.org/10.1145/2967878.2967922

Language

en

Location

Dallas-USA