Update Checker: Increasing Virtual Machine Security in Cloud Environments

A common approach in Infrastructure-as-a-Service Clouds or virtualized Grid computing is to provide virtual machines to customers to execute their software on remote resources. Giving full superuser permissions to customers eases the installation and use of user software, but it may lead to security issues. The providers usually delegate the task of keeping virtual machines up to date to the customers, while the customers expect the providers to perform this task. Consequently, a large number of virtual machines (either running or dormant) are not patched against the latest software vulnerabilities. The approach presented in this article deals with these problems by helping users as well as providers to keep virtual machines up to date. Prior to the update step, it is crucial to know which software is actually outdated or affected by remote security vulnerabilities. While these tasks seem to be straight forward, developing a solution that handles multiple software repositories from different vendors and identifies the correct packages is a challenging task. The Update Checker presented in this article identifies outdated software packages in virtual machines, regardless if the virtual machine is running or dormant on disk. The proposed Online Penetration Suite performs pre-rollout scans of virtual machines for security vulnerabilities using established techniques and prevents execution of flawed virtual machines.

Download Full-text

Minimum Power Performance-Based Virtual Machine Consolidation Technique for Green Cloud Datacenters

International Journal of Green Computing ◽

10.4018/ijgc.2014010103 ◽

2014 ◽

Vol 5 (1) ◽

pp. 24-43 ◽

Cited By ~ 1

Author(s):

T.R.V. Anandharajan ◽

M.A. Bhagyaveni

Keyword(s):

Machine Learning ◽

Virtual Machine ◽

Virtual Machines ◽

Power Performance ◽

Statistical Machine Learning ◽

Infrastructure As A Service ◽

Processing Elements ◽

Minimum Power ◽

Virtual Machine Consolidation ◽

Better Than

Infrastructure as a Service is an important component in the cloud building block. The authors present a Cloud Simulation experience with an objective to handle the performance and energy tradeoff in an Infrastructure as a Service (IaaS) environment. The authors present the orchestration of statistical, machine learning and energy model based Minimum Power Performance (MPP) algorithm to validate simulation using PlanetLab VMs real world traces from real systems. Their proposed algorithm consolidates virtual machines (VMs) in the Processing Elements (PE or Host or Server) and is 39% better than the legacy algorithms.

Download Full-text

Dynamic Programming Inspired Virtual Machine Instances Allocation in Cloud Computing

Journal of Computational and Theoretical Nanoscience ◽

10.1166/jctn.2017.6362 ◽

2017 ◽

Vol 14 (1) ◽

pp. 551-560 ◽

Cited By ~ 3

Author(s):

P Karthikeyan ◽

M Chandrasekaran

Keyword(s):

Cloud Computing ◽

Dynamic Programming ◽

Virtual Machine ◽

Virtual Machines ◽

Cloud Provider ◽

Revenue Generation ◽

On Demand ◽

Allocation Method ◽

Cloud Environments ◽

Time And Space Complexity

Cloud computing provides virtual machines instances to the user for performing various computational tasks on demand for a specific period of time. Considering the architecture and characteristics of the cloud environments, traditional virtual machine instances allocation algorithms cannot be applied to the cloud environment appropriately. In this paper, we propose Dynamic programming inspired virtual machine instances allocation algorithm which allocates virtual machine instances to the user based on demand. The aim of this algorithm is to maximize the cloud provider’s revenue. We have mainly focused on the total revenue generation of the cloud provider and percentage of user served rather than focusing on running time and space complexity of the virtual machine instances allocation problem. We evaluate the proposed mechanism by performing simulations. The experimental results show that the proposed Dynamic programming inspired virtual machine instances allocation method provided a higher revenue generation for the cloud provider than traditional fixed price and combinatorial auction greedy virtual machine instances allocation method.

Download Full-text

Distance Aware VM allocation process to minimize energy consumption in cloud computing

Recent Patents on Computer Science ◽

10.2174/2213275912666191023143709 ◽

2019 ◽

Vol 12 ◽

Author(s):

Gurpreet Singh ◽

Manish Mahajan ◽

Rajni Mohana

Keyword(s):

Resource Allocation ◽

Cloud Computing ◽

Energy Consumption ◽

Virtual Machine ◽

Virtual Machines ◽

Research Work ◽

Service Level Agreement ◽

Service Level ◽

Physical Machine ◽

Allocation Process

BACKGROUND: Cloud computing is considered as an on-demand service resource with the applications towards data center on pay per user basis. For allocating the resources appropriately for the satisfaction of user needs, an effective and reliable resource allocation method is required. Because of the enhanced user demand, the allocation of resources has now considered as a complex and challenging task when a physical machine is overloaded, Virtual Machines share its load by utilizing the physical machine resources. Previous studies lack in energy consumption and time management while keeping the Virtual Machine at the different server in turned on state. AIM AND OBJECTIVE: The main aim of this research work is to propose an effective resource allocation scheme for allocating the Virtual Machine from an ad hoc sub server with Virtual Machines. EXECUTION MODEL: The execution of the research has been carried out into two sections, initially, the location of Virtual Machines and Physical Machine with the server has been taken place and subsequently, the cross-validation of allocation is addressed. For the sorting of Virtual Machines, Modified Best Fit Decreasing algorithm is used and Multi-Machine Job Scheduling is used while the placement process of jobs to an appropriate host. Artificial Neural Network as a classifier, has allocated jobs to the hosts. Measures, viz. Service Level Agreement violation and energy consumption are considered and fruitful results have been obtained with a 37.7 of reduction in energy consumption and 15% improvement in Service Level Agreement violation.

Download Full-text

A Defense Mechanism Based on Improved Allocation Strategy of VMs Co-Resident Attack in Power Cloud Platform

Recent Advances in Computer Science and Communications ◽

10.2174/2666255813666200311142532 ◽

2020 ◽

Vol 13 ◽

Author(s):

Yuancheng Li ◽

Pan Zhang ◽

Daoxing Li ◽

Jing Zeng

Keyword(s):

Virtual Machine ◽

Simulation Experiment ◽

Virtual Machines ◽

Defense Mechanism ◽

Security Threats ◽

Allocation Strategy ◽

Cloud Platform ◽

Deployment Strategy ◽

Dbscan Algorithm ◽

Maximum Minimum

Background: Cloud platform is widely used in electric power field. Virtual machine co-resident attack is one of the major security threats to the existing power cloud platform. Objective: This paper proposes a mechanism to defend virtual machine co-resident attack on power cloud platform. Method: Our defense mechanism uses the DBSCAN algorithm to classify and output the classification results through the random forest and uses improved virtual machine deployment strategy which combines the advantages of random round robin strategy and maximum/minimum resource strategy to deploy virtual machines. Results: we made a simulation experiment on power cloud platform of State Grid and verified the effectiveness of proposed defense deployment strategy. Conclusion: After the virtual machine deployment strategy is improved, the coverage of the virtual machine is remarkably reduced which proves that our defense mechanism achieves some effect of defending the virtual machine from virtual machine co-resident attack.

Download Full-text

A Robot Operating System Framework for Secure UAV Communications

Sensors ◽

10.3390/s21041369 ◽

2021 ◽

Vol 21 (4) ◽

pp. 1369

Author(s):

Hyojun Lee ◽

Jiyoung Yoon ◽

Min-Seong Jang ◽

Kyung-Joon Park

Keyword(s):

Operating System ◽

Unmanned Aerial Vehicles ◽

Ground Control ◽

Unmanned Aerial System ◽

Security Framework ◽

Security Vulnerabilities ◽

Robot Operating System ◽

Security Issues ◽

Aerial Vehicles ◽

Ground Control Station

To perform advanced operations with unmanned aerial vehicles (UAVs), it is crucial that components other than the existing ones such as flight controller, network devices, and ground control station (GCS) are also used. The inevitable addition of hardware and software to accomplish UAV operations may lead to security vulnerabilities through various vectors. Hence, we propose a security framework in this study to improve the security of an unmanned aerial system (UAS). The proposed framework operates in the robot operating system (ROS) and is designed to focus on several perspectives, such as overhead arising from additional security elements and security issues essential for flight missions. The UAS is operated in a nonnative and native ROS environment. The performance of the proposed framework in both environments is verified through experiments.

Download Full-text

Virtual Machines Scheduling Algorithm Based on Multi-Objective Optimization in Cloud Computing

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.1046.508 ◽

2014 ◽

Vol 1046 ◽

pp. 508-511

Author(s):

Jian Rong Zhu ◽

Yi Zhuang ◽

Jing Li ◽

Wei Zhu

Keyword(s):

Cloud Computing ◽

Energy Consumption ◽

Virtual Machine ◽

Virtual Machines ◽

Scheduling Algorithm ◽

Machine Scheduling ◽

Multi Objective Optimization ◽

Multi Objective ◽

Virtual Machine Scheduling ◽

Set Up

How to reduce energy consumption while improving utility of datacenter is one of the key technologies in the cloud computing environment. In this paper, we use energy consumption and utility of data center as objective functions to set up a virtual machine scheduling model based on multi-objective optimization VMSA-MOP, and design a virtual machine scheduling algorithm based on NSGA-2 to solve the model. Experimental results show that compared with other virtual machine scheduling algorithms, our algorithm can obtain relatively optimal scheduling results.

Download Full-text

eTPM: A Trusted Cloud Platform Enclave TPM Scheme Based on Intel SGX Technology

Sensors ◽

10.3390/s18113807 ◽

2018 ◽

Vol 18 (11) ◽

pp. 3807 ◽

Cited By ~ 3

Author(s):

Haonan Sun ◽

Rongyu He ◽

Yong Zhang ◽

Ruiyun Wang ◽

Wai Hung Ip ◽

...

Keyword(s):

Virtual Machines ◽

Trusted Computing ◽

Information Leakage ◽

Research Topic ◽

Cloud Environment ◽

Cloud Platform ◽

Computing Technology ◽

Security Issues ◽

Runtime Environment ◽

Cloud Users

Today cloud computing is widely used in various industries. While benefiting from the services provided by the cloud, users are also faced with some security issues, such as information leakage and data tampering. Utilizing trusted computing technology to enhance the security mechanism, defined as trusted cloud, has become a hot research topic in cloud security. Currently, virtual TPM (vTPM) is commonly used in a trusted cloud to protect the integrity of the cloud environment. However, the existing vTPM scheme lacks protections of vTPM itself at a runtime environment. This paper proposed a novel scheme, which designed a new trusted cloud platform security component, ‘enclave TPM (eTPM)’ to protect cloud and employed Intel SGX to enhance the security of eTPM. The eTPM is a software component that emulates TPM functions which build trust and security in cloud and runs in ‘enclave’, an isolation memory zone introduced by SGX. eTPM can ensure its security at runtime, and protect the integrity of Virtual Machines (VM) according to user-specific policies. Finally, a prototype for the eTPM scheme was implemented, and experiment manifested its effectiveness, security, and availability.

Download Full-text

Cloud Security: Inter-Host Docker Container Communication using Vault Dynamic Secrets

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.b1035.1292s19 ◽

2019 ◽

Vol 9 (2S) ◽

pp. 395-401

Keyword(s):

Best Practices ◽

Cloud Security ◽

Simulation Environment ◽

Monitoring Tool ◽

Security Vulnerabilities ◽

Security Issues ◽

Industry Standard ◽

Flooding Attacks ◽

Arp Spoofing

In this paper we attempt to address Inter-Host Docker container communications security issues by incorporating a latest approach provided by Vault Hashicorp dynamic secret mechanism for managing SSH keys and server credentials. A simulation environment is prepared for Inter-Host container communication consisting of one host running locally and the peer host running as an AWS EC2 instance in cloud. Industry standard monitoring tool Grafana is used in the simulation environment to highlight the security impacts for any organization. We also draw special attention to some of the security vulnerabilities in docker container like ARP spoofing, Integrity of the docker host and containers and MAC flooding attacks. We try to list some best practices to be followed when using docker containers in any production deployments.

Download Full-text

Virtual Disks Performance Analysis Using Flexible I/O and Powerstat

International Journal for Research in Applied Science and Engineering Technology ◽

10.22214/ijraset.2021.38392 ◽

2021 ◽

Vol 9 (10) ◽

pp. 267-296

Author(s):

Pritam Patange

Keyword(s):

Cloud Computing ◽

Virtual Machine ◽

Virtual Machines ◽

Disk File ◽

Virtual Machine Monitor ◽

Image File ◽

File Formats ◽

Physical Infrastructure ◽

Disk Image ◽

The Impact

Abstract: Cloud computing has experienced significant growth in the recent years owing to the various advantages it provides such as 24/7 availability, quick provisioning of resources, easy scalability to name a few. Virtualization is the backbone of cloud computing. Virtual Machines (VMs) are created and executed by a software called Virtual Machine Monitor (VMM) or the hypervisor. It separates compute environments from the actual physical infrastructure. A disk image file representing a single virtual machine is created on the hypervisor’s file system. In this paper, we analysed the runtime performance of multiple different disk image file formats. The analysis comprises of four different parameters of performance namely- bandwidth, latency, input-output operations performed per second (IOPS) and power consumption. The impact of the hypervisor’s block and file sizes is also analysed for the different file formats. The paper aims to act as a reference for the reader in choosing the most appropriate disk file image format for their use case based on the performance comparisons made between different disk image file formats on two different hypervisors – KVM and VirtualBox. Keywords: Virtualization, Virtual disk formats, Cloud computing, fio, KVM, virt-manager, powerstat, VirtualBox.

Download Full-text

Virtual Machine Selection Algorithm Based on User Requirements in Mobile Cloud Computing Environment

INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY ◽

10.24297/ijct.v17i2.7764 ◽

2018 ◽

Vol 17 (2) ◽

pp. 7335-7349

Author(s):

Rashid Alakbarov

Keyword(s):

Cloud Computing ◽

Virtual Machine ◽

Mobile Cloud Computing ◽

Virtual Machines ◽

Mobile User ◽

Base Stations ◽

Mobile Cloud ◽

Software Applications ◽

Wireless Metropolitan Area Networks ◽

Cloud Technologies

The article analyzes the advantages of mobile cloud technologies and problems emerging during the use of those. The network infrastructure created based on cloudlets at the second level of mobile cloud computing with hierarchical structure is analyzed. At the same time, the article explores the issues of satisfaction of demand of mobile equipment for computing and memory resources by using these technologies. The article presents one solution for the allocation of mobile user requests in virtual machines created in cloudlets located near base stations of wireless metropolitan area networks (WMAN) in a balanced way by considering the technical capacity of those. Alongside, the article considers the solution of user problem during designated time and the issue of determining virtual machines satisfying other requirements. For this purpose, different characteristics of the stated problem, virtual machines, as well as communication channels between a user and virtual machines are considered. By using possible values determining the importance of cloudlets, conditions for loading software applications of a user to a virtual machine are explored and an appropriate method is proposed.

Download Full-text