research-article

Managing security of virtual machine images in a cloud environment

Authors:

Peng NingAuthors Info & Claims

CCSW '09: Proceedings of the 2009 ACM workshop on Cloud computing security

Pages 91 - 96

https://doi.org/10.1145/1655008.1655021

Published: 13 November 2009 Publication History

Abstract

Cloud computing is revolutionizing how information technology resources and services are used and managed but the revolution comes with new security problems. Among these is the problem of securely managing the virtual-machine images that encapsulate each application of the cloud. These images must have high integrity because the initial state of every virtual machine in the cloud is determined by some image. However, as some of the enefits of the cloud depend on users employing images built by third parties, users must also be able to share images safely.

This paper explains the new risks that face administrators and users (both image publishers and image retrievers) of a cloud's image repository. To address those risks, we propose an image management system that controls access to images, tracks the provenance of images, and provides users and administrators with efficient image filters and scanners that detect and repair security violations. Filters and scanners achieve efficiency by exploiting redundancy among images; an early implementation of the system shows that this approach scales better than a naive approach that treats each image independently.

References

[1]

Clam AntiVirus. http://www.clamav.net/.

[2]

Privacy protector. http://www.NetDuster.com/Privacy/.

[3]

Secureclean. http://www.secureclean.com/.

[4]

Cloud security stokes concerns at RSA, April 2009. Available at http://www.networkworld.com/news/2009/042309-rsa-cloud-security.html.

[5]

Security Guidance for Critical Areas of Focus in Cloud Computing, April 2009. Available at http://www.cloudsecurityalliance.org/guidance/csaguide.pdf.

[6]

Amazon. Amazon EC2, Developer Guide. http://docs.amazonwebservices.com/AWSEC2/latest/DeveloperGuide/

[7]

Amazon. Amazon Elastic Compute Cloud (Amazon EC2). http://aws.amazon.com/ec2.

[8]

Amazon. Amazon Simple Storage Service (Amazon S3). http://aws.amazon.com/s3.

[9]

M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, and et al. Above the clouds: A berkeley view of cloud computing. Technical Report UCB/EECS-2009-28, 2009. Available at http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.html.

[10]

K. Eshghi, M. Lillibridge, and et al. Jumbo store: providing efficient incremental upload and versioning for a utility rendering service. In FAST'07, 2007.

Digital Library

[11]

T. Garfinkel and M. Rosenblum. When virtual is harder than real: Security challenges in virtual machine based computing environments. In Tenth Workshop on Hot Topics in Operating Systems (HotOS'05).

Digital Library

[12]

Google. Google App Engine. http://code.google.com/appengine/.

[13]

B. Hayes. Cloud Computing. Commun. ACM, 51(7):9--11, 2008. Available at http://doi.acm.org/10.1145/1364782.1364786.

Digital Library

[14]

J. Heiser and M. Nicolett. Assessing the Security Risks of Cloud Computing, June 2008.

[15]

IBM. IBM AMIs on Amazon's EC2. http://developer.amazonwebservices.com/connect/kbcategory.jspa?categoryID=229.

[16]

IBM. IBM Cloud Computing. http://www.ibm.com/ibm/cloud.

[17]

IBM. IBM Tivoli License Compliance Manager. http://www.ibm.com/software/tivoli/products/license-mgr/.

[18]

Microsoft. Azure Services Platform. http://www.microsoft.com/azure/default.mspx.

[19]

Oracle. Oracle AMIs on Amazon's EC2. http://developer.amazonwebservices.com/connect/kbcategory.jspa?categoryID=205.

[20]

B. Pfaff, T. Garfinkel, and M. Rosenblum. Virtualization aware file systems: getting beyond the limitations of virtual disks. In Proceedings of the Third Symposium on Networked Systems Design and Implementation (NSDI '06), May 2006.

Digital Library

[21]

S. Quinlan and S. Dorward. Venti: a new approach to archival storage. In Proceedings of the 1th Usenix Conference on File and Storage Technologies, 2002.

Digital Library

[22]

D. Reimer, A. Thomas, G. Ammons, T. Mummert, B. Alpern, and V. Bala. Opening black boxes: Using semantic information to combat virtual machine image sprawl. In The 2008 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, March 5-7, 2008.

Digital Library

[23]

VMware. Virtual Applicance Marketplace. http://www.vmware.com/appliances/.

[24]

Eric Goldman. A Fresh Look at Web Development and Hosting Agreements. http://www.ericgoldman. org/Articles/freshlookarticle.htm.

Cited By

Katal AChoudhury TDahiya S(2024)Energy optimized container placement for cloud data centers: a meta-heuristic approachThe Journal of Supercomputing10.1007/s11227-023-05462-280:1(98-140)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1007/s11227-023-05462-2
Liu JMo LYang SZhou JJi SXiong HDou D(2023)Data Placement for Multi-Tenant Data Federation on the CloudIEEE Transactions on Cloud Computing10.1109/TCC.2021.313657711:2(1414-1429)Online publication date: 1-Apr-2023
https://doi.org/10.1109/TCC.2021.3136577
Li NXu MLi QLiu JBao SLi YLi JZheng H(2023)A review of security issues and solutions for precision health in Internet-of-Medical-Things systemsSecurity and Safety10.1051/sands/20220102(2022010)Online publication date: 31-Jan-2023
https://doi.org/10.1051/sands/2022010
Show More Cited By

Index Terms

Managing security of virtual machine images in a cloud environment

Recommendations

Securing the virtual machine images in cloud computing
SIN '13: Proceedings of the 6th International Conference on Security of Information and Networks

The convergence of virtualization with Cloud computing has brought many benefits to organizations including ease of deployment, reduced costs and high availability of resources over internet. Extensive research has been carried out to increase the ...
Adaptive Virtual Machine Management in the Cloud: A Performance-Counter-Driven Approach

The success of cloud computing technologies heavily depends on both the underlying hardware and system software support for virtualization. In this study, we propose to elevate the capability of the hypervisor to monitor and manage co-running virtual ...
Rethink the storage of virtual machine images in clouds

As one of the most prevalent cloud services, Infrastructure-as-a-Service provides virtual machines (VMs) with high flexibility. How to effectively manage a huge amount of VM images becomes a big challenge. On one hand, images affect VMs' disk IO ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCSW '09: Proceedings of the 2009 ACM workshop on Cloud computing security

November 2009

144 pages

ISBN:9781605587844

DOI:10.1145/1655008

Program Chairs:
Radu Sion
Stony Brook University, USA
,
Dawn Song
University of California, Berkeley, USA

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 November 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '09

Sponsor:

SIGSAC

CCS '09: 16th ACM Conference on Computer and Communications Security 2009

November 13, 2009

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 37 of 108 submissions, 34%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

140
Total Citations
View Citations
5,003
Total Downloads

Downloads (Last 12 months)28
Downloads (Last 6 weeks)1

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Katal AChoudhury TDahiya S(2024)Energy optimized container placement for cloud data centers: a meta-heuristic approachThe Journal of Supercomputing10.1007/s11227-023-05462-280:1(98-140)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1007/s11227-023-05462-2
Liu JMo LYang SZhou JJi SXiong HDou D(2023)Data Placement for Multi-Tenant Data Federation on the CloudIEEE Transactions on Cloud Computing10.1109/TCC.2021.313657711:2(1414-1429)Online publication date: 1-Apr-2023
https://doi.org/10.1109/TCC.2021.3136577
Li NXu MLi QLiu JBao SLi YLi JZheng H(2023)A review of security issues and solutions for precision health in Internet-of-Medical-Things systemsSecurity and Safety10.1051/sands/20220102(2022010)Online publication date: 31-Jan-2023
https://doi.org/10.1051/sands/2022010
Basu SKarmakar SBera D(2022)Securing Cloud Virtual Machine Image Using Ethereum BlockchainInternational Journal of Information Security and Privacy10.4018/IJISP.29586816:1(1-22)Online publication date: 1-Apr-2022
https://doi.org/10.4018/IJISP.295868
Sajid FHassan MKhan ARizwan MKryvinska NVincent KKhan I(2022)Secure and Efficient Data Storage Operations by Using Intelligent Classification Technique and RSA Algorithm in IoT-Based Cloud ComputingScientific Programming10.1155/2022/21956462022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/2195646
Saxena AMathur R(2022)An Enhancing the Security of Cloud Data via an Attribute-Based Encryption Model and Linked Hashing2022 Fourth International Conference on Emerging Research in Electronics, Computer Science and Technology (ICERECT)10.1109/ICERECT56837.2022.10060101(1-6)Online publication date: 26-Dec-2022
https://doi.org/10.1109/ICERECT56837.2022.10060101
Al Zoubi RMahfood BAbbas S(2022)Security Issues and Defenses in VirtualizationProceedings of International Conference on Information Technology and Applications10.1007/978-981-16-7618-5_52(605-617)Online publication date: 21-Apr-2022
https://doi.org/10.1007/978-981-16-7618-5_52
Khan ALaghari AAwan SJumani A(2021)Fourth Industrial Revolution Application: Network Forensics Cloud Security IssuesSecurity Issues and Privacy Concerns in Industry 4.0 Applications10.1002/9781119776529.ch2(15-33)Online publication date: 30-Jul-2021
https://doi.org/10.1002/9781119776529.ch2
Mikavica BKostić-Ljubisavljević A(2020)Security Issues of Cloud Migration and Optical Networking in Future InternetCyber Security of Industrial Control Systems in the Future Internet Environment10.4018/978-1-7998-2910-2.ch005(91-106)Online publication date: 2020
https://doi.org/10.4018/978-1-7998-2910-2.ch005
Kang QLiu JYang SXiong HAn HLi XFeng ZWang LDou D(2020)Quasi-optimal Data Placement for Secure Multi-tenant Data Federation on the Cloud2020 IEEE International Conference on Big Data (Big Data)10.1109/BigData50022.2020.9377953(1954-1963)Online publication date: 10-Dec-2020
https://doi.org/10.1109/BigData50022.2020.9377953
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents