Improving Security of Virtual Machines during Live Migrations

Live migration of virtual machines (VMs) enables the transfer of a running VM to a new hardware component with minimal and hardly noticeable interruption. In cloud architectures, users are almost not able to detect live migrations of their VMs nor can they prevent them from happening. Nevertheless, if a VM is live migrated to a distant data center crossing national borders, security and privacy problems arise. This way, internal data can become subject to new national legislation without even notifying the owner of the live-migrated VM. In this paper, we propose methods to detect live migrations from the inside of an affected VM. Furthermore, we analyze how the live migration procedure can be delayed and how the additional gained time can be used to take security measures before the live migration is finished. We developed a "live migration defence framework" (LMDF) which can be used for security policy enforcement within a VM. We evaluated the proposed methods and techniques in our cloud setup and partially in the Amazon Elastic Computing Cloud (EC2).