Title :
Dependable and secure remote management in IaaS clouds
Author :
Egawa, T. ; Nishimura, Nozomi ; Kourai, Kenichi
Author_Institution :
Kyushu Inst. of Technol., Kitakyushu, Japan
Abstract :
In Infrastructure-as-a-Service (IaaS) clouds, the users manage the systems in the provided virtual machines (VMs) called user VMs through remote management software such as Virtual Network Computing (VNC). For dependability, they often perform out-of-band remote management via the management VM. Even in the case of system failures inside their VMs, the users could directly access their systems. However, the management VM is not always trustworthy in IaaS. Once outside or inside attackers intrude into the management VM, they could easily eavesdrop on all the inputs and outputs in remote management. To solve this security issue, this paper proposes FBCrypt for preventing information leakage via the management VM in out-of-band remote management. FBCrypt encrypts the inputs and outputs between a VNC client and a user VM using the virtual machine monitor (VMM). Sensitive information is protected against the management VM between them. The VMM intercepts the reads of virtual devices by a user VM and decrypts the inputs, whereas it intercepts the updates of a framebuffer by a user VM and encrypts the pixel data. We have implemented FBCrypt in Xen and TightVNC and confirmed that any keystrokes or pixel data did not leak.
Keywords :
client-server systems; cloud computing; cryptography; virtual machines; FBCrypt; IaaS clouds; VMM; VNC; VNC client; framebuffer; information leakage prevention; infrastructure-as-a-service clouds; input decryption; management VM; out-of-band remote management; pixel data encryption; remote management dependability; remote management security; remote management software; sensitive information protection; system failures; user VM; virtual machine monitor; virtual machines; virtual network computing; Conferences; Encryption; Hardware; Keyboards; Servers; Virtual machine; information leakage; remote management;
Conference_Titel :
Cloud Computing Technology and Science (CloudCom), 2012 IEEE 4th International Conference on
Conference_Location :
Taipei
Print_ISBN :
978-1-4673-4511-8
Electronic_ISBN :
978-1-4673-4509-5
DOI :
10.1109/CloudCom.2012.6427597