Towards Secure Instance Migration in the Cloud

Hosting service providers are completely shifting towards cloud computing from dedicated hardware. However, corporates waffles to move their sensitive data to such a solution where data is no more in their control. The pay-as-you-go is primary notion of cloud service providers. However, they share infrastructure between different tenants that brings security issues. There is a need to provide trust and confidence to corporates that security mechanisms being used by the service providers are secure. Existing IaaS (Infrastructure as a Service) providers have adopted all standard software-based security solutions. However, recent research shows that softwares security solutions are itself vulnerable to attack. In this regard Trusted Computing Group (TCG) introduced hardware root-of-trust concept where highly sensitive information is stored in co-processor called Trusted Platform Module(TPM) rather than the software. Migration is an important process in cloud infrastructures. There are many solutions offered by service providers that improve performance of their client´s services such as web and database. For example, CloudFront, Elastic Load Balancing (ELB) etc., offered by Amazon AWS. These services move customer´s data between cloud infrastructure quit often. However, they do not provide hardware backed solutions, such as Trusted Computing, to migrate customer´s data between infrastructures. In this paper we have incorporated a new component in OpenStack called Secure Instance Migration Module (SIMM). SIMM is backed by Trusted Computing constructs that protects integrity of instance data while migration takes place. By incorporation of SIMM module, cloud customers will have more confidence regarding their sensitive data. We have also discussed architecture and implementation of SIMM module.