Cloud Computing and Virtualization

The purpose of this book is first to study cloud computing concepts, security concern in clouds and data centers, live migration and its importance for cloud computing, the role of firewalls in domains with particular focus on virtual machine (VM) migration and its security concerns. The book then tackles design, implementation of the frameworks and prepares test-beds for testing and evaluating VM migration procedures as well as firewall rule migration. The book demonstrates how cloud computing can produce an effective way of network management, especially from a security perspective.

Auteur

Dac-Nhuong Le obtained his PhD in computer science from Vietnam National University, Vietnam in 2015. He is Deputy-Head of Faculty of Information Technology, Haiphong University, Vietnam. His area of research includes: evaluation computing and approximate algorithms, network communication, security and vulnerability, network performance analysis and simulation, cloud computing, IoT and image processing in biomedical. He has authored 4 computer science books and has multiple research articles in international journals. Raghvendra Kumar completed his PhD in the Faculty of Engineering and Technology, Jodhpur National University, India. He has authored several research papers in Scopus indexed and impact factor research journals\international conferences as well as 6 authored and 9 edited books on computer science. His areas of interest include wireless sensor network (WSN), Internet of Things, mobile application programming, ad hoc networks, cloud computing, big data, mobile computing, data mining and software engineering. Nguyen Gia Nhu received the PhD degree in computer science from Ha Noi University of Science, Vietnam National University, Vietnam. He is now the Vice Dean of Graduate School at Duy Tan University. He has more than 40 publications in reputed international conferences, journals and book chapter contributions. His research interests include algorithm theory, network optimization and wireless security. Jyotir Moy Chatterjee is working as an Assistant Professor in the Department of Computer Science and Engineering at GD-RCET, Bhilai, C.G, India. He received his M.Tech from KIIT University, Bhubaneswar, Odisha and B.Tech in Computer Science & Engineering from Dr. MGR Educational & Research Institute University, Chennai, (Tamil Nadu). His research interests include cloud computing, big data, privacy preservation and data mining.

Contenu
List of Figures xii

List of Tables xv

Preface xvii

Acknowledgments xxiii

Acronyms xxv

Introduction xxvii

1 Live Virtual Concept in Cloud Environment 1

1.1 Live Migration 2

1.1.1 Definition of Live Migration 2

1.1.2 Techniques for Live Migration 2

1.2 Issues with Migration 4

1.2.1 Application Performance Degradation 4

1.2.2 Network Congestion 4

1.2.3 Migration Time 5

1.3 Research on Live Migration 5

1.3.1 Sequencer (CQNCR) 5

1.3.2 The COMMA System 5

1.3.3 Clique Migration 6

1.3.4 Time-Bound Migration 6

1.3.5 Measuring Migration Impact 7

1.4 Total Migration Time 7

1.4.1 VM Traffic Impact 7

1.4.2 Bin Packing 8

1.5 Graph Partitioning 8

1.5.1 Learning Automata Partitioning 9

1.5.2 Advantages of Live Migration over WAN 11

1.6 Conclusion 12

References 12

2 Live Virtual Machine Migration in Cloud 15

2.1 Introduction 16

2.1.1 Virtualization 16

2.1.2 Types of Virtual Machines 18

2.1.3 Virtual Machine Applications 18

2.2 Business Challenge 19

2.2.1 Dynamic Load Balancing 19

2.2.2 No VM Downtime During Maintenance 20

2.3 Virtual Machine Migration 20

2.3.1 Advantages of Virtualization 22

2.3.2 Components of Virtualization 22

2.3.3 Types of Virtualization 23

2.4 Virtualization System 26

2.4.1 Xen Hypervisor 26

2.4.2 KVM Hypervisor 27

2.4.3 OpenStack 30

2.4.4 Storage 31

2.4.5 Server Virtualization 33

2.5 Live Virtual Machine Migration 33

2.5.1 QEMU and KVM 34

2.5.2 Libvirt 35

2.6 Conclusion 36

References 37

3 Attacks and Policies in Cloud Computing and Live Migration 39

3.1 Introduction to Cloud Computing 40

3.2 Common Types of Attacks and Policies 42

3.2.1 Buffer Overflows 42

3.2.2 Heap Overflows 42

3.2.3 Web-Based Attacks 43

3.2.4 DNS Attacks 47

3.2.5 Layer 3 Routing Attacks 48

3.2.6 ManintheMiddle Attack (MITM)

3.3 Conclusion 50 References 50 49

4 Live Migration Security in Cloud 53

4.1 Cloud Security and Security Appliances 54

4.2 VMM in Clouds and Security Concerns 54

4.3 Software-Defined Networking 56

4.3.1 Firewall in Cloud and SDN 57

4.3.2 SDN and Floodlight Controllers 61

4.4 Distributed Messaging System 62

4.4.1 Approach 63

4.4.2 MigApp Design 63

4.5 Customized Testbed for Testing Migration Security in Cloud 63

4.5.1 Preliminaries 65

4.5.2 Testbed Description 66

4.6 A Case Study and Other Use Cases 67

4.6.1 Case Study: Firewall Rule Migration and Verification 68

4.6.2 Existing Security Issues in Cloud Scenarios 68

4.6.3 Authentication in Cloud 69

4.6.4 Hybrid Approaches for Security in Cloud Computing 71

4.6.5 Data Transfer Architecture in Cloud Computing 71

4.7 Conclusion 72

References 72

5 Solution for Secure Live Migration 75

5.1 Detecting and Preventing Data Migrations to the Cloud 76

5.1.1 Internal Data Migrations 76

5.1.2 Movement to the Cloud 76

5.2 Protecting Data Moving to the Cloud 76

5.3 Application Security 77

5.4 Virtualization 78

5.5 Virtual Machine Guest Hardening 79

5.6 Security as a Service 82

5.6.1 Ubiquity of Security as a Service 83

5.6.2 Advantages of Implementing Security as a Service 85

5.6.3 Identity, Entitlement, and Access Management Services 87

5.7 Conclusion 93

References 94 **6 Dynamic Load Balancing B...