Loughborough University
Leicestershire, UK
LE11 3TU
+44 (0)1509 263171
Loughborough University

Loughborough University Institutional Repository

Please use this identifier to cite or link to this item: https://dspace.lboro.ac.uk/2134/23735

Title: Exploring the firewall security consistency in cloud computing during live migration
Authors: Al-Amri, Shadha Mohamed
Guan, Lin
Keywords: Cloud computing
Live migration
Firewall
OpenStack
Issue Date: 2016
Publisher: © ACM
Citation: AL-AMRI, S.M. and GUAN, L., 2016. Exploring the firewall security consistency in cloud computing during live migration. In: ICCCNT '16 Proceedings of the 7th International Conference on Computing Communication and Networking Technologies Article No. 40. Dallas, TX, USA — July 06 - 08, 2016
Abstract: Virtualization technology adds great opportunities and challenges to the cloud computing paradigm. Resource management can be efficiently enhanced by employing Live Virtual Machine Migration (LVMM) techniques. Based on the literature of LVMM implementation in the virtualization environment, middle-boxes such as firewalls do not work effectively after LVMM as it introduces dynamic changes in network status and traffic, which may lead to critical security vulnerabilities. One key security hole is that the security context of the firewall do not move with the Virtual Machine after LVMM is triggered. This leads to inconsistency in the firewall level of protection of the migrated Virtual Machine. There is a lack in the literature of practical studies that address this problem in cloud computing platform. This paper demonstrates a practical analysis using OpenStack testbed to study the firewalls limitations in protecting virtual machines after LVMM. Two network scenarios are used to evaluate this problem. The results show that the security context problem does not exist in the stateless firewall but can exist in the stateful firewall.
Description: © 2016. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in ICCCNT '16 Proceedings of the 7th International Conference on Computing Communication and Networking Technologies, http://dx.doi.org/10.1145/2967878.2967922
Version: Accepted for publication
DOI: 10.1145/2967878.2967922
URI: https://dspace.lboro.ac.uk/2134/23735
Publisher Link: http://dx.doi.org/10.1145/2967878.2967922
Appears in Collections:Conference Papers and Presentations (Computer Science)

Files associated with this item:

File Description SizeFormat
icccnt16_final_draft.pdfAccepted version333.6 kBAdobe PDFView/Open

 

SFX Query

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.