Stealth Migration: Hiding Virtual Machines On The Network
IEEE INFOCOM 2017 - IEEE CONFERENCE ON COMPUTER COMMUNICATIONS(2017)
摘要
Live virtual machine (VM) migration is commonly used for enabling dynamic resource or fault management, or for load balancing in datacenters or cloud platforms. A service hosted by a VM may also be migrated to prevent its visibility to an external adversary who may seek to disrupt its operation by launching a DDoS attack against it. We first show that current systems cannot adequately hide a VM migration from an external adversary. The key reason for this is that a migration typically manifests a traffic pattern with distinguishable statistical properties. We introduce two new attacks that can allow an adversary to effectively track a migration in progress, by leveraging observations of these properties. As our primary contribution, we design and implement a stealth migration framework that causes migration traffic to be indistinguishable from regular Internet traffic, with a negligible latency overhead of approximately 0.37 seconds, on average.
更多查看译文
关键词
live virtual machine migration,dynamic resource,live VM migration,statistical properties,fault management,datacenters,traffic pattern,latency overhead,migration traffic,stealth migration framework,DDoS attack,external adversary,cloud platforms,load balancing
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络