Security Enhancements for Virtual Machine Image in Cloud Computing
Security Enhancements for Virtual Machine Image in Cloud Computing
Cloud computing is a trend in outsourcing and remote processing of applications built on research in virtualisation, distributed computing, utility computing and web services. It reduces the information technology overhead involved in starting a new business and it can be accessed from anywhere. Moreover, it provides great flexibility for the end-user as the service can be easily scaled up or down according to need. One of the concepts used for constructing cloud computing is virtualisation, which has its own security issues, such as denial of service, malware, unauthorised access, data leakage and outdated software and regulatory compliance; with this said, however, the aforementioned issues are not specific to the cloud. Virtualisation is related to shared application server, database and middleware components. The main drawback is separation of computing, as the tenant of a cloud service provider shares virtual resources with other tenants on the same cloud operator. This, in turn, has security implications. Moreover, the multi-tenancy model has introduced new security problems as it is based on virtualisation and sharing resources, such as hard disk, application software and virtual machine on the same physical machine. This research developed and confirmed a security framework for securing the virtual machine image in virtualisation layer in cloud computing. The security framework includes the essential security factors when it comes to protecting the virtual machine image from security threats. The factors of the security framework were synthesised from industry standards and academic literature. The security framework was confirmed by administering questionnaires to vii practitioners and by interviewing experts so that the security factors could provide protection to the virtual machine image. Threat modelling was accomplished in order to clarify the threat scenarios related to the virtual machine image and to identify the access point, assets and the characteristics of the system. A trusted launch of virtual machine image using Intel SGX was designed, evaluated, and discussed to enhance the security of the virtual machine image by incorporating a trusted third party module to scan the virtual machine image for harmful software and encrypt the image. In addition, it holds the decryption keys until integrity and identity verification for enclave trusted platform modules is passed to provide security for the decryption key during execution while decrypting the virtual machine image. Fuzzy logic with experts judgment were employed to measure the security enhancement for the VMI after incorporate Intel SGX. Focus group were conducted to discuss the outcome of fuzzy logic with experts judgment to find out the trusted launch VMI could mitigate the effect of the identified security issues.
University of Southampton
Hussein, Raid
3caae7a9-6184-4d15-b298-e508f2797781
November 2021
Hussein, Raid
3caae7a9-6184-4d15-b298-e508f2797781
Sassone, Vladimiro
df7d3c83-2aa0-4571-be94-9473b07b03e7
Hussein, Raid
(2021)
Security Enhancements for Virtual Machine Image in Cloud Computing.
University of Southampton, Doctoral Thesis, 215pp.
Record type:
Thesis
(Doctoral)
Abstract
Cloud computing is a trend in outsourcing and remote processing of applications built on research in virtualisation, distributed computing, utility computing and web services. It reduces the information technology overhead involved in starting a new business and it can be accessed from anywhere. Moreover, it provides great flexibility for the end-user as the service can be easily scaled up or down according to need. One of the concepts used for constructing cloud computing is virtualisation, which has its own security issues, such as denial of service, malware, unauthorised access, data leakage and outdated software and regulatory compliance; with this said, however, the aforementioned issues are not specific to the cloud. Virtualisation is related to shared application server, database and middleware components. The main drawback is separation of computing, as the tenant of a cloud service provider shares virtual resources with other tenants on the same cloud operator. This, in turn, has security implications. Moreover, the multi-tenancy model has introduced new security problems as it is based on virtualisation and sharing resources, such as hard disk, application software and virtual machine on the same physical machine. This research developed and confirmed a security framework for securing the virtual machine image in virtualisation layer in cloud computing. The security framework includes the essential security factors when it comes to protecting the virtual machine image from security threats. The factors of the security framework were synthesised from industry standards and academic literature. The security framework was confirmed by administering questionnaires to vii practitioners and by interviewing experts so that the security factors could provide protection to the virtual machine image. Threat modelling was accomplished in order to clarify the threat scenarios related to the virtual machine image and to identify the access point, assets and the characteristics of the system. A trusted launch of virtual machine image using Intel SGX was designed, evaluated, and discussed to enhance the security of the virtual machine image by incorporating a trusted third party module to scan the virtual machine image for harmful software and encrypt the image. In addition, it holds the decryption keys until integrity and identity verification for enclave trusted platform modules is passed to provide security for the decryption key during execution while decrypting the virtual machine image. Fuzzy logic with experts judgment were employed to measure the security enhancement for the VMI after incorporate Intel SGX. Focus group were conducted to discuss the outcome of fuzzy logic with experts judgment to find out the trusted launch VMI could mitigate the effect of the identified security issues.
Text
RaidHussein-cyber security Research group PhD 08-11-2021 (1)
- Version of Record
Restricted to Repository staff only until 30 November 2024.
Text
Permission to Deposit Thesis form11 (1)
Restricted to Repository staff only
More information
Published date: November 2021
Identifiers
Local EPrints ID: 456928
URI: http://eprints.soton.ac.uk/id/eprint/456928
PURE UUID: 14cf14e0-8d70-485c-9400-20a0c2f15707
Catalogue record
Date deposited: 17 May 2022 16:48
Last modified: 10 Sep 2024 01:40
Export record
Contributors
Author:
Raid Hussein
Thesis advisor:
Vladimiro Sassone
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics