The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Security Enhancements for Virtual Machine Image in Cloud Computing

Security Enhancements for Virtual Machine Image in Cloud Computing
Security Enhancements for Virtual Machine Image in Cloud Computing
Cloud computing is a trend in outsourcing and remote processing of applications built on research in virtualisation, distributed computing, utility computing and web services. It reduces the information technology overhead involved in starting a new business and it can be accessed from anywhere. Moreover, it provides great flexibility for the end-user as the service can be easily scaled up or down according to need. One of the concepts used for constructing cloud computing is virtualisation, which has its own security issues, such as denial of service, malware, unauthorised access, data leakage and outdated software and regulatory compliance; with this said, however, the aforementioned issues are not specific to the cloud. Virtualisation is related to shared application server, database and middleware components. The main drawback is separation of computing, as the tenant of a cloud service provider shares virtual resources with other tenants on the same cloud operator. This, in turn, has security implications. Moreover, the multi-tenancy model has introduced new security problems as it is based on virtualisation and sharing resources, such as hard disk, application software and virtual machine on the same physical machine. This research developed and confirmed a security framework for securing the virtual machine image in virtualisation layer in cloud computing. The security framework includes the essential security factors when it comes to protecting the virtual machine image from security threats. The factors of the security framework were synthesised from industry standards and academic literature. The security framework was confirmed by administering questionnaires to vii practitioners and by interviewing experts so that the security factors could provide protection to the virtual machine image. Threat modelling was accomplished in order to clarify the threat scenarios related to the virtual machine image and to identify the access point, assets and the characteristics of the system. A trusted launch of virtual machine image using Intel SGX was designed, evaluated, and discussed to enhance the security of the virtual machine image by incorporating a trusted third party module to scan the virtual machine image for harmful software and encrypt the image. In addition, it holds the decryption keys until integrity and identity verification for enclave trusted platform modules is passed to provide security for the decryption key during execution while decrypting the virtual machine image. Fuzzy logic with experts judgment were employed to measure the security enhancement for the VMI after incorporate Intel SGX. Focus group were conducted to discuss the outcome of fuzzy logic with experts judgment to find out the trusted launch VMI could mitigate the effect of the identified security issues.
University of Southampton
Hussein, Raid
3caae7a9-6184-4d15-b298-e508f2797781
Hussein, Raid
3caae7a9-6184-4d15-b298-e508f2797781
Sassone, Vladimiro
df7d3c83-2aa0-4571-be94-9473b07b03e7

Hussein, Raid (2021) Security Enhancements for Virtual Machine Image in Cloud Computing. University of Southampton, Doctoral Thesis, 215pp.

Record type: Thesis (Doctoral)

Abstract

Cloud computing is a trend in outsourcing and remote processing of applications built on research in virtualisation, distributed computing, utility computing and web services. It reduces the information technology overhead involved in starting a new business and it can be accessed from anywhere. Moreover, it provides great flexibility for the end-user as the service can be easily scaled up or down according to need. One of the concepts used for constructing cloud computing is virtualisation, which has its own security issues, such as denial of service, malware, unauthorised access, data leakage and outdated software and regulatory compliance; with this said, however, the aforementioned issues are not specific to the cloud. Virtualisation is related to shared application server, database and middleware components. The main drawback is separation of computing, as the tenant of a cloud service provider shares virtual resources with other tenants on the same cloud operator. This, in turn, has security implications. Moreover, the multi-tenancy model has introduced new security problems as it is based on virtualisation and sharing resources, such as hard disk, application software and virtual machine on the same physical machine. This research developed and confirmed a security framework for securing the virtual machine image in virtualisation layer in cloud computing. The security framework includes the essential security factors when it comes to protecting the virtual machine image from security threats. The factors of the security framework were synthesised from industry standards and academic literature. The security framework was confirmed by administering questionnaires to vii practitioners and by interviewing experts so that the security factors could provide protection to the virtual machine image. Threat modelling was accomplished in order to clarify the threat scenarios related to the virtual machine image and to identify the access point, assets and the characteristics of the system. A trusted launch of virtual machine image using Intel SGX was designed, evaluated, and discussed to enhance the security of the virtual machine image by incorporating a trusted third party module to scan the virtual machine image for harmful software and encrypt the image. In addition, it holds the decryption keys until integrity and identity verification for enclave trusted platform modules is passed to provide security for the decryption key during execution while decrypting the virtual machine image. Fuzzy logic with experts judgment were employed to measure the security enhancement for the VMI after incorporate Intel SGX. Focus group were conducted to discuss the outcome of fuzzy logic with experts judgment to find out the trusted launch VMI could mitigate the effect of the identified security issues.

Text
RaidHussein-cyber security Research group PhD 08-11-2021 (1) - Version of Record
Restricted to Repository staff only until 30 November 2024.
Available under License University of Southampton Thesis Licence.
Text
Permission to Deposit Thesis form11 (1)
Restricted to Repository staff only
Available under License University of Southampton Thesis Licence.

More information

Published date: November 2021
Related URLs:
Learn more about School of Electronics and Computer Science research

Identifiers

Local EPrints ID: 456928
URI: http://eprints.soton.ac.uk/id/eprint/456928
PURE UUID: 14cf14e0-8d70-485c-9400-20a0c2f15707
ORCID for Raid Hussein: ORCID iD orcid.org/0000-0002-0653-9328

Catalogue record

Date deposited: 17 May 2022 16:48
Last modified: 16 Mar 2024 17:30

Export record

Contributors

Author: Raid Hussein ORCID iD
Thesis advisor: Vladimiro Sassone

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×