2016 IEEE International Conference on Smart Cloud

A Framework to Secure the Virtual Machine Image in

Cloud Computing
Raid Khalid Hussein, Ahmed Alenezi, Gary B. Wills and Robert J. Walters
Electronics and Computer Science
University of Southampton
Southampton, UK
{rkh2n14, aa4e15, gbw, rjw1}@soton.ac.uk
level virtualization [6]. When two different instances run on
the same physical machine, this might affect the data security
as virtualization is not completely isolated. In addition, Virtual
Machine Monitor or hypervisor (VMM) does not offer
complete control over the host and its operating system (OS)
[7].
One of the features of cloud computing is multi-tenancy.
Multi-tenancy is considered one of the most beneficial features
of cloud computing, but it is a threat to security as it shares the
infrastructure resources among different customers [8]. There
is no absolute separation in the hardware layer in cloud
computing, so data leakage might occur. Data leakage refers to
the viewing or stealing of confidential or sensitive data by an
unauthorized person [9].
This paper propose a framework of security requirements to
secure shared virtual machine (VM) images in cloud
computing. The next sections are organized as follows.
Section II describes the security issues at different layers in
cloud computing. Section III describes the proposed security
framework to secure the shared VM image in cloud
computing. Finally, the paper concludes in section IV.

Abstract Cloud computing which uses outsourcing and remote

processing of applications first appeared about ten years ago.
Cloud Computing built on research in virtualization, distributed
computing, utility computing, and web services. It reduces the
information technology overhead for starting a new business and
it can be accessed from anywhere. One of the concepts used for
constructing cloud computing is virtualization, which has its own
security risks, but they are not specific to the cloud. The key
drawback to adopting cloud computing is security since clients
use someone elses CPU and hard disk for processing and storing
data. This paper proposes a security framework to secure Virtual
Machine Images in a virtualization layer in the cloud
environment. Securing the virtual machine image is significant as
it will most probably affect the security of cloud computing.
Keywords:
cloud computing, information security,
virtualization, multi-tenancy, resource sharing.

I.

INTRODUCTION

Cloud computing adoption is growing tremendously; it

presents a computing paradigm for the 21st century. It is a
computer technology and a set of internet-based enterprise
applications that resulted from the increase in network
bandwidth, thus todays users benefit from high quality
services for data and for application software. Cloud
computing is scalable and uses virtualization to share
resources. Cloud consumers use a resource pool that includes a
large volume of computing resources for distributing
computing missions that require significant processing power.
Internet users are able to reserve storage space online to save
their data and are capable of acquiring computing resources to
process their information according to their needs [1].
There are many security issues in cloud computing which are
related to virtualization, database, resource scheduling, load
balancing and networks [2]. Many organizations feel that it is
dangerous to move their sensitive data to centralized data
centers, since management of the datacenter might not be
trustworthy [3]. Moving databases to a data center involves
many security challenges such as virtualization vulnerability,
access control issues, integrity and confidentiality [4].
Virtualization is a key component of cloud computing; it
reduces the cost of hardware and the cost of energy saving
techniques [5]. Three types of virtualization are used:
operating system level virtualization, application level
virtualization, and Virtual Machine Monitor or hypervisor
978-1-5090-5263-9/16 $31.00 2016 IEEE
DOI 10.1109/SmartCloud.2016.19

II.

CLOUD SECURITY ISSUES

According to the National Institute of Standards and

Technology (NIST), security is the main obstacle delaying the
adoption of cloud computing [10]. Cloud computing has some
vulnerabilities that might affect the core principles of
information security. Vulnerability in cloud computing refers
to weaknesses in the system that might be exploited by an
attacker to obtain unauthorized access to the resources. A
threat refers to potential abuse by an attacker to obtain
unlawful access to the resources [11]. Security issues in
different layers in cloud computing are summarized by [6] as
shown in Figure 1:

35

Application level issues

Network level issues
Data storage level issues
Virtualization level issues
Authentication and access control level security issues
Trust level security issues

Application
level issues

Network
level issues

Authentication
and access
control level

In spite of multi-tenancy bringing significant benefits to

cloud computing, since it reduces cost and saves energy,
security experts see multi-tenancy as vulnerable as it affects
confidentiality [17]. Eliminating the virtualization layer will
avoid the security hazards caused by multi-tenancy but this
would exclude vital features like VM Mobility [18]. VM
Mobility is very beneficial for cloud service providers and it is
very helpful in saving energy. However, multi-tenancy
problems cannot be mitigated by traditional security
techniques in the case when both attacker and victim are on
the same physical machine as shown in Figure 2 .To secure
against this vulnerability, it is important to understand how the
attack is performed.
Firstly, a target VM is identified by the network probing
mechanism. A network probing mechanism is used to find the
physical topology of the network that contains the servers
connected to it and the IPs, which are used to recognize the
victim. Secondly, by taking the advantage of multi-tenancy,
the attacking VM is allocated close to the target VM using a
brute force attack. The brute force attack is a mechanism used
to run an attack operation multiple times until a breach is
achieved. Finally, based on the information gathered from the
network probing, the side channel attack is generated to
extract the data from the victim [17].
In virtualized (multi-tenancy) environment, each user is
allocated a VM that hosts a guest OS. VMs that belong to
different users can share the same physical resources through
resource pooling. VMM is used to control the VMs and allow
the many OS to run on the same physical hardware [19]. The
virtualized (multi-tenancy) environment has introduced
security issues, for instance VM isolation. VM isolation is the
concept that VMs running on the same physical hardware need
to be isolated from each other.

Data Storage
level issues

Trusted level
issues

Virtualization level Issues

VM isolation

VM rollback

VM escape

VM migration

VM sprawl

VM image
sharing

Figure 1 Security issues in Cloud Computing

A. Virtualization (Multi-tenancy)
Virtualization has a crucial role in cloud computing as it
helps the IT industries lower the cost and improve the
performance of their applications [12]. Virtualization means a
way of making a physical computer function as if it were two
or more computers where each non-physical or virtualized
computer is provided with the same basic architecture as that
of a generic physical computer. Virtualization technology
therefore allows the installation of an OS on hardware that
does not really exist. [13]. In virtualization, the resources can
be joint or split across multiple environments. These
environments are called VM. The VM hosts the guest OS [14].
A VMM is one of visualization components which permit the
guest OS to be hosted on host computer[12].
Multi-tenancy is a useful feature in cloud computing.
Multi-tenancy is defined as a property of a system where
multiple customers, so-called tenants, transparently share the
systems resources, such as services, applications, databases,
or hardware, with the aim of lowering costs, while still being
able to exclusively configure the system to the needs of the
tenant [15]. There are two kinds of multi-tenancy: the
multiple instance and native multi-tenancy. In multiple
instance tenancy, each tenant is served by a dedicated
application instance from a shared OS, hardware, and
middleware server in a hosted environment. In native
multi-tenancy, one instance of a program can serve several
tenants over many hosting resources. In the SaaS model,
multi-tenancy can be applied to four different software layers:
application layer, middleware layer, the virtual layer, and the
OS layer [16].


Figure 2 Multi-tenancy security issues

36

as privacy, Integrity, access control and leftover owners data

removal. From all these studies, it can be seen that no one
study consider all the security controls used to secure the VM
image. Therefore, a technique is required that will secure
sharing the VM image.

Moreover, VM migration happens due to load balancing,

maintenance and fault tolerance. The migrated VM can be
compromised by an attacker and relocated to an infected
VMM or compromised server [20]. Furthermore, VM rollback
occurs, when a VM can be rolled back to a previous state
when necessary. This facility provides flexibility to the user
but it raises security problems. It might also render the VM
prone to a vulnerability that has already been solved
previously [11].
In addition, a VM may escape from control of the VVM. If
the VM escapes, it can provide the attacker with the ability to
access other VMs in the same hardware, or it might bring the
VMM down [21]. Subsequently, VM sprawl happens when the
number of VMs on the host system is increasing and most of
them are in the idle state. This situation leads to wasting the
resources of the host machine on a large scale [22].
Eventually, VM image sharing occurs when a client can use
the VM image from the repository or can create his/her own
VM image. A malicious user can upload an infected image
that contains malware to be used by other users. An infected
VM image can be used to monitor the users data and
activities [19].
B.

III.

RESEARCH METHODOLOGY

It was found that sharing the VM image can cause security

problems as it is a template used to initialize a new VM [6]. If
the VM image is not secure, it will affect the security of the
cloud computing. This paper proposes a framework for
securing the VM image in the virtualization level in the cloud.
A. Framework construction
A research plan is proposed to resolve the VM image
security issue with a framework. The framework is divided
into two stages, as shown in Figure 3.

Industry standard security

controls

Related work

Academic literature review

security controls

Investigate and Identify security controls

Stage one

The security issues related to virtualization in cloud

computing are VM isolation, VM migration, VM rollback,
VM escape, VM sprawl, and VM image sharing. VM image
sharing is one of the most common threats to cloud security as
it is the initial state for the VMs [19]. Confidentiality and
integrity need to be considered for securing the VM image, as
unauthorized access and a malicious image allows an attacker
to modify, delete, change the administrator password, or create
a malicious VM image. There is also the risk of non
compliance, which is running unlicensed software or expired
licensed software [6].
Many studies have been conducted on secure sharing of
VM images. An image management system (IMS) was
designed to secure the VM image [23]. This system could
fulfil four security controls: access control, outdated software
detection, leftover owners data removal, and malware
protection. The study did not satisfy other security
requirements like privacy and integrity. Kazim, Masood and
Shibli [24] suggested EVDIC to secure the VM image. Their
idea is to encrypt the VM image whenever it terminates. This
method could achieve privacy, integrity, and access control
security. However, EVDIC did not cover outdated software
detection and leftover owners data removal, which are
essential to secure the VM image. A technique to check for
software update to the VM image was demonstrated by both
[25] and [26]. These approaches could check for the software
updates in the VM image but these techniques do not take into
consideration all of the security controls. A study [27]
hypothesized OPS-offline that could identify and update the
VM image, but could not satisfy other security controls such

Stage two

Remove duplicates, analyze

security controls and remove
semantics

Conceptual framework

Figure 3 Framework Development Process

1) Identifying security controls (Stage one)

Security controls to secure sharing of VM images in cloud
computing are identified and gathered. They are: Privacy,
Integrity, Access control, outdated software detection, Leftover
data removal, and Malware protection. No study
comprehensively covered all the security requirements [19],
and these controls did not take into consideration the views of
industry. Therefore, security controls from industry need to be
collected from specialized organizations like Cloud Security
Alliance (CSA) and National Institute of Standard and
Technology (NIST).
The CSA is a non-profit organization that promotes awareness
of the need to ensure protection of the cloud computing
environment. CSA uses the experience of industry, government
and association employees to offer cloud security education,
certification, and products [7]. The CSA has published a cloud
controls matrix (CCM), which provides customers and the
vendors with a table of fundamental security principles to help

37

in assessing the overall security risk of cloud providers. CCM

explains in detail the principles and security concepts for 13
domains in cloud security. The CCM includes all the controls
from other industry-accepted security standards like NIST, ISO
27001/27002, ISACA, PCI, Jericho Forum, and NERC CIP.
Stage one in Figure 3 illustrates the collection of security
controls
from
industry
and
academia.
Figure 4 shows a list of security controls from CCM regarding
the virtualization security level in cloud computing.

Security Controls
From
Academic
Literature

Security Controls
From
Industry
Standards


Privacy

Authentication

Integrity

Accountability

Access control

Auditing

Outdated software
detection

Regulatory
compliance

Leftover data
removal

Trust

Malware
protection

Availability

Encryption


Remove
duplicates

Figure 4 Security Controls from CCM [28]

2) Framework construction (Stage two)

In stage two in Figure 3, security controls from the
academic literature are compared with security controls
collected from industry standards to remove the duplicates. The
resulting list is shown in Figure 5. The security controls need to
be analyzed for semantically similar concepts or principles
related to each other or that have the same meaning. In this
case, access control and authorization are related to each other
so that access control is replaced with authorization [29]. As a
result, an initial framework (Conceptual) of 13 security
controls is proposed as shown in Figure 6.
The security controls are described below.

Privacy

Leftover data
removal

Encryption

Availability

Malware
protection

Regulatory
compliance

Integrity

Outdated software
detection

Accountability

Trust

Authentication

Auditing

Access control
Figure 5 Combined list of security controls

Privacy: As used in information technology, deals with

the ability to determine which data may be shared. This
aspect is achieved by encryption and authentication
[30] .
Availability means the information has to be available
when it is needed. Systems with high availability allow
access to the data all the time and prevent service
disruptions due to hardware failure, system upgrades,
power outages, power failure, operating system or
application problems [31].

38

Integrity means the information remains unaltered

while it is stored or being transmitted, but it can be
modified and deleted by authorized people only[32].
Trust: An aim to accept vulnerability based on the
favourable intentions or behaviour of another person
or party [33].
Leftover owners data removal: A technique used to
remove authentication details and private data from
the VM image [23].

IV. CONCLUSION

Malware protection: A technique used to remove

malware and pirated software from the VM image
[27].
Outdated software detection: The check that software
in the VM image is updated or not [19].
Authentication: The process of identifying the
customer as one authorized to use the cloud service.
This is achieved by comparing the file of authorized
users information in the database with credentials
provided by the user [34].
Authorization: This refers to the process performed by
an administrator to grant access to the customer of a
service by checking the customers rights and which
resources they can use [35].
Encryption: A technique used to secure shared data in
a shared environment. In information systems,
encryption is achieved by converting the data to a
form that can be understood by authorized people
[36].
Regulatory compliance: Conformity to rules like
policy, law, and specifications relevant to the business
while an organization is working on the goal they
wish to achieve [37].
Accountability: A measure of the amount of
information an authorized customer is using during his
session. This includes the quantity of data and time
which is used to set authorization control [37].
Auditing: The measure of information system security
that meets a set of established criteria. Audit is the
systematic security assessment of the information
related to an organization and how much it conforms
to a set of criteria [4].

Cloud computing is a new processing paradigm that

increases efficiency, reduces cost, provides on-demand access
to a shared pool of resources and services, provided with
minimum management effort. Security is the main impediment
to adopting cloud computing, as the end-user data are stored on
the service providers server. Security problems have been
discussed, based on the cloud layers, since each layer has its
own problems. Issues in the virtualization layer is one of the
main challenges that affects the security of the data storage
layer and the application layer.
Multi-tenancy introduces issues in the virtualization layer and
these problems affect the VMs, the VMM and the OS. The VM
image is the initial state of the VM and an infected VM could
influence security. Therefore, VM image framework is
proposed to secure the stored VM image in the repository.
REFERENCES
[1]

L. Yan, C. Rong, and G. Zhao, Strengthen cloud computing security

with federal identity management using hierarchical identity-based
cryptography, Lect. Notes Comput. Sci. (including Subser. Lect. Notes
Artif. Intell. Lect. Notes Bioinformatics), vol. 5931 LNCS, pp. 167177,
2009.

[2]

B. Hamlen, K., Kantarcioglu, M., Khan, L. and Thuraisingham,

Security Issues for Cloud Computing, Proc. - 9th Int. Conf. Comput.
Intell. Secur. CIS 2013, pp. 150162, 2012.

[3]

M. a. AlZain, E. Pardede, B. Soh, and J. a. Thom, Cloud computing

security: From single to multi-clouds, Proc. Annu. Hawaii Int. Conf.
Syst. Sci., pp. 54905499, 2011.

[4]

C. Wang, Q. Wang, K. Ren, and W. Lou, Privacy-preserving public

auditing for data storage security in cloud computing, Proc. - IEEE
INFOCOM, 2010.

[5]

T. Swathi, K. Srikanth, and S. R. Reddy, Virtualization in Cloud

Computing, Int. J. Comput. Sci. Mob. Comput., vol. 35, no. 5, pp.
540546, 2014.

[6]

C. Modi, D. Patel, B. Borisaniya, A. Patel, and M. Rajarajan, A survey

on security issues and solutions at different layers of Cloud
computing, J. Supercomput., vol. 63, no. 2, pp. 561592, 2013.

[7]

S. Subashini and V. Kavitha, A survey on security issues in service

delivery models of cloud computing, J. Netw. Comput. Appl., vol. 34,
no. 1, pp. 111, 2011.

[8]

S. K. Abd, R. T. Salih, and F. Hashim, Cloud Computing Security

Risks with Authorization Access for Secure Multi-Tenancy Based on
AAAS Protocol, IEEE Reg. 10 Conf. TENCON, pp. 15, 2015.

[9]

H. Aljahdali, A. Albatli, P. Garraghan, P. Townend, L. Lau, and J. Xu,

Multi-tenancy in cloud computing, Proc. - IEEE 8th Int. Symp. Serv.
Oriented Syst. Eng. SOSE 2014, pp. 344351, 2014.

[10] N. Kshetri, Privacy and security issues in cloud computing: The role
of institutions and institutional evolution, Telecomm. Policy, vol. 37,
no. 45, pp. 372386, 2013.
[11] K. Hashizume, D. Rosado, E. Fernndez-Medina, and E. Fernandez,
An analysis of security issues for cloud computing, J. Internet Serv.
Appl., vol. 4, no. 5, pp. 113, 2013.
[12] F. Sabahi, Virtualization-level security in cloud computing, in 2011
IEEE 3rd International Conference on Communication Software and
Networks, 2011, pp. 250254.
[13] S. Carlin, Cloud Computing Security, Artif. Intell., vol. 3, no. March,
pp. 1416, 2011.

Figure 6 Initial Framework for Securing the Shared VM Image

[14] R. Buyya, R. Buyya, C. S. Yeo, C. S. Yeo, S. Venugopal, S.

39

Venugopal, J. Broberg, J. Broberg, I. Brandic, and I. Brandic, Cloud

computing and emerging IT platforms: Vision, hype, and reality for
delivering computing as the 5th utility, Futur. Gener. Comput. Syst.,
vol. 25, no. 6, p. 17, 2009.

[33] S. Pearson and A. Benameur, Privacy, Security and Trust Issues

Arising from Cloud Computing, 2010 IEEE Second Int. Conf. Cloud
Comput. Technol. Sci., pp. 693702, 2010.
[34] H. Chang and E. Choi, User Authentication in Cloud
Computing\nUbiquitous Computing and Multimedia Applications,
vol. 151, pp. 338342, 2011.

[15] J. Kabbedijk, C.-P. Bezemer, S. Jansen, and A. Zaidman, Defining

multi-tenancy: A systematic mapping study on the academic and the
industrial perspective, J. Syst. Softw., vol. 100, pp. 139148, 2015.

[35] D. Zissis and D. Lekkas, Addressing cloud computing security issues,

Futur. Gener. Comput. Syst., vol. 28, no. 3, pp. 583592, 2012.

[16] J. Espadas, A. Molina, G. Jim??nez, M. Molina, R. Ram??rez, and D.

Concha, A tenant-based resource allocation model for scaling
Software-as-a-Service applications over cloud computing
infrastructures, Futur. Gener. Comput. Syst., vol. 29, no. 1, pp. 273
286, 2013.

[36] J. N. Ortiz, Functional Encryption: Definitions and Challenges

Introdu c ao, vol. 02, no. subaward 641, pp. 253273, 2014.
[37] K. Popovi and Z. Hocenski, Cloud computing security issues and
challenges, no. March, pp. 344349, 2010.

[17] H. Aljahdali, P. Townend, and J. Xu, Enhancing multi-tenancy

security in the cloud IaaS model over public deployment, Proc. - 2013
IEEE 7th Int. Symp. Serv. Syst. Eng. SOSE 2013, pp. 385390, 2013.

[38] V. Sekar and P. Maniatis, Verifiable resource accounting for cloud

computing services, Proc. 3rd ACM Work. Cloud Comput. Secur.
Work., pp. 2126, 2011.

[18] R. Wu, G.-J. Ahn, H. Hu, and M. Singhal, Information flow control in
cloud computing, 2010 6th Int. Conf. Collab. Comput. Networking,
Appl. Work., pp. 17, 2010.
[19] M. Ali, S. U. Khan, and A. V. Vasilakos, Security in cloud computing:
Opportunities and challenges, Inf. Sci. (Ny)., vol. 305, pp. 357383,
2015.
[20] F. Zhang and H. Chen, Security-Preserving Live Migration of Virtual
Machines in the Cloud, J. Netw. Syst. Manag., pp. 562587, 2012.
[21] W. A. Jansen, Cloud hooks: Security and privacy issues in cloud
computing, Proc. Annu. Hawaii Int. Conf. Syst. Sci., no. iv, p. 42,
2011.
[22] K. Sunil Rao and P. Santhi Thilagam, Heuristics based server
consolidation with residual resource defragmentation in cloud data
centers, Futur. Gener. Comput. Syst., vol. 50, pp. 8798, 2015.
[23] J. Wei, X. Zhang, G. Ammons, V. Bala, and P. Ning, Managing
security of virtual machine images in a cloud environment, Proc. 2009
ACM Work. Cloud Comput. Secur. - CCSW 09, no. Vm, p. 91, 2009.
[24] M. Kazim, R. Masood, and M. A. Shibli, Securing the virtual machine
images in Cloud computing, SIN 2013 - Proc. 6th Int. Conf. Secur. Inf.
Networks, pp. 425428, 2013.
[25] R. Schwarzkopf, M. Schmidt, C. Strack, S. Martin, and B. Freisleben,
Increasing virtual machine security in cloud environments, J. Cloud
Comput. Adv. Syst. Appl., vol. 1, no. 1, p. 12, 2012.
[26] D. Jeswani, A. Verma, P. Jayachandran, and K. Bhattacharya,
ImageElves: Rapid and reliable system updates in the cloud, Proc. Int. Conf. Distrib. Comput. Syst., no. i, pp. 390399, 2013.
[27] K. Fan, D. Mao, Z. Lu, and J. Wu, OPS: Offline patching scheme for
the images management in a secure cloud environment, Proc. - IEEE
10th Int. Conf. Serv. Comput. SCC 2013, pp. 587594, 2013.
[28] Cloud Security Alliance, Cloud Controls Matrix Working Group,
2014. [Online]. Available:
https://cloudsecurityalliance.org/group/cloud-controls-matrix/.
[29] R. Sandhu, D. Ferraiolo, and R. Kuhn, The NIST model for role-based
access control, Proc. fifth ACM Work. Role-based access Control RBAC 00, pp. 4763, 2000.
[30] H. J. Smith, S. J. Milberg, and S. J. Burke, Information Privacy:
Measuring Individuals Concerns about Organizational Practices,
Manag. Inf. Syst. Q., vol. 20, no. 2, pp. pp. 167196, 1996.
[31] M. Zhou, R. Zhang, W. Xie, W. Qian, and A. Zhou, Security and
privacy in cloud computing: A survey, Proc. - 6th Int. Conf. Semant.
Knowl. Grid, SKG 2010, pp. 105112, 2010.
[32] R. Sandhu and S. Jajodia, Integrity principles and mechanisms in
database management systems, Comput. Secur., vol. 10, no. 5, pp.
413427, 1991.

40