VM Migration for Secure Out-of-band Remote Management with Nested Virtualization

摘要

Infrastructure-as-a-Service clouds provide out-of-band remote management of the systems in virtual machines (VMs). This management method enables users to manage their systems even on several types of failures inside VMs. In this method, users access virtual devices of their VMs, but virtual devices are not sufficiently protected against untrusted cloud operators. For secure out-of-band remote management, previous work securely runs shadow devices outside an untrusted virtualized system using nested virtualization. However, the states of shadow devices are lost during VM migration. In this paper, we propose USShadow for continuing secure out-of-band remote management after VM migration. USShadow enables the migration manager inside the virtualized system to transparently and securely save and restore the states of shadow devices outside it. We have implemented USShadow, which supports Xen and KVM as virtualized systems. Then, we confirmed that USShadow could continue virtual serial console and that the migration overhead was negligible.