Browse Prior Art Database

Certificate based secure migration Disclosure Number: IPCOM000198941D
Publication Date: 2010-Aug-18
Document File: 2 page(s) / 38K

Publishing Venue

The Prior Art Database


Modern virtualisation systems can 'migrate' a virtual machine between host systems. While this process helps maintenance and increases flexibility it does introduce a security question over whether the host systems to which a virtual machine is migrated is trusted (in terms of the people managing it, the physical security of the machine or the integrity of the system). This proposal describes a certificate based system for securing the migration process.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

Certificate based secure migration

In a large organisation there may be a set of machines which all host many virtual machines (VM); these hosts may be in the same data centre or spread across different continents.

    To cope with a failing machine, a change in requirements or to save energy the administrator may wish to migrate a VM from one host to another.

    The owner of the VM may have private data or other reasons for restricting the set of hosts on which their VM runs (e.g. security policies, or legal requirements to do with the geographic placement of the machines).

    While the VM owner wishes to have control of the placement of their VM, it is preferable that the admin doesn't need to contact the VM owner for each migration (since this may happen in an emergency such as a hardware or power failure) and hence a mechanism is needed to grant the admin restricted permission for migration in a controllable manner.

    At the same time as placing control over the migration the migrated data must be held secure within transit, and this can be achieved by distributing a key to each machine and only performing migration among machines that share the key; the control of that keys distribution then controls where the VM can be migrated to.

    Such a scheme using a single key is inflexible and requires the maintenance of a set of keys for all different sets of machines, or the use of a single key across the entire set.

    Management of sets of keys is a standard problem in other fields, and is normally handled by placing the trust in an external entity (a 'Certification Authority' or CA) rather than an individual key.

    The CA signs the keys that are actually used using it's own keys; an entity may trust a CA to issue keys and that way the individual keys don't have to be distributed.

    For an entity to trust a CA it's identity must be proved; this is done by having the CA key signed by a parent CA; thus a tree of CAs exists where one CA can be used to prove the identity of a child CA.

    The information that the CAs produce is generally formed into 'Certificates' that hold the identity of the CA, the key being signed, and other information that can be used to restrict the key in some way. A typical example being a range of dates

when the key is valid

             . The hierarchy of CAs and infrastructure that exists around them allow other facilitie...