Tailoring the Cyber Security Framework: How to Overcome the Complexities of Secure Live Virtual Machine Migration in Cloud Computing

This paper proposes a novel secure live virtual machine migration framework by using a virtual trusted platform module instance to improve the integrity of the migration process from one virtual machine to another on the same platform. The proposed framework, called Kororā, is designed and developed on a public infrastructure-as-a-service cloud-computing environment and runs concurrently on the same hardware components (Input/Output, Central Processing Unit, Memory) and the same hypervisor (Xen); however, a combination of parameters needs to be evaluated before implementing Kororā. The implementation of Kororā is not practically feasible in traditional distributed computing environments. It requires fixed resources with high-performance capabilities, connected through a high-speed, reliable network. The following research objectives were determined to identify the integrity features of live virtual machine migration in the cloud system: To understand the security issues associated with cloud computing, virtual trusted platform modules, virtualization, live virtual machine migration, and hypervisors; To identify the requirements for the proposed framework, including those related to live VM migration among different hypervisors; To design and validate the model, processes, and architectural features of the proposed framework; To propose and implement an end-to-end security architectural blueprint for cloud environments, providing an integrated view of protection mechanisms, and then to validate the proposed framework to improve the integrity of live VM migration. This is followed by a comprehensive review of the evaluation system architecture and the proposed framework state machine. The overarching aim of this paper, therefore, is to present a detailed analysis of the cloud computing security problem, from the perspective of cloud architectures and the cloud service delivery models. Based on this analysis, this study derives a detailed specification of the cloud live virtual machine migration integrity problem and key features that should be covered by the proposed framewor

Specification Enforcing Refinement for Convertibility Verification

International audienceProtocol conversion deals with the automatic synthesis of an additional component, often referred to as an adaptor or a converter, to bridge mismatches between interacting components, often referred to as protocols. A formal solution, called convertibility verification, has been recently proposed, which produces such a converter, so that the parallel composition of the protocols and the converter also satisfies some desired specification. A converter is responsible for bridging different kinds of mismatches such as control, data, and clock mismatches. Mismatches are usually removed by the converter by disabling undesirable paths in the protocol composition (similar to controllers in supervisory control of Discrete Event Systems (DES)). We generalize this convertibility verification problem by using a new refinement called specification enforcing refinement (SER) between a protocol composition and a desired specification. The existence of such a refinement is shown to be a necessary and sufficient condition for the existence of a suitable converter. We also synthesize automatically the converter if a SER refinement relation exists. The proposed converter is capable of the usual disabling actions to remove undesirable paths in the protocol composition. In addition, the converter can perform forcing actions when disabling alone fails to find a converter to satisfy the desired specification. Forcing allows the generation of control inputs in one protocol that are not provided by the other protocol. Forcing induces state-based hiding, an operation not achievable using DES control theory

Precise timing analysis for direct-mapped caches

International audienceSafety-critical systems require guarantees on their worst-case execution times. This requires modelling of speculative hardware features such as caches that are tailored to improve the average-case performance, while ignoring the worst case, which complicates the Worst Case Execution Time (WCET) analysis problem. Existing approaches that precisely compute WCET suffer from state-space explosion. In this paper, we present a novel cache analysis technique for direct-mapped instruction caches with the same precision as the most precise techniques, while improving analysis time by up to 240 times. This improvement is achieved by analysing individual control points separately, and carrying out optimisations that are not possible with existing techniques

IASelect: finding best-fit agent practices in industrial CPS using graph databases

The ongoing fourth Industrial Revolution depends mainly on robust Industrial Cyber-Physical Systems (ICPS). ICPS includes computing (software and hardware) abilities to control complex physical processes in distributed industrial environments.Industrialagents,originatingfromthewell-established multi-agent systems field, provide complex and cooperative control mechanisms at the software level, allowing us to develop larger and more feature-rich ICPS. The IEEE P2660.1 standardisation project, ”Recommended Practices on Industrial Agents: Integration of Software Agents and Low Level Automation Functions” focuses on identifying Industrial Agent practices that can benefit ICPS systems of the future. A key problem within this project is identifying the best-fit industrial agent practices for a given ICPS. This paper reports on the design and development of a tool to address this challenge. This tool, called IASelect, is built using graph databases and provides the ability to flexibly and visually query a growing repository of industrial agent practices relevant to ICPS. IASelect includes a front-end that allows industry practitioners to interactively identify best-fit practices without having to write manual queries.info:eu-repo/semantics/publishedVersio

1 A Model Checking based Converter Synthesis Approach for Embedded Systems

Protocol conversion problem involves identifying whether two or more protocols can be composed with or without an intermediary, referred to as a converter, to obtain a pre-specified desired behavior. We investigate this problem in formal setting and propose, for the first time, a temporal logic based automatic solution to the convertibility verification and synthesis. At its core, our technique is based on local model checking technique and determines the existence of the converter and if a converter exists, it is automatically synthesized. A number of key features of our technique distinguishes it from all existing formal and/or informal techniques. Firstly, we handle both data and control mismatches (for the first time), using a single unifying model checking based solution. Secondly, the proposed approach uses temporal logic for the specification of correct behaviors (unlike earlier automaton based specifications) which is both elegant and natural to express event ordering and data-matching requirements. Finally, we have have experimented extensively with the examples available in the existing literature to evaluate the applicability of our technique in wide range of applications.

Kororā: A secure live virtual machine job migration framework for cloud systems integrity

The article introduces an innovative framework called Kororā, which aims to enhance the security and integrity of live virtual machine migration in a public cloud computing environment. The framework incorporates a trusted platform module to ensure the integrity of the migration process. It offers a new approach for virtual machine migration and has been specifically designed and implemented on a public infrastructure-as-a-service cloud platform.The primary research problem identified is the vulnerability of virtual machine instances to attacks during the live migration procedure. The evaluation used involves running the framework simultaneously on the same hardware components (such as I/O, CPU, and memory) and utilizing the same hypervisor's platform (Xen's open-source hypervisor). In addition, the security aspect of live migration is a crucial consideration due to the possibility of security threats across different area: data plane, control plane, and migration plane. Potential attackers may employ both passive and active attack techniques, putting the live migration at risk and resulting in a decline in performance. This poses a significant and alarming risk to the overall platform.To address the research gap, the Kororā framework emerged as a successful approach for achieving control-flow integrity by incorporating the Clark-Wilson security model proved effective in bridging the research gaps while maintaining system integrity. The primary achievement of this research is the introduction of the Kororā framework, which consists of seven agents operating within the Xen-privileged dom0 and establishing communication with the hypervisor. Overall, the finding indicate that the suggested framework offers an effective defence mechanism for moving a virtual machine from one host to another host with minimal disruption to normal operation with enhanced integrity

A Model Checking based Converter Synthesis Approach for Embedded Systems

Protocol conversion problem involves identifying whether two or more protocols can be composed with or without an intermediary, referred to as a converter, to obtain a pre-specified desired behavior. We investigate this problem in formal setting and propose, for the first time, a temporal logic based automatic solution to the convertibility verification and synthesis. At its core, our technique is based on local model checking technique and determines the existence of the converter and if a converter exists, it is automatically synthesized. A number of key features of our technique distinguishes it from all existing formal and/or informal techniques. Firstly, we handle both data and control mismatches (for the first time), using a single unifying model checking based solution. Secondly, the proposed approach uses temporal logic for the specification of correct behaviors (unlike earlier automaton based specifications) which is both elegant and natural to express event ordering and data-matching requirements. Finally, we have have experimented extensively with the examples available in the existing literature to evaluate the applicability of our technique in wide range of applications.</p

A Model Checking Approach to Protocol Conversion

Protocol conversion for mismatched protocols has been addressed in a number of formal and informal settings. However, existing solutions address this problem only partially. This paper develops the first on-thefly local approach to protocol conversion based on temporal logic model checking. The tableau-based approach verifies the existence of a converter, and if a converter exists, it is automatically synthesized. Our approach handles control and data mismatches under a single unifying framework. A NuSMV-based implementation has been developed and we provide results for some non-trivial protocol mismatch examples.