A live migration strategy for virtual encryption card equipment

Abstract

With the popularity of virtualization technologies, virtualization security issues have been appeared, which greatly hampers the development of its further application. Bringing the encryption card to the virtual environment is a good idea to enforce the security of the virtual platform. However, due to the particularity of the encryption card equipment, there is some difficult to virtualize the encryption card equipment. One of the most important difficulties is supporting Live Migration. As for the first question that we must ensure the encryption task continuity when migrating a virtual encryption card, we propose the encryption field migration for the physical encryption card, which guarantees the continuity of virtualization encryption card. For the second problem that Live Migration of virtualization encryption card must be protected from any attack, this paper designs migration protocol to ensure the security. For the last problem that the encryption card live migration should not increase the migration time of virtual machine drastically, including total migration time and downtime, we separate the migration protocol to a different stage, and complete in the different stage of virtual machine migration. By this way, we decrease the influence of virtual machine migration time. The implement and results of experiments on Kernel-based Virtual Machine indicate that the proposed scheme is feasible in function and performance.