Secure VM migration in tactical cloudlets

Abstract

Tactical cloudlets are forward-deployed, discoverable, virtual-machine-based servers that can be hosted on vehicles or other platforms to provide a computation offload and data staging infrastructure for mobile devices in the field. Because of the mobility of cloudlets in the field, as well as dynamic missions, a mobile user of a cloudlet might need to migrate active capabilities (computation and data) to another trusted cloudlet. A common solution for establishing trust between two nodes is to create and share credentials in advance, and then use a third-party, online trusted authority to validate the credentials of the nodes. However, the characteristics of tactical environments do not consistently provide access to that third-party authority or certificate repository because they are DIL environments (disconnected, intermittent, limited). The goal of this paper is to present a solution for secure VM migration between tactical cloudlets based on secure key generation and exchange in the field.