Cloud Computing: Insider Attacks on Virtual Machines during Migration

The use of Virtual Machines (VMs) and Infrastructure-as-a-Service (IaaS) has risen dramatically and, according to Gartner, is set to continue rising with a compound annual growth rate predicted to be 41.7% over the four years to 2016. By using Cloud providers, organisations are reducing their capital expenditure on hardware, software and support, however, these same organisations are putting a great deal of trust in the provider offering a safe and secure platform for their data and resources. One of the biggest benefits of IaaS to the customer is the rapid elasticity of their provision. This elasticity can require relocation of a VM from one physical machine and / or one hypervisor to another. Whilst such migration is transparent and potentially seamless, it may also introduce vulnerability. We explore here the potential for a malicious insider to exploit vulnerabilities associated with mobile VMs to obtain large volumes of cloud-user data, and consider the possibility of detecting such attacks using current digital forensics and systems administration techniques.