ArticlePDF Available

Abstract and Figures

The concept of cloud computing has arisen thanks to academic work in the fields of utility computing, distributed computing, virtualisation, and web services. By using cloud computing, which can be accessed from anywhere, newly-launched businesses can minimise their start-up costs. Among the most important notions when it comes to the construction of cloud computing is virtualisation. While this concept brings its own security risks, these risks are not necessarily related to the cloud. The main disadvantage of using cloud computing is linked to safety and security. This is because anybody which chooses to employ cloud computing will use someone else's hard disk and CPU in order to sort and store data. In cloud environments, a great deal of importance is placed on guaranteeing that the virtual machine image is safe and secure. Indeed, a previous study has put forth a framework with which to protect the virtual machine image in cloud computing. As such, the present study is primarily concerned with confirming this theoretical framework so as to ultimately secure the virtual machine image in cloud computing. This will be achieved by carrying out interviews with experts in the field of cloud security.
Content may be subject to copyright.
www.astesj.com 44
Toward Confirming a Framework for Securing the Virtual Machine Image in Cloud Computing
Raid Khalid Hussein 1*, Ahmed Alenezi 1, 2, Hany F.Atlam 1, 3, Mohammed Q Mohammed 4, Robert J. Walters 1, Gary B. Wills 1
1 Electronic and Computer Science Dept., University of Southampton, SO17 1BJ, UK
2 Dept. of Computer Science, Faculty of Computing and Information Technology, Northern Border University, 1321, Saudi Arabia
3 Computer Science and Engineering Dept., Faculty of Electronic Engineering, Menoufia University, 32952, Egypt
4 Dept. of Computer Science, University of Information technology and communication, Bagdad, Iraq.
A R T I C L E I N F O
A B S T R A C T
Article history:
Received: 04 March, 2017
Accepted: 11 April, 2017
Online: 24 April, 2017
The concept of cloud computing has arisen thanks to academic work in the fields of utility
computing, distributed computing, virtualisation, and web services. By using cloud
computing, which can be accessed from anywhere, newly-launched businesses can
minimise their start-up costs. Among the most important notions when it comes to the
construction of cloud computing is virtualisation. While this concept brings its own security
risks, these risks are not necessarily related to the cloud. The main disadvantage of using
cloud computing is linked to safety and security. This is because anybody which chooses to
employ cloud computing will use someone else’s hard disk and CPU in order to sort and
store data. In cloud environments, a great deal of importance is placed on guaranteeing
that the virtual machine image is safe and secure. Indeed, a previous study has put forth a
framework with which to protect the virtual machine image in cloud computing. As such,
the present study is primarily concerned with confirming this theoretical framework so as
to ultimately secure the virtual machine image in cloud computing. This will be achieved
by carrying out interviews with experts in the field of cloud security.
Keywords:
Cloud Computing
Virtual Machine Image
Information Security
Virtualisation
1 Introduction
Recent times have seen a sudden increase in the number of
organisations adopting cloud computing; indeed, this growth has
brought about a 21st-century computing paradigm. As a type of
information technology, the cloud includes a number of internet-
based commercial applications; these applications exist because of
today’s greater bandwidth, thus giving present-day users the
chance to exploit the advantages offered by top-quality data
services and application software. Being scalable in nature, cloud
computing takes advantage of virtualisation to spread resources.
For those who use the cloud, of particular importance is a resource
base that houses numerous IT resources, the purpose of which is to
distribute computing assignments that necessitate a substantial
amount of processing capability. Surfers of the Web can easily ear-
mark online storage space, which they can then use to safely store
their data; indeed, they can also gain access to IT resources which
they can employ to manage and sort their information according to
their requirements. This paper builds on work which was originally
presented at the IEEE International Conference on Smart Cloud
2016 [1].
Cloud computing itself gives rise to a number of security issues
linked to resource scheduling, databases, virtualisation, load
balancing and networks [2]. Numerous organisations are of the
opinion that moving their sensitive data to central datacentres is
fraught with danger. This scepticism stems from the fact that the
management staff in charge of these datacentres might not be
trustworthy [3]. Switching databases to a datacentre involves many
security-related obstacles, e.g. access control issues, virtualisation
vulnerability, integrity and confidentiality [4].
Among the most vital elements of cloud computing is
virtualisation, which minimises the cost of hardware and supports
techniques used for saving energy [4]. Virtualisation can be broken
down into three types: application level virtualisation, operating
system level virtualisation, and Virtual Machine Monitor (VMM)
ASTESJ
ISSN: 2415-6698
* Raid Khalid Hussein, Flat 3 1 Alma road Southampton SO14 6UN,
00447466256351, Email: rkh2n14@soton.ac.uk
Advances in Science, Technology and Engineering Systems Journal Vol. 2, No. 4, 44-50 (2017)
www.astesj.com
R. K. Hussein et al. / Advances in Science, Technology and Engineering Systems Journal Vol. 2, No. 4, 44-50 (2017)
www.astesj.com 45
or hypervisor level virtualisation [5]. When one real-life machine
is used to run two different virtual machines, this might affect data
security, as these machines are not completely separated by the
virtualisation. Moreover, the Virtual Machine Monitor, or
hypervisor, has control, but not complete control, over the host and
its operating system (OS) [6].
Among the most important elements of cloud computing is
multi-tenancy. Indeed, while this is thought to be one of the most
beneficial components of cloud computing, it nevertheless poses a
threat to security, due to the fact that it spreads infrastructure
resources across different customers [7]. The hardware layer of
cloud computing contains no absolute separation, and thus various
breaches can materialise, such as unauthorised viewing, data
leakage, and theft of sensitive or confidential data [8].
Previous studies have put forth a security framework which can
be used to protect the Virtual Machine (VM) image in cloud
computing [1]. The present paper details exactly how the
conceptual framework has been confirmed through interviews
with experts in the field of cloud security. Indeed, this paper is
broken down into the following sections: Section 2 summarises the
concept of cloud computing, Section 3 explores concerns related
to cloud security, Section 4 examines related work, Section 5
details the research methodology used, Section 6 presents the
results and findings of the research, which are subsequently
discussed in Section 7, and Section 8 puts forth conclusions and
outlines plans for additional work in the future.
2 Cloud Computing
Recent times have witnessed the rapid development of
hardware, the introduction of distributed computing, and the
tremendous success of internet technologies. All of these factors
have made computing resources more powerful, cheaper and more
readily available than ever before [9]. Current developments in
hardware and software have ushered in a new computing model
called cloud computing. In the cloud, computing resources are
delivered to the users as services, just like public utilities.
Consumers of these resources can contract for the services based
on their needs, while the services can be scaled up or down as
necessary. The National Institute of Standards and Technology
(NIST) defines cloud computing as “a model for enabling
convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers, storage,
applications, and services) that can be rapidly provisioned and
released with minimal management effort or service provider
interaction” [10].
3 Cloud Security Issues
As concluded by the NIST, security is the primary concern
when it comes to delays in adopting cloud computing [11]. This is
because cloud computing has certain vulnerabilities which can
potentially affect the major foundations of information security.
These vulnerabilities are essentially weak points of the system that
could be taken advantage of by someone attempting to infiltrate
the cloud. Indeed, with the right tools, a person could gain illegal
access to these resources. When talking about a threat, the basic
premise is that an attacker could use unlawful means to gain access
to such resources [12]. Figure 1 summarises safety and security
concerns which are found in different areas of cloud computing.
When it comes to virtualisation, resources can be grouped together
or spread throughout numerous environments, namely Virtual
Machines (VM). A VM is defined as “A way of making a physical
computer function as if it were two or more computers where each
non-physical or virtualized computer (machine) is provided with
the same basic architecture as that of a generic physical computer.
Virtualization technology therefore allows the installation of an
operating system on hardware that does not really exist” [14]. An
OS is hosted by the VM [15], with the former representing the
virtualisation element which makes it possible for a guest OS to
run on a host computer [13].
A very handy feature of cloud computing, multi-tenancy can
be defined as “a property of a system where multiple customers,
so-called tenants, transparently share the system’s resources, such
as services, applications, databases, or hardware, with the aim of
lowering costs, while still being able to exclusively configure the
system to the needs of the tenant” [16]. Multi-tenancy can be
broken down into two categories: multiple instance and native
multi-tenancy. With regards multiple instance tenancy, each tenant
benefits from the services of a dedicated application instance from
a shared OS, hardware and middleware server in a hosted
environment. However, in relation to native multi-tenancy, one
instance of a program can provide service to several tenants across
numerous hosting resources. When looking at the Software as a
Service (SaaS) model, it is clear that multi-tenancy can be linked
to four varied software layers: the virtual layer, the application
layer, the OS layer, and the middleware layer [17].
With regards a multi-tenancy virtualised environment, every
user is assigned a VM that plays host to a guest OS. It is possible
that VMs belonging to different users will have identical real-life
resources as a result of resource pooling. The purpose of the VMM
is to orchestrate the VMs and makes it possible for the numerous
OS instances to function on the same physical hardware [18]. With
regards the multi-tenancy virtualised environment, certain security
elements have come into focus, such as VM isolation, which
pertains to guaranteeing that VMs that function on identical
physical hardware are kept apart from one another.
VMs may be transported (migrated) to various real-life hosts
a move which often occurs because of maintenance, load
balancing, and fault tolerance. It is possible that a VM which has
been transported may be infiltrated by an attacker and redistributed
to an infected VMM or unsteady server [19]. If essential, it is
possible to roll back VMs to a former state. This facility gives the
user a great deal of flexibility, but also gives rise to security
concerns; this is because, when it happens, the result may be a VM
being exposed once more to a vulnerability that had previously
been resolved [12]. In addition, it is plausible for a VM to escape
Network
level issues
Data Storage
level issues
Trusted level
issues
Virtualisation level Issues
VM isolation
VM rollback
VM escape
VM migration
VM sprawl
VM image sharing
Figure 1 Security issues in Cloud Computing
R. K. Hussein et al. / Advances in Science, Technology and Engineering Systems Journal Vol. 2, No. 4, 44-50 (2017)
www.astesj.com 46
from the control of the VVM. This kind of VM can give an attacker
the ability to access additional VMs in the same hardware, or
disable the VMM altogether [20]. Another issue, known as VM
sprawl, comes about when numerous VMs are being hosted by a
system, but the majority of said VMs are serving no purpose. This
situation can lead to a significant waste of the resources found
within the host machine [21].
Among the most common threats to the security of the cloud is
VM image sharing, simply because the image represents the initial
state for new VM instances [18]. Taking into consideration both
confidentiality and integrity is vital if the VM image is to be
secured; this is due to the fact that, if an attacker can gain
unauthorised access and is malicious, then said attacker can delete,
modify, and alter administrator passwords, or formulate malicious
VM instances. Another risk which certainly exists is non-
compliance and running unlicensed software [5].
4 Related Work
It is certainly true that virtualisation is vital when it comes to
cloud computing; however, it is also accompanied by various
security concerns. Of these issues, one of the most important is VM
image sharing, simply because the VM image is used to initialise
new VMs. Numerous studies have focused on ways in which to
secure the VM image. The Image Management System (IMS)
addresses four security requirements: outdated software detection,
access control, left ownersdata removal, and malware protection.
With this said, however, no attention is paid to privacy and
integrity [22]. The Encrypted Virtual Disk Images in Cloud
(EVDIC) tool looks at integrity, privacy, and access control; it does
so by means of encrypting the VM image when it finishes.
However, it is unable to detect outdated software or leftover
owners data removal [24]. Among other techniques to have been
proposed are those used to check for software updates in the VM
image [24, 25, 26]. These techniques are specifically utilised to
search for software updates in the VM image, but do not take into
account additional security requirements. Of these past studies,
none have addressed every single security requirement necessary
to safeguard the VM image in cloud computing. Hence, there is the
need for a new method with which to secure all elements of the
cloud-based VM image.
5 Research Methodology
This section describes the research methodology which was
used to confirm the framework and identify additional
requirements which are necessary in order to secure cloud
computing VM images, as shown in [1]. The initial framework,
shown in Figure 2, was derived from the literature review. A
review by cloud security experts was carried out to explore the
proposed framework and establish if any security requirements are
missing.
The method used was an expert review, which is a qualitative
approach. This form of research is used to gain an understanding
of underlying reasons, opinions and motivations in the research
area. It does not use statistical procedures or other means of
quantification [27]. For this work, interviews were conducted with
people who have in-depth knowledge of the subject under study
[28], although the method can also use group discussions or video
conferencing. This use of interviews permits the collection of valid
and reliable data that are relevant to the research and its objectives
[29]. The sample size requirements are based on an heuristic
evaluation, which often uses between three and five experts [30].
In order to achieve the aims of the present study, interviews
were carried out with a total of eight UK-based experts in the field
of cloud security. The semi-structured interviews consisted of a set
of questions that had been prepared in advance. The use of
semi-structured interviews means that, by also employing an
exploratory study, it is possible to understand the exact nature of
the topic at hand [31]. All of the respondents were selected as a
result of their expertise in the area under study.
Pilot-testing for the interview questions involved three security
research fellows at the University of Southampton. Following this
pre-test, the decision was taken to ask the respondents open
questions regarding the importance of every security requirement
and framework factor; this choice was a reversal of the original
plan to have respondents fill out a table indicating the importance
of said requirements and factors [28, 29]. Throughout the
interviews, experts were expected to respond in their own words,
with no possible answers suggested by the interviewer [33].
Interviews either took the form of face-to-face interaction, or
online Skype calls [34]; said interviews were recorded using an
audio recorder or by means of manual note-taking.
Prior to commencing the interviews, every expert was required
to sign a consent form after thoroughly reviewing the participant
information sheet, which presented all the necessary information,
including the terms and conditions of the research [32]. This study
was approved by The University of Southampton Ethics
Committee (reference number 22876).
Figure 2. Framework development process to secure the VM image in cloud
computing
6 Results and findings
The results are divided into two sections: Demographic
Information and Qualitative Data.
6.1 Demographic Information
The data were collected from eight cloud security experts in the
United Kingdom, all of whom were from different organisations.
R. K. Hussein et al. / Advances in Science, Technology and Engineering Systems Journal Vol. 2, No. 4, 44-50 (2017)
www.astesj.com 47
All the interviewees had at least three years’ experience dealing
with cloud security and virtualisation issues, and thus all had the
ability to understand and explain current security situations and
trends. The interviews were conducted either face-to-face or via
Skype video conferencing [34] between July and December 2016.
The audio conferencing was recorded using the QuickTime
recorder application. Face-to-face interviews were recorded using
the Apple voice memory application. Details of the experts used in
this study are presented in Table 1.
Table 1: Cloud security experts’ attributes used to validate the framework
Code
Job Description
Experience
(years)
Cloud involvement
A
Director of the IBM
Institute of Advanced
Security in Europe
17
Cloud policy
B
Cloud Systems
Administrator
10
Cloud Security Architect
C
Cloud Systems
Implementer
4
Cloud System
Administrator
D
Cloud Security
Administrator
6
Cloud System
Administrator
E
Cloud Security
Consultant
5
Direct advisory
involvement with cloud
implementation
F
Cloud Security
Consultancy
4
Direct advisory
involvement with cloud
implementation
G
Cloud Security
Consultancy
7
Cloud Security Consultant
H
Cloud Security
Officer
4
Link between Cloud
deployment & security
policies
6.2 Qualitative Data
The purpose of the expert interviews was to review the
identified security requirements and establish if there are more
security requirements not included in the framework. Before
interview questions were asked, each expert was given a brief
background of the research area and the aim of the study. After
the research had been outlined, five open-ended question were put
to the experts [35]. The first question asked the cloud security
experts about the importance of the identified security
requirements. The experts gave an opinion about each of the
requirements based on their expertise in the field. With regards the
next question, the identified security requirements were defined
according to the context of the study. The experts were asked to
explain the security requirements in the context of securing the VM
image. In the subsequent questions, they were asked whether there
are more security requirements not mentioned in the framework
and how they felt about the possibility of overlap or related factors.
Finally, the experts were asked if they have any other
methodologies or approaches to secure the VM image.
Most of the experts felt that the security requirements identified
in the framework are essential when it comes to securing the VM
image in cloud computing. The identified security requirements
are: privacy, integrity, availability, accountability, regulatory
compliance, encryption, authorisation, authentication, out-dated
software detection, malware protection, left owner’ data removal,
auditing and trust. However, Expert B felt that regulatory
compliance is irrelevant to the designed framework, while Expert
D opined that privacy and trust are not necessary when it comes to
securing the VM image.
Some of the experts did not agree fully with the definitions of
the security requirements that are discussed in [1], and added
additional details to the definitions. Most of the interviewed
experts agreed with the provided definition of privacy. However,
Experts B, D and E only partially agreed with this definition and
added more details. Expert B was of the opinion that privacy is
related to the data rather than the VM image itself. He stated that
“Privacy is about saved data not the VM image. The VM image
should be securely built”. Moreover, Expert D believed that
building a secure layer is sufficient to ensure the required security
for the VM image. He said that “Privacy is the layer where you
define or set policies to secure the VM image”. In contrast, Expert
E thought that different mechanisms, such as regulatory
compliance, are required to achieve privacy. He opined that “There
are other mechanisms used to ensure privacy like regulatory
compliance”.
The majority of the experts agreed with the provided definition
of auditing. However, Experts A and C only agreed partially with
this definition. Expert A believed that auditing is about keeping
track of the client’s access usage. He said, “Auditing is about
recording the usage/access of the user to the VM image”. Expert
C thought that auditing is related to storing processes that are
performed by the client during the access session to understand
what is happening in the system. He stated that “Audit is taking a
review of a system and an ongoing process to find out what is
happening to something”.
All the interviewed experts agreed with the provided definition
of accountability and regulatory compliance. However, Expert E
felt that internal compliance is essential and should be considered.
He posited that Internal compliance to reach a set of standards can
also be considered”. In contrast, Expert B believed that regulatory
compliance indirectly affects the security of VM. He was of the
opinion that keeping the operating system and anti-virus up-to-date
is necessary to ensure the regulatory compliance of the VM image.
He stated that “Regulatory compliance does not directly refer to
VM image but, it does so indirectly as it requires Operating System
and anti-virus to be to up-to-date”.
Most of the experts agreed with the provided definition of
encryption. However, Expert G only agreed partially with the
definition. He felt that authorised devices also needed to be
considered. All the interviewed experts agreed completely with the
provided definitions of authentication, integrity and availability.
They felt that there is no need for more details related to its
definition. Most of the interviewed experts agreed with the
provided definition of authorisation. However, Expert A
disagreed. He felt that setting the appropriate policies is the
essential element when it comes to ensuring efficient authorisation.
He stated that “Administrator typically sets the policies. They
define the policies for authorisation but, the process of the
authorisation is automated as it is a large complicated process”.
Moreover, Expert G believed that authorisation is an automated
process, thus meaning that the administrator is not dealing with
checking users’ rights. He stated that Authorisation is usually
driven out of permissions assigned to users or groups, not by
administrations checking customers’ right”. Many of the experts
agreed with the provided definition of out-dated software
detection. Conversely, Expert G disagreed with this definition to
some extent. He asked, “What about the software version of the
virtual hardware in the VM image itself?”. Expert A also disagreed
with this definition. He believed that the software update should be
against the versions of that particular software. Most of the experts
R. K. Hussein et al. / Advances in Science, Technology and Engineering Systems Journal Vol. 2, No. 4, 44-50 (2017)
www.astesj.com 48
supported the provided definition of malware protection. With this
said, however, Expert A only agreed with this definition to a
certain extent, adding that malware should be detected, blocked
and then removed from the VM image. Moreover, Expert E
disagreed, to some extent, with this definition, but added that “It is
a protective measure for detection, not a user removal. Proactive
protection as well as reactive”.
The majority of the experts agreed with the provided definition
of left-over data removal. However, Expert A mentioned that
personal data needed to be destroyed. Many of the interviewed
experts supported the definition of trust. However, Expert A
disagreed, to some extent, with this definition, though he
mentioned that trust is all about confidence and assurance in using
the VM image. He also mentioned that integrity of the VM image
is important and thus the VM image should not include bugs,
defects or malware.
After conducting the interviews with the cloud security experts,
the security requirements were reviewed and updated based on the
context for securing the VM image in cloud computing. The
definitions with which the interviewed experts agreed (as shown
in Figure 3), are listed below:
Privacy: Refers to a set of policies that is used mainly for
securing the data within the VM image [36], and these policies
must ensure that regulatory compliance is taken into
consideration.
Auditing: Relates to recording the usage or access of authorised
users to VM image resources, which helps to secure the VM
image. Audit is the systematic security review of the
information related to an organisation and how well it conforms
to a set of criteria [37].
Accountability: This is a measure of the amount of information
an authorised customer is using during his/her session. This
includes the quantity of data and time which is used to set
authorisation control [38].
Regulatory compliance: This refers to conformity to rules such
as policy, law, and specifications relevant to the business while
an organisation is working on the goal they wish to achieve.
Regulatory compliance sometimes does not refer to the VM
image itself, although it does refer to the operating system and
the need for anti-virus measures to be kept up to date.
Internally, it represents the set of polices specific to the
organisation or the project [39].
Encryption: A technique used to secure the shared data used by
authorised users and authorised devices in a shared
environment. In information systems, encryption is achieved
by converting the data to a form that can only be understood by
authorised people [40].
Authentication: The process of identifying the customer as one
authorised to use the cloud service. This is achieved by
comparing the file of authorised users’ information in the
database with credentials provided by the user [41].
Authorisation: This refers to the set of polices assigned by the
administrator, while the implementation of these polices is
automated [42].
Outdated software detection: Is the comparison of software
updates against the set of software versions within the VM
image [18].
Malware protection: Is a protective measure to detect, block
and remove malware from the VM image. It includes proactive
as well as reactive protection [26].
Leftover owner’s data removal: A technique used to promptly
remove authentication details, as well as personal and private
data from the VM image [22].
Trust: Is the confidence and assurance of using the VM image,
which belongs to a certain provider. In reality, it is the
confidence and assurance in the provider who provides the VM
image. The integrity of the VM image is important, and so the
VM image should not include bugs, defects or malware [43].
Integrity: This means that information remains unaltered while
it is stored or being transmitted, and can only be modified and
deleted by authorised users [44].
Availability: Availability means that information must be
available when it is needed. Systems with high availability
allow access to data all the time and prevent service disruptions
due to hardware failure, system upgrades, power outages,
power failure, and operating system or application problems
[45].
Figure 3. Security requirements agreed by security experts
All the experts agreed that the security framework designed to
secure the VM image in cloud computing is comprehensive, with
none of them adding more security requirements. Regarding
overlaps between the security requirements and other approaches
to securing the VM image, the majority of the experts did not
identify overlaps between the provided security requirements.
However, Expert G suggested that auditing could be substituted
for accountability. Moreover, Expert D suggested that
accountability is part of regulatory compliance, and so
accountability can be removed.
7 Discussion
The experts reviewed the proposed framework in order to
assess the importance of its factors. The majority of experts felt
that the identified security requirements are important. A thematic
analysis was used to examine themes within the interview results.
According to the theme coding, the proposed framework factors
are considered important when it comes to securing the VM image
in cloud computing.
Security
Framework
Outdated
Software
Detectio
nMalware
Protectio
n
Leftover
Owner's
data
removal
Trust
Integrity
Availabili
ty
Privacy Auditing
Accounta
biltity
Regulato
ry
Complian
ce
Encryptio
n
Authenti
cation
Authoriz
ation
R. K. Hussein et al. / Advances in Science, Technology and Engineering Systems Journal Vol. 2, No. 4, 44-50 (2017)
www.astesj.com 49
Expert B felt that regulatory compliance is not necessary to
secure the VM image in cloud computing. However, regulatory
compliance is one of the cloud control matrix components
published by cloud security alliance [46], and for this reason
regulatory compliance will be retained in the framework. Expert D
argued that privacy is not important, although Mazhar et al. [18]
identified privacy as an important requirement when it comes to
securing the VM image in cloud computing. Therefore, privacy
will also be retained in the framework. Similarly, although Expert
D claimed that trust is ineffective in terms of securing the VM
image in cloud computing, it is one of the cloud control matrix
components published by cloud security alliance [46], and so trust
is also retained in the framework. Regarding the overlap between
the provided security requirements, there was no unified opinion
among the experts in terms of whether there are overlaps between
the proposed frameworks of the security requirements. Hence,
none of the security requirements can be merged.
8 Conclusion and Future Work
As a brand-new processing paradigm, cloud computing leads
to greater efficiency, minimised cost, and gives organisations
round-the-clock access to a communal collection of resources and
services; moreover, little is required in the way of management. In
terms of elements which stand in the way of the adoption of cloud
computing, security is one of the main hindrances; this is due to
the fact that end-users’ data are kept on the server(s) of the service
provider. Discussion related to security issues has also taken into
consideration the various cloud layers, with every layer
accompanied by its own security problems. Of particular interest
here is the virtualisation layer; indeed, the issues originating from
this layer are among the most significant problems affecting the
security of both the application layer and the data storage layer. As
such, this study has put forth a framework focused on VM image
security; the aim of this framework is to protect the VM image
itself. Expert interviews were conducted in order to achieve the
aims of this study; interviewees were experts in the field of cloud
security. These interviews demonstrated that the theoretical
security framework is sufficient to protect the VM image in cloud
computing. Future work will involve questionnaires being
distributed to cloud practitioners so as to further confirm the merits
of the framework.
References
[1] R. K. Hussein, A. Alenezi, G. B. Wills, and R. J. Walters, “A Framework to
Secure the Virtual Machine Image in Cloud Computing,” 2016 IEEE Int.
Conf. Smart Cloud, pp. 3540, 2016.
[2] B. Hamlen, K., Kantarcioglu, M., Khan, L. and Thuraisingham,Security
Issues for Cloud Computing,” Proc. - 9th Int. Conf. Comput. Intell. Secur. CIS
2013, pp. 150162, 2012.
[3] M. a. AlZain, E. Pardede, B. Soh, and J. a. Thom, “Cloud computing security:
From single to multi-clouds,” Proc. Annu. Hawaii Int. Conf. Syst. Sci., pp.
54905499, 2011.
[4] T. Swathi, K. Srikanth, and S. R. Reddy, “Virtualization in Cloud
Computing,” Int. J. Comput. Sci. Mob. Comput., vol. 35, no. 5, pp. 540–546,
2014.
[5] C. Modi, D. Patel, B. Borisaniya, A. Patel, and M. Rajarajan, “A survey on
security issues and solutions at different layers of Cloud computing,” J.
Supercomput., vol. 63, no. 2, pp. 561592, 2013.
[6] S. Subashini and V. Kavitha, “A survey on security issues in service delivery
models of cloud computing,” J. Netw. Comput. Appl., vol. 34, no. 1, pp. 1–
11, 2011.
[7] S. K. Abd, R. T. Salih, and F. Hashim, “Cloud Computing Security Risks with
Authorization Access for Secure Multi-Tenancy Based on AAAS Protocol,”
IEEE Reg. 10 Conf. TENCON, pp. 15, 2015.
[8] H. Aljahdali, A. Albatli, P. Garraghan, P. Townend, L. Lau, and J. Xu, “Multi-
tenancy in cloud computing,” Proc. - IEEE 8th Int. Symp. Serv. Oriented Syst.
Eng. SOSE 2014, pp. 344351, 2014.
[9] Q. Zhang, L. Cheng, and R. Boutaba, “Cloud computing: State-of-the-art and
research challenges,” Journal of Internet Services and Applications, 2010.
[Online]. Available:
http://download.springer.com/static/pdf/652/art%253A10.1007%252Fs1317
4-010-0007
6.pdf?originUrl=http%3A%2F%2Flink.springer.com%2Farticle%2F10.1007
%2Fs13174-010-0007-
6&token2=exp=1455281249~acl=%2Fstatic%2Fpdf%2F652%2Fart%25253
A10.1007%25252Fs13174-010-000. [Accessed: 12-Feb-2016].
[10] B. P. Rimal, E. Choi, and I. Lumb, “A taxonomy and survey of cloud
computing systems,” NCM 2009 - 5th Int. Jt. Conf. INC, IMS, IDC, pp. 44
51, 2009.
[11] N. Kshetri, “Privacy and security issues in cloud computing: The role of
institutions and institutional evolution,” Telecomm. Policy, vol. 37, no. 4–5,
pp. 372386, 2013.
[12] K. Hashizume, D. Rosado, E. Fernández-Medina, and E. Fernandez, “An
analysis of security issues for cloud computing,” J. Internet Serv. Appl., vol.
4, no. 5, pp. 113, 2013.
[13] F. Sabahi, “Virtualization-level security in cloud computing,” in 2011 IEEE
3rd International Conference on Communication Software and Networks,
2011, pp. 250254.
[14] S. Carlin, “Cloud Computing Security,” Artif. Intell., vol. 3, no. March, pp.
1416, 2011.
[15] J. Recker, “Scientific Research in Information Systems,” Springer Link, 2013.
[16] J. Kabbedijk, C.-P. Bezemer, S. Jansen, and A. Zaidman, “Defining multi-
tenancy: A systematic mapping study on the academic and the industrial
perspective,” J. Syst. Softw., vol. 100, pp. 139–148, 2015.
[17] J. Espadas, A. Molina, G. Jim??nez, M. Molina, R. Ram??rez, and D. Concha,
“A tenant-based resource allocation model for scaling Software-as-a-Service
applications over cloud computing infrastructures,” Futur. Gener. Comput.
Syst., vol. 29, no. 1, pp. 273286, 2013.
[18] M. Ali, S. U. Khan, and A. V. Vasilakos, “Security in cloud computing:
Opportunities and challenges,” Inf. Sci. (Ny)., vol. 305, pp. 357383, 2015.
[19] F. Zhang and H. Chen, “Security-Preserving Live Migration of Virtual
Machines in the Cloud,” J. Netw. Syst. Manag., pp. 562–587, 2012.
[20] W. A. Jansen, “Cloud hooks: Security and privacy issues in cloud
computing,” Proc. Annu. Hawaii Int. Conf. Syst. Sci., no. iv, p. 42, 2011.
[21] K. Sunil Rao and P. Santhi Thilagam, “Heuristics based server consolidation
with residual resource defragmentation in cloud data centers,” Futur. Gener.
Comput. Syst., vol. 50, pp. 8798, 2015.
[22] J. Wei, X. Zhang, G. Ammons, V. Bala, and P. Ning, “Managing security of
virtual machine images in a cloud environment,” Proc. 2009 ACM Work.
Cloud Comput. Secur. - CCSW ’09, no. Vm, p. 91, 2009.
[23] M. Kazim, R. Masood, and M. A. Shibli, “Securing the virtual machine
images in Cloud computing,” SIN 2013 - Proc. 6th Int. Conf. Secur. Inf.
Networks, pp. 425428, 2013.
[24] R. Schwarzkopf, M. Schmidt, C. Strack, S. Martin, and B. Freisleben,
“Increasing virtual machine security in cloud environments,” J. Cloud
Comput. Adv. Syst. Appl., vol. 1, no. 1, p. 12, 2012.
[25] D. Jeswani, A. Verma, P. Jayachandran, and K. Bhattacharya, “ImageElves:
Rapid and reliable system updates in the cloud,” Proc. - Int. Conf. Distrib.
Comput. Syst., no. i, pp. 390399, 2013.
[26] K. Fan, D. Mao, Z. Lu, and J. Wu, “OPS: Offline patching scheme for the
images management in a secure cloud environment,” Proc. - IEEE 10th Int.
Conf. Serv. Comput. SCC 2013, pp. 587594, 2013.
[27] A. Strauss and J. Corbin, “Basics of Qualitative Research,” Basics of.
Qualitatice Research 2nd edition. pp. 314, 1990.
[28] E. C. Crn, “Qualitative Research Methods,” no. May, pp. 1–8, 2005.
R. K. Hussein et al. / Advances in Science, Technology and Engineering Systems Journal Vol. 2, No. 4, 44-50 (2017)
www.astesj.com 50
[29] A. Bolderston, “Conducting a research interview,” J. Med. Imaging Radiat.
Sci., vol. 43, pp. 6676, 2012.
[30] H. Sharp, Y. Rogers, and J. Preece, “Interaction design: beyond human-
computer interaction,” Book, vol. 11, p. 773, 2007.
[31] M. Saunders, P. Lewis, and A. Thornhill, Research methods for Business
Students, Fifth edit. 2009.
[32] Arlene Fink, The Survey Handbook, 2nd editio. 2003.
[33] J. G. Geer, “What Do Open-Ended Questions Measure?,” Public Opin. Q.,
vol. 52, no. 3, pp. 365371, 1988.
[34] V. Lo Iacono, P. Symonds, and D. H. K. Brown, “Skype as a tool for
qualitative research interviews,” Sociol. Res. Online, vol. 21, no. 2, 2016.
[35] U. Reja, K. L. Manfreda, V. Hlebec, and V. Vehovar, “Open-ended vs. Close-
ended Questions in Web Questionnaires,” Dev. Appl. Stat., vol. 19, pp. 159–
177, 2003.
[36] H. J. Smith, S. J. Milberg, and S. J. Burke, “Information Privacy: Measuring
Individuals’ Concerns about Organizational Practices,” Manag. Inf. Syst. Q.,
vol. 20, no. 2, pp. 167196, 1996.
[37] C. Wang, Q. Wang, K. Ren, and W. Lou, “Privacy-preserving public auditing
for data storage security in cloud computing,” Proc. - IEEE INFOCOM, 2010.
[38] V. Sekar and P. Maniatis, “Verifiable resource accounting for cloud
computing services,” Proc. 3rd ACM Work. Cloud Comput. Secur. Work.,
pp. 2126, 2011.
[39] K. Popovi and Z. Hocenski, Cloud computing security issues and
challenges,” no. March, pp. 344–349, 2010.
[40] J. N. Ortiz, “Functional Encryption : Definitions and Challenges Introdu ¸ c ˜
ao,” vol. 2, no. subaward 641, pp. 253–273, 2014.
[41] H. Chang and E. Choi, “User Authentication in Cloud
Computing\nUbiquitous Computing and Multimedia Applications,” vol. 151,
pp. 338342, 2011.
[42] D. Zissis and D. Lekkas, “Addressing cloud computing security issues,”
Futur. Gener. Comput. Syst., vol. 28, no. 3, pp. 583592, 2012.
[43] D. M. Rousseau, S. B. Sitkin, R. S. Burt, and C. Camerer, “Not so different
after all: A cross-discipline view of trust,” Acad. Manag. Rev., vol. 23, no. 3,
pp. 393404, 1998.
[44] R. Sandhu and S. Jajodia, “Integrity principles and mechanisms in database
management systems,” Comput. Secur., vol. 10, no. 5, pp. 413–427, 1991.
[45] Y. Cherdantseva and J. Hilton, “A Reference Model of Information Assurance
& Security,” 2013 Int. Conf. Availability, Reliab. Secur., pp. 546–555, 2013.
[46] Cloud Security Alliance, “Cloud Controls Matrix Working Group,” 2014.
[Online]. Available: https://cloudsecurityalliance.org/group/cloud-controls-
matrix/.
... Some researchers have come up with solutions to these security threats, for example, based on trusted computing, Yu et al. [27] combined trusted computing and cloud security by establishing TPM (short for Trusted Platform Module). Implementing a complete set of trusted systems for detecting and verifying VM identity information, Hussein et al. [28] proposed a framework to review and monitor the hard disk, CPU, and user data in the virtual machine image and protect the security of the virtual machine image in the cloud environment through an expert review method. Kansal et al. [29] proposed an early detection and isolation method called EDIP to mitigate insider attack behaviors. ...
... In this subsection, we compare VNGuarder with the existing related work [27][28][29][30], including the internal threat points of cloud system that different solutions focus on, whether they can monitor single node or multiple nodes of cloud platform, and whether they support behavior association tracking. e Functional Comparison shown in Table 4. ...
Article
Full-text available
Edge-assisted Internet of things applications often need to use cloud virtual network services to transmit data. However, the internal threats such as illegal management and configuration to cloud platform intentionally or unintentionally will lead to virtual network security problems such as malicious changes of user network and hijacked data flow. It will eventually affect edge-assisted Internet of things applications. We propose a virtual network internal threat detection method called VNGuarder in a cloud computing environment, which can effectively monitor whether the virtual network configuration of legitimate users under the IaaS cloud platform has been maliciously changed or destroyed by insiders. First, based on the life cycle of cloud virtual network services, we summarized two types of internal attacks involving illegal use of virtualization management tools and illegal invocation of virtual network-related processes. Second, based on normal behavior of tenants, a hierarchical trusted call correlation scheme is proposed to provide a basis for discovering that insiders illegally call virtualized management tools and virtual network-related processes on the controller node of the cloud platform or the network node and compute node. Third, a trace-enable mechanism combining real-time monitoring and log analysis is introduced. By collecting and recording the complete call process of virtual network management and configuration in the cloud platform, and comparing it with the result of the hierarchical trusted call correlation, abnormal operations can be reported to the tenants in time. Comprehensive simulation experiments on the Openstack platform show that VNGuarder can effectively detect illegal management and configuration of virtual networks by insiders without significantly affecting the creation time of tenant networks and the utilization of CPU and memory.
... 3DES uses a 64-bits block size and a 56-bits key size just like the DES, but it performs the same DES algorithm 3 times to every block of the data. The 3DES is definetely more secure than the DES, but it is vulnerable to brute force attack [19]. ...
... 3DES uses a 64-bits block size and a 56-bits key size just like the DES, but it performs the same DES algorithm 3 times to every block of the data. The 3DES is definetely more secure than the DES, but it is vulnerable to brute force attack [19]. ...
Article
The widespread presence of Corona virus (COVID-19) is causing organizations and individuals major economics downsizing. For this reason, This worldwide uncontrolled Epidemic has gained great attention on cryptocurrency applications. In such contexts, we foresee the future in terms of recognition and transactions based on contact less and touch less systems. We assume that BlockChain can help by avoiding physical contact from manually handling paperwork during this pandemic and after. This paper presents a brief review of the effects of COVID-19 on world finances. Then, we exhibit a comparative study of the asymmetric cryptography algorithms, while introducing BlockChain and its main application ’the Bitcoin’, and the influence of the corona on the expansion of these applications.
... IaaS provides and maintain a catalog that list the available virtual machines images (VMI). The VMI may include operating system like windows, Linux or Fedora and might contains other resources like applications that are created by organization such as database management system or application server [1]. There are some security issues associated with VMI in cloud computing that has harmful impact on the security of the cloud and might affect confidentiality, integrity or availability [2]. ...
... The safety in the IoT system should be considered since a device may work safely in normal use, but if the device is hacked, the attacker will try to manipulate the functionality of the device causing harm to objects controlled by the device or compromise people approaching into contact with it [47]. ...
Chapter
Full-text available
The Internet of Things (IoT) represents a revolution of the Internet which can connect nearly all environment devices over the Internet to share their data to create novel services and applications for improving our quality of life. Using cheap sensors, the IoT enables various devices and objects around us to be ad-dressable, recognizable and locatable. Although the IoT brought infinite benefits, it creates several challenges, especially in security and privacy. Handling these is-sues and ensuring security and privacy for IoT products and services must be a fundamental priority. Users need to trust IoT devices and related services are se-cure. Moreover, the IoT safety must be considered to prevent the IoT system and its components from causing an unacceptable risk of injury or a physical damage and at the same time considering social behaviour and ethical use of IoT technol-ogies to enable effective security and safety. This chapter provides a discussion of IoT security, privacy, safety and ethics. It starts by providing an overview of the IoT system, its architecture and essential characteristics. This is followed by dis-cussing IoT security challenges, requirements and best practices to protect IoT devices. The IoT privacy is also discussed by highlighting various IoT privacy threats and solutions to preserve privacy of IoT devices. The IoT safety, ethics, the need for the ethical design and challenges encountered are also discussed. In the end, smart cities are introduced as a case study to investigate various security threats and suggested solutions to maintain a good security level in a smart city.
... Validating the proposed risk estimation approach is essential to ensure its accuracy and acceptance. One of the most popular ways to validate a proposed technique is an expert review [40] . The use of the expert interviews allows collecting valid and reliable data that is related to the research to refine it in the light of opinions of well-qualified experts. ...
Article
The need to increase information sharing in the Internet of Things (IoT) applications made the risk-based access control model to be the best candidate for both academic and com- mercial organizations. Risk-based access control model carries out a security risk analysis on the access request by using IoT contextual information to provide access decisions dy- namically. Unlike current static access control approaches that are based on predefined policies and give the same result in different situations, this model provides the required flexibility to access system resources and works well in unexpected conditions and situa- tions of the IoT system. One of the main issues to implement this model is to determine the appropriate risk estimation technique that is able to generate accurate and realistic risk values for each access request to determine the access decision. Therefore, this paper pro- poses a risk estimation technique which integrates the fuzzy inference system with expert judgment to assess security risks of access control operations in the IoT system. Twenty IoT security experts from inside and outside the UK were interviewed to validate the proposed risk estimation technique and build the fuzzy inference rules accurately. The proposed risk estimation approach was implemented and simulated using access control scenarios of the network router. In comparison with the existing fuzzy techniques, the proposed technique has demonstrated it produces precise and realistic values in evaluating security risks of access control operations in the IoT context.
... Validating the proposed AdRBAC model is essential to ensure any implementation will be appropriate. One of the most popular ways to validate a model is through an expert review, which is a qualitative approach [43]. The use of the expert interviews permits the collection of valid and reliable data that are relevant to the research to refine it in the light of the opinions of well-qualified experts. ...
Article
Full-text available
The Internet of Things (IoT) has spread into multiple dimensions that incorporate different physical and virtual things. These things are connected together using different communication technologies to provide unlimited services. These services help not only to improve the quality of our daily lives, but also to provide a communication platform for increasing object collaboration and information sharing. Like all new technologies, the IoT has many security challenges that stand as a barrier to the successful implementation of IoT applications. These challenges are more complicated due to the dynamic and heterogeneous nature of IoT systems. However, authentication and access control models can be used to address the security issue in the IoT. To increase information sharing and availability, the IoT requires a dynamic access control model that takes not only access policies but also real-time contextual information into account when making access decisions. One of the dynamic features is the security risk. This paper proposes an Adaptive Risk-Based Access Control (AdRBAC) model for the IoT and discusses its validation using expert reviews. The proposed AdRBAC model conducts a risk analysis to estimate the security risk value associated with each access request when making an access decision. This model has four inputs/risk factors: user context, resource sensitivity, action severity and risk history. These risk factors are used to estimate a risk value associated with the access request to make the access decision. To provide the adaptive features, smart contracts will be used to monitor the user behaviour during access sessions to detect any malicious actions from the granted users. To validate and refine the proposed model, twenty IoT security experts from inside and outside the UK were interviewed. The experts have suggested valuable information that will help to specify the appropriate risk factors and risk estimation technique for implantation of the AdRBAC model.
Article
Nowadays, machine learning and deep learning algorithms are used in recent studies as active security techniques instead of traditional ones to secure the cloud environment based on pre-trained data. In this paper, a literature review on machine and deep learning based defences against attacks and security issues in cloud computing is provided. A taxonomy of all different types of attacks and threats as per cloud security alliance (CSA) layers; and the general defences against cloud attacks is shown in this review as well as the reasons hich let the traditional security techniques fail to satisfy the desired security level are discussed. Forty-two case studies are selected based on seven quality assessment standards and then, analyzed to answer seven research questions which help to protect cloud environments from various attacks, issues, and challenges. The analysis of case studies shows a description of the most common security issues in cloud; machine learning and deep learning models that are applied, datasets models, performance metrics, machine learning and deep learning based countermeasures and defences that are developed to prevent security issues. Finally, the future scope and open challenges in cloud computing security based on machine and deep learning are discussed as well.
Chapter
Blockchain technology is getting a growing attention from various organizations and researchers as it provides magical solutions to the problems associated with the classical centralized architecture. Blockchain, whether public or private, is a distributed ledger with the capability of maintaining the integrity of transactions by decentralizing the ledger among participating users. On the other hand, the Internet of Things (IoT) represents a revolution of the Internet which can connect nearly all environment devices over the Internet to share their data to create novel services and applications for improving our quality of life. Although the centralized IoT system provides countless benefits, it raises several challenges. Resolving these challenges can be done by integrating IoT with blockchain technology. To be prepared for the integration process, this chapter provides an overview of technical aspects of the blockchain and IoT. It started by reviewing blockchain technology and its main structure. Applications and challenges of the blockchain are also presented. This is followed by reviewing the IoT system by highlighting common architecture and essential characteristics. Various applications and challenges of the IoT system are also discussed.
Article
Full-text available
The cloud computing exhibits, remarkable potential to provide cost effective, easy to manage, elastic, and powerful resources on the fly, over the Internet. The cloud computing, upsurges the capabilities of the hardware resources by optimal and shared utilization. The above mentioned features encourage the organizations and individual users to shift their applications and services to the cloud. Even the critical infrastructure, for example, power generation and distribution plants are being migrated to the cloud computing paradigm. However, the services provided by third-party cloud service providers entail additional security threats. The migration of user’s assets (data, applications etc.) outside the administrative control in a shared environment where numerous users are collocated escalates the security concerns. This survey details the security issues that arise due to the very nature of cloud computing. Moreover, the survey presents the recent solutions presented in the literature to counter the security issues. Furthermore, a brief view of security vulnerabilities in the mobile cloud computing are also highlighted. In the end, the discussion on the open issues and future research directions is also presented.
Article
Full-text available
Software as a service is frequently offered in a multi-tenant style, where customers of the application and their end-users share resources such as software and hardware among all users, without necessarily sharing data. It is surprising that, with such a popular paradigm, little agreement exists with regard to the definition, domain, and challenges of multi-tenancy. This absence is detrimental to the research community and the industry, as it hampers progress in the domain of multi-tenancy and enables organizations and academics to wield their own definitions to further their commercial or research agendas.
Conference Paper
Full-text available
The convergence of virtualization with Cloud computing has brought many benefits to organizations including ease of deployment, reduced costs and high availability of resources over internet. Extensive research has been carried out to increase the security of Cloud virtualization environment. However, addressing the security concerns of disk images used by virtual machines is still an open challenge. Compromising the disk images can result in loss of data integrity and confidentiality. This paper proposes a novel security scheme "Encrypted Virtual Disk Images in Cloud (EVDIC)" for the protection of stored disk images in Cloud by encryption. EVDIC also includes the security of key management and key exchange process. We integrate EVDIC with OpenStack, which is an open source Cloud platform largely used around the world.
Conference Paper
Full-text available
Information Assurance & Security (IAS) is a dynamic domain which changes continuously in response to the evolution of society, business needs and technology. This paper proposes a Reference Model of Information Assurance & Security (RMIAS), which endeavours to address the recent trends in the IAS evolution, namely diversification and deperimetrisation. The model incorporates four dimensions: Information System Security Life Cycle, Information Taxonomy, Security Goals and Security Countermeasures. In addition to the descriptive knowledge, the RMIAS embeds the methodological knowledge. A case study demonstrate show the RMIAS assists with the development and revision of an Information Security Policy Document.
Conference Paper
Many cloud security complexities can be concerned as a result of its open system architecture. One of these complexities is multi-tenancy security issue. This paper discusses and addresses the most common public cloud security complexities focusing on Multi-Tenancy security issue. Multi-tenancy is one of the most important security challenges faced by public cloud services providers. Therefore, this paper presents a secure multi-tenancy architecture using authorization model Based on AAAS protocol. By utilizing cloud infrastructure, access control can be provided to various cloud information and services by our suggested authorization system. Each business can offer several cloud services. These cloud services can cooperate with other services which can be related to the same organization or different one. Moreover, these cooperation agreements are supported by our suggested system.
Article
Server Consolidation is one of the foremost concerns associated with the effective management of a Cloud Data Center as it has the potential to accomplish significant reduction in the overall cost and energy consumption. Most of the existing works on Server Consolidation have focused only on reducing the number of active physical servers (PMs) using Virtual Machine (VM) Live Migration. But, along with reducing the number of active PMs, if a consolidation approach reduces residual resource fragmentation, the residual resources can be efficiently used for new VM allocations, or VM reallocations, and some future migrations can also be reduced. None of the existing works have explicitly focused on reducing residual resource fragmentation along with reducing the number of active PMs to the best of our knowledge. We propose RFAware Server Consolidation, a heuristics based server consolidation approach which performs residual resource defragmentation along with reducing the number of active PMs in cloud data centers.
Conference Paper
Virtualization has significantly reduced the cost of creating a new virtual machine and cheap storage allows VMs to be turned down when unused. This has led to a rapid proliferation of virtual machine images, both active and dormant, in the data center. System management technologies have not been able to keep pace with this growth and the management cost of keeping all virtual machines images, active as well as dormant, updated is significant. In this work, we present ImageElves, a system to rapidly, reliably and automatically propagate updates (e.g., patches, software installs, compliance checks) in a data center. ImageElves analyses all target images and creates reliable image patches using a very small number of online updates. Traditionally, updates are applied by taking the application offline, applying updates, and then restoring the application, a process that is unreliable and has an unpredictable downtime. With ImageElves, we propose a two phase process. In the first phase, images are analyzed to create an update signature and update manifest. In the second phase, downtime is taken and the manifest is applied offline on virtual images in a parallel, reliable and automated manner. This has two main advantages, (i) spontaneously apply updates to already dormant VMs, and (ii) all updates following this process are guaranteed to work reliably leading to reduced and predictable downtimes. ImageElves uses three key ideas: (i) a novel per-update profiling mechanism to divide VMs into equivalence classes, (ii) a background logging mechanism to convert updates on live instances into patches for dormant images, and (iii) a cross-difference mechanism to filter system-specific or random information (e.g., host name, IP address), while creating equivalence classes. We evaluated the ability of ImageElves to speed up mix of popular system management activities and observed upto 80% smaller update times for active instances and upto 90% reduction in update time for dorma- t instances.