Virtual machine migration is an essential capability that supports cloud service elasticity. However, there is a big concern on what happens to the security policy associated with the migrated machine. Recently, Software Defined Networking (SDN) has gained momentum in both research and industry. It has shown great potential to be used in cloud data centers, particularly for inter-domains migration of virtual machines. In this paper, we propose a novel framework, to be deployed in an SDN environment that coordinates the mobility of the associated security policy along with the migrated virtual machine.
We implemented our framework into a prototype application, called MigApp that runs on top of SDN controllers. Our application interacts with the virtual machine monitor and other instances of MigApp through messaging system to achieve security migration. In order to evaluate our framework, we integrate our application with the Floodlight controller and use it with a simulation environment.