Secure virtual machine placement in cloud data centers

Secure virtual machine placement in cloud data centers

Due to an increasing number of avenues for conducting cross-VM side-channel attacks, the security of multi-tenant public IaaS cloud environments is a growing concern. These attacks allow an adversary to steal private information from a target user whose VM instance is co-located with that of the adv...

Full description

Saved in:
Bibliographic Details
Main Authors: AGARWAL, Amit, TA, Nguyen Binh Duong
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2019
Subjects:
Data centers
Cloud security
Co-location attacks
Virtual machine placement
Computer Engineering
Software Engineering
Online Access:https://ink.library.smu.edu.sg/sis_research/4762
https://ink.library.smu.edu.sg/context/sis_research/article/5765/viewcontent/Agarwal_2019_Secure_virtual_machine_placement_in__1_.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:Due to an increasing number of avenues for conducting cross-VM side-channel attacks, the security of multi-tenant public IaaS cloud environments is a growing concern. These attacks allow an adversary to steal private information from a target user whose VM instance is co-located with that of the adversary. In this paper, we focus on secure VM placement algorithms which a cloud provider can use for the automatic enforcement of security against such co-location based attacks. To do so, we first establish a metric for evaluating and quantifying co-location security of multi-tenant public IaaS clouds, and then propose a novel VM placement algorithm called ‘‘Previously Co-Located Users First" which aims to reduce the probability of malicious VM co-location. Thereafter, we perform a theoretical and empirical analysis of our proposed algorithm to evaluate its efficiency and security. Our results, obtained using real-world cloud traces containing millions of VM requests and thousands of actual users, indicate that the proposed algorithm provides a significant increase in the cloud’s co-location resistance with little compromise in resource utilization, compared to existing approaches. We also explore the potential for cloud providers to leverage passive cache monitoring techniques as an additional security measure in order to automatically improve the co-location resistance provided by general VM placement algorithms.

Similar Items