Secure virtual machine placement in cloud data centers
Due to an increasing number of avenues for conducting cross-VM side-channel attacks, the security of multi-tenant public IaaS cloud environments is a growing concern. These attacks allow an adversary to steal private information from a target user whose VM instance is co-located with that of the adv...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2019
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/4762 https://ink.library.smu.edu.sg/context/sis_research/article/5765/viewcontent/Agarwal_2019_Secure_virtual_machine_placement_in__1_.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-5765 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-57652020-01-16T10:28:28Z Secure virtual machine placement in cloud data centers AGARWAL, Amit TA, Nguyen Binh Duong Due to an increasing number of avenues for conducting cross-VM side-channel attacks, the security of multi-tenant public IaaS cloud environments is a growing concern. These attacks allow an adversary to steal private information from a target user whose VM instance is co-located with that of the adversary. In this paper, we focus on secure VM placement algorithms which a cloud provider can use for the automatic enforcement of security against such co-location based attacks. To do so, we first establish a metric for evaluating and quantifying co-location security of multi-tenant public IaaS clouds, and then propose a novel VM placement algorithm called ‘‘Previously Co-Located Users First" which aims to reduce the probability of malicious VM co-location. Thereafter, we perform a theoretical and empirical analysis of our proposed algorithm to evaluate its efficiency and security. Our results, obtained using real-world cloud traces containing millions of VM requests and thousands of actual users, indicate that the proposed algorithm provides a significant increase in the cloud’s co-location resistance with little compromise in resource utilization, compared to existing approaches. We also explore the potential for cloud providers to leverage passive cache monitoring techniques as an additional security measure in order to automatically improve the co-location resistance provided by general VM placement algorithms. 2019-11-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4762 info:doi/10.1016/j.future.2019.05.005 https://ink.library.smu.edu.sg/context/sis_research/article/5765/viewcontent/Agarwal_2019_Secure_virtual_machine_placement_in__1_.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Data centers Cloud security Co-location attacks Virtual machine placement Computer Engineering Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Data centers Cloud security Co-location attacks Virtual machine placement Computer Engineering Software Engineering |
| spellingShingle |
Data centers Cloud security Co-location attacks Virtual machine placement Computer Engineering Software Engineering AGARWAL, Amit TA, Nguyen Binh Duong Secure virtual machine placement in cloud data centers |
| description |
Due to an increasing number of avenues for conducting cross-VM side-channel attacks, the security of multi-tenant public IaaS cloud environments is a growing concern. These attacks allow an adversary to steal private information from a target user whose VM instance is co-located with that of the adversary. In this paper, we focus on secure VM placement algorithms which a cloud provider can use for the automatic enforcement of security against such co-location based attacks. To do so, we first establish a metric for evaluating and quantifying co-location security of multi-tenant public IaaS clouds, and then propose a novel VM placement algorithm called ‘‘Previously Co-Located Users First" which aims to reduce the probability of malicious VM co-location. Thereafter, we perform a theoretical and empirical analysis of our proposed algorithm to evaluate its efficiency and security. Our results, obtained using real-world cloud traces containing millions of VM requests and thousands of actual users, indicate that the proposed algorithm provides a significant increase in the cloud’s co-location resistance with little compromise in resource utilization, compared to existing approaches. We also explore the potential for cloud providers to leverage passive cache monitoring techniques as an additional security measure in order to automatically improve the co-location resistance provided by general VM placement algorithms. |
| format |
text |
| author |
AGARWAL, Amit TA, Nguyen Binh Duong |
| author_facet |
AGARWAL, Amit TA, Nguyen Binh Duong |
| author_sort |
AGARWAL, Amit |
| title |
Secure virtual machine placement in cloud data centers |
| title_short |
Secure virtual machine placement in cloud data centers |
| title_full |
Secure virtual machine placement in cloud data centers |
| title_fullStr |
Secure virtual machine placement in cloud data centers |
| title_full_unstemmed |
Secure virtual machine placement in cloud data centers |
| title_sort |
secure virtual machine placement in cloud data centers |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2019 |
| url |
https://ink.library.smu.edu.sg/sis_research/4762 https://ink.library.smu.edu.sg/context/sis_research/article/5765/viewcontent/Agarwal_2019_Secure_virtual_machine_placement_in__1_.pdf |
| _version_ |
1770575024319627264 |