Publication Type

Journal Article

Version

acceptedVersion

Publication Date

11-2019

Abstract

Due to an increasing number of avenues for conducting cross-VM side-channel attacks, the security of multi-tenant public IaaS cloud environments is a growing concern. These attacks allow an adversary to steal private information from a target user whose VM instance is co-located with that of the adversary. In this paper, we focus on secure VM placement algorithms which a cloud provider can use for the automatic enforcement of security against such co-location based attacks. To do so, we first establish a metric for evaluating and quantifying co-location security of multi-tenant public IaaS clouds, and then propose a novel VM placement algorithm called ‘‘Previously Co-Located Users First" which aims to reduce the probability of malicious VM co-location. Thereafter, we perform a theoretical and empirical analysis of our proposed algorithm to evaluate its efficiency and security. Our results, obtained using real-world cloud traces containing millions of VM requests and thousands of actual users, indicate that the proposed algorithm provides a significant increase in the cloud’s co-location resistance with little compromise in resource utilization, compared to existing approaches. We also explore the potential for cloud providers to leverage passive cache monitoring techniques as an additional security measure in order to automatically improve the co-location resistance provided by general VM placement algorithms.

Keywords

Data centers, Cloud security, Co-location attacks, Virtual machine placement

Discipline

Computer Engineering | Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

Future Generation Computer Systems

Volume

100

First Page

210

Last Page

222

ISSN

0167-739X

Identifier

10.1016/j.future.2019.05.005

Publisher

Elsevier

Additional URL

https://doi.org/10.1016/j.future.2019.05.005

Download

Share

COinS