Issue No. 01 - Jan.-Feb. (2017 vol. 14)
Yi Han , Department of Computing and Information Systems, The University of Melbourne, Melbourne, Vic., Australia
Jeffrey Chan , School of Computer Science and Information Technology, RMIT University, Melbourne, Vic., Australia
Tansu Alpcan , Department of Electrical and Electronic Engineering, The University of Melbourne, Melbourne, Vic., Australia
Christopher Leckie , Department of Computing and Information Systems, The University of Melbourne, Melbourne, Vic., Australia
Cloud computing enables users to consume various IT resources in an on-demand manner, and with low management overhead. However, customers can face new security risks when they use cloud computing platforms. In this paper, we focus on one such threat—the co-resident attack, where malicious users build side channels and extract private information from virtual machines co-located on the same server. Previous works mainly attempt to address the problem by eliminating side channels. However, most of these methods are not suitable for immediate deployment due to the required modifications to current cloud platforms. We choose to solve the problem from a different perspective, by studying how to improve the virtual machine allocation policy, so that it is difficult for attackers to co-locate with their targets. Specifically, we (1) define security metrics for assessing the attack; (2) model these metrics, and compare the difficulty of achieving co-residence under three commonly used policies; (3) design a new policy that not only mitigates the threat of attack, but also satisfies the requirements for workload balance and low power consumption; and (4) implement, test, and prove the effectiveness of the policy on the popular open-source platform OpenStack.
Servers, Resource management, Security, Power demand, Virtual machining, Measurement, Cloud computing
Y. Han, J. Chan, T. Alpcan and C. Leckie, "Using Virtual Machine Allocation Policies to Defend against Co-Resident Attacks in Cloud Computing," in IEEE Transactions on Dependable and Secure Computing, vol. 14, no. 1, pp. 95-108, 2017.