Virtual machine allocation policies against co-resident attacks in cloud computing

Han, Y, Chan, J, Alpcan, T and Leckie, C 2014, 'Virtual machine allocation policies against co-resident attacks in cloud computing', in A. Jamalipour, D.-J. Deng (ed.) Proceedings of the IEEE International Conference on Communications, June 2014., Sydney, Australia, 10-14 June 2014, pp. 786-792.


Document type: Conference Paper
Collection: Conference Papers

Title Virtual machine allocation policies against co-resident attacks in cloud computing
Author(s) Han, Y
Chan, J
Alpcan, T
Leckie, C
Year 2014
Conference name IEEE International Conference on Communications, 2014
Conference location Sydney, Australia
Conference dates 10-14 June 2014
Proceedings title Proceedings of the IEEE International Conference on Communications, June 2014.
Editor(s) A. Jamalipour, D.-J. Deng
Publisher IEEE
Place of publication United States
Start page 786
End page 792
Total pages 7
Abstract While the services-based model of cloud computing makes more and more IT resources available to a wider range of customers, the massive amount of data in cloud platforms is becoming a target for malicious users. Previous studies show that attackers can co-locate their virtual machines (VMs) with target VMs on the same server, and obtain sensitive information from the victims using side channels. This paper investigates VM allocation policies and practical countermeasures against this novel kind of co-resident attack by developing a set of security metrics and a quantitative model. A security analysis of three VM allocation policies commonly used in existing cloud computing platforms reveals that the server's configuration, oversubscription and background traffic have a large impact on the ability to prevent attackers from co-locating with the targets. If the servers are properly configured, and oversubscription is enabled, the best policy is to allocate new VMs to the server with the most VMs. Based on these results, a new strategy is introduced that effectively decreases the probability of attackers achieving co-residence. The proposed solution only requires minor changes to current allocation policies, and hence can be easily integrated into existing cloud platforms to mitigate the threat of co-resident attacks.
Subjects Computer System Security
DOI - identifier 10.1109/ICC.2014.6883415
Copyright notice © 2014 IEEE
ISBN 9781479920037
Versions
Version Filter Type
Citation counts: Scopus Citation Count Cited 16 times in Scopus Article | Citations
Altmetric details:
Access Statistics: 170 Abstract Views  -  Detailed Statistics
Created: Tue, 21 Apr 2015, 08:20:00 EST by Catalyst Administrator
© 2014 RMIT Research Repository • Powered by Fez SoftwareContact us