A Game Theoretical Approach to Defend Against Co-Resident Attacks in Cloud Computing: Preventing Co-Residence Using Semi-Supervised Learning

While cloud computing has facilitated easy and affordable access to IT resources, it has also introduced a wide range of security risks from almost every layer and component of cloud systems. In this paper, we focus on one risk at the virtual machine level and the co-resident attack, where by constructing various types of side channels, malicious users can obtain sensitive information from other virtual machines that co-locate on the same physical server. Most previous work has focused on the elimination of side channels, or more generally speaking, the possible countermeasures after attackers co-locate with their targets. In contrast, we provide a different perspective, and propose a defence mechanism that makes it difficult and expensive for attackers to achieve co-residence in the first place. Specifically, we first identify the potential differences between the behaviors of attackers and legal users. Second, we apply clustering analysis and semi-supervised learning techniques to classify users. Third, we model the problem as a two-player security game, and give a detailed analysis of the optimum strategies for both players. Finally, we demonstrate that the attacker's overall cost is increased dramatically by one-to-two orders of magnitude as a result of our defence mechanism.

[1]  Costel Sorin Cojocaru,et al.  Porous Alumina Template based Versatile and Controllable Direct Synthesis of Silicon nanowires , 2012 .

[2]  S. Sathiya Keerthi,et al.  Large scale semi-supervised linear SVMs , 2006, SIGIR.

[3]  Jennifer Rexford,et al.  Eliminating the hypervisor attack surface for a more secure cloud , 2011, CCS '11.

[4]  Michael K. Reiter,et al.  Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud , 2013, CCS.

[5]  Taesoo Kim,et al.  STEALTHMEM: System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud , 2012, USENIX Security Symposium.

[6]  Ramakrishna Gummadi,et al.  Determinating timing channels in compute clouds , 2010, CCSW '10.

[7]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[8]  Christopher Leckie,et al.  Using Virtual Machine Allocation Policies to Defend against Co-Resident Attacks in Cloud Computing , 2017, IEEE Transactions on Dependable and Secure Computing.

[9]  T. Başar,et al.  Dynamic Noncooperative Game Theory , 1982 .

[10]  Yongji Wang,et al.  XenPump: A New Method to Mitigate Timing Channel in Cloud Computing , 2012, 2012 IEEE Fifth International Conference on Cloud Computing.

[11]  Yossi Azar,et al.  Co-Location-Resistant Clouds , 2014, IACR Cryptol. ePrint Arch..

[12]  Yi Han,et al.  Virtual machine allocation policies against co-resident attacks in cloud computing , 2014, 2014 IEEE International Conference on Communications (ICC).

[13]  Adi Shamir,et al.  Efficient Cache Attacks on AES, and Countermeasures , 2010, Journal of Cryptology.

[14]  Gui Xiaolin,et al.  Detecting VMs Co-residency in Cloud: Using Cache-based Side Channel Attacks , 2013 .

[15]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[16]  Rajkumar Buyya,et al.  CloudSim: a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning algorithms , 2011, Softw. Pract. Exp..

[17]  Bernhard Schölkopf,et al.  Cluster Kernels for Semi-Supervised Learning , 2002, NIPS.

[18]  Michael M. Swift,et al.  Scheduler-based Defenses against Cross-VM Side-channels , 2014, USENIX Security Symposium.

[19]  Laurent Lefèvre,et al.  Energy Consumption Side-Channel Attack at Virtual Machines in a Cloud , 2011, 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing.

[20]  Matthew Green,et al.  The Threat in the Cloud , 2013, IEEE Security & Privacy.

[21]  Michael K. Reiter,et al.  HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis , 2011, 2011 IEEE Symposium on Security and Privacy.

[22]  Haibo Chen,et al.  Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W).

[23]  Xiaolin Gui,et al.  An approach with two-stage mode to detect cache-based side channel attacks , 2013, The International Conference on Information Networking 2013 (ICOIN).

[24]  Jaehyuk Huh,et al.  Architectural support for secure virtualization under a vulnerable hypervisor , 2011, 2011 44th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[25]  Christopher Leckie,et al.  Security Games for Virtual Machine Allocation in Cloud Computing , 2013, GameSec.

[26]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[27]  Michael M. Swift,et al.  A Placement Vulnerability Study in Multi-Tenant Public Clouds , 2015, USENIX Security Symposium.

[28]  Andrew McLennan,et al.  Gambit: Software Tools for Game Theory , 2006 .

[29]  Hans-Peter Kriegel,et al.  A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise , 1996, KDD.

[30]  Hovav Shacham,et al.  Eliminating fine grained timers in Xen , 2011, CCSW '11.

[31]  Anna Cinzia Squicciarini,et al.  Detecting Malicious Co-resident Virtual Machines Indulging in Load-Based Attacks , 2013, ICICS.

[32]  Tansu Alpcan,et al.  Network Security , 2010 .