Using Virtual Machine Allocation Policies to Defend against Co-Resident Attacks in Cloud Computing

Cloud computing enables users to consume various IT resources in an on-demand manner, and with low management overhead. However, customers can face new security risks when they use cloud computing platforms. In this paper, we focus on one such threat—the co-resident attack, where malicious users build side channels and extract private information from virtual machines co-located on the same server. Previous works mainly attempt to address the problem by eliminating side channels. However, most of these methods are not suitable for immediate deployment due to the required modifications to current cloud platforms. We choose to solve the problem from a different perspective, by studying how to improve the virtual machine allocation policy, so that it is difficult for attackers to co-locate with their targets. Specifically, we (1) define security metrics for assessing the attack; (2) model these metrics, and compare the difficulty of achieving co-residence under three commonly used policies; (3) design a new policy that not only mitigates the threat of attack, but also satisfies the requirements for workload balance and low power consumption; and (4) implement, test, and prove the effectiveness of the policy on the popular open-source platform OpenStack.

[1]  Michael K. Reiter,et al.  Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud , 2013, CCS.

[2]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[3]  Gui Xiaolin,et al.  Detecting VMs Co-residency in Cloud: Using Cache-based Side Channel Attacks , 2013 .

[4]  Rajkumar Buyya,et al.  CloudSim: a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning algorithms , 2011, Softw. Pract. Exp..

[5]  Long Wang,et al.  Towards an Understanding of Oversubscription in Cloud , 2012, Hot-ICE.

[6]  Yongji Wang,et al.  XenPump: A New Method to Mitigate Timing Channel in Cloud Computing , 2012, 2012 IEEE Fifth International Conference on Cloud Computing.

[7]  Yossi Azar,et al.  Co-Location-Resistant Clouds , 2014, IACR Cryptol. ePrint Arch..

[8]  James J. Filliben,et al.  An Efficient Sensitivity Analysis Method for Large Cloud Simulations , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[9]  Yi Han,et al.  Virtual machine allocation policies against co-resident attacks in cloud computing , 2014, 2014 IEEE International Conference on Communications (ICC).

[10]  Ruby B. Lee,et al.  New cache designs for thwarting software cache-based side channel attacks , 2007, ISCA '07.

[11]  Paul Brenner,et al.  Energy Efficient Virtual Machine Allocation in the Cloud An Analysis of Cloud Allocation Policies , 2011 .

[12]  Rajkumar Buyya,et al.  Energy-aware resource allocation heuristics for efficient management of data centers for Cloud computing , 2012, Future Gener. Comput. Syst..

[13]  Yulong Zhang,et al.  Improving Cloud Survivability through Dependency based Virtual Machine Placement , 2012, SECRYPT.

[14]  Jasbir S. Arora,et al.  Survey of multi-objective optimization methods for engineering , 2004 .

[15]  Michael M. Swift,et al.  Scheduler-based Defenses against Cross-VM Side-channels , 2014, USENIX Security Symposium.

[16]  Andrew Warfield,et al.  Live migration of virtual machines , 2005, NSDI.

[17]  Ramakrishna Gummadi,et al.  Determinating timing channels in compute clouds , 2010, CCSW '10.

[18]  Matti A. Hiltunen,et al.  An exploration of L2 cache covert channels in virtualized environments , 2011, CCSW '11.

[19]  Haibo Chen,et al.  Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W).

[20]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[21]  Ruby B. Lee,et al.  Covert and Side Channels Due to Processor Architecture , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[22]  Anna Cinzia Squicciarini,et al.  Detecting Malicious Co-resident Virtual Machines Indulging in Load-Based Attacks , 2013, ICICS.

[23]  Ryan Jansen,et al.  Energy efficient virtual machine allocation in the cloud , 2011, 2011 International Green Computing Conference and Workshops.

[24]  Peter Desnoyers,et al.  Scheduler Vulnerabilities and Coordinated Attacks in Cloud Computing , 2011, 2011 IEEE 10th International Symposium on Network Computing and Applications.

[25]  Yoshihiro Oyama,et al.  Load-based covert channels between Xen virtual machines , 2010, SAC '10.

[26]  Laurent Lefèvre,et al.  Energy Consumption Side-Channel Attack at Virtual Machines in a Cloud , 2011, 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing.

[27]  Yulong Zhang,et al.  Incentive Compatible Moving Target Defense against VM-Colocation Attacks in Clouds , 2012, SEC.

[28]  Christopher Leckie,et al.  Security Games for Virtual Machine Allocation in Cloud Computing , 2013, GameSec.

[29]  Sherali Zeadally,et al.  A survey and taxonomy on energy efficient resource allocation techniques for cloud computing systems , 2016, Computing.

[30]  Christopher Leckie,et al.  Analysing Virtual Machine Usage in Cloud Computing , 2013, 2013 IEEE Ninth World Congress on Services.

[31]  Kevin R. B. Butler,et al.  Detecting co-residency with active traffic analysis techniques , 2012, CCSW '12.

[32]  Xiaolin Gui,et al.  An approach with two-stage mode to detect cache-based side channel attacks , 2013, The International Conference on Information Networking 2013 (ICOIN).

[33]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[34]  Benjamin Farley,et al.  Resource-freeing attacks: improve your cloud performance (at your neighbor's expense) , 2012, CCS.

[35]  Michael K. Reiter,et al.  HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis , 2011, 2011 IEEE Symposium on Security and Privacy.

[36]  Bin Zhao,et al.  Understanding the effects of hypervisor I/O scheduling for virtual machine performance interference , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.

[37]  Hovav Shacham,et al.  Eliminating fine grained timers in Xen , 2011, CCSW '11.

[38]  Kevin R. B. Butler,et al.  On detecting co-resident cloud instances using network flow watermarking techniques , 2014, International Journal of Information Security.

[39]  Yongji Wang,et al.  Identification and Evaluation of Sharing Memory Covert Timing Channel in Xen Virtual Machines , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[40]  Thu D. Nguyen,et al.  Reducing electricity cost through virtual machine placement in high performance computing clouds , 2011, 2011 International Conference for High Performance Computing, Networking, Storage and Analysis (SC).

[41]  Jennifer Rexford,et al.  Eliminating the hypervisor attack surface for a more secure cloud , 2011, CCS '11.

[42]  Adi Shamir,et al.  Efficient Cache Attacks on AES, and Countermeasures , 2010, Journal of Cryptology.

[43]  Bernd Freisleben,et al.  Energy-Efficient Management of Virtual Machines in Eucalyptus , 2011, 2011 IEEE 4th International Conference on Cloud Computing.