Game Theoretic-Based Approaches for Cybersecurity-Aware Virtual Machine Placement in Public Cloud Clusters

Allocating several Virtual Machines (VMs) onto a single server helps to increase cloud computing resource utilization and to reduce its operating expense. However, multiplexing VMs with different security levels on a single server gives rise to major VM-to-VM cybersecurity interdependency risks. In this paper, we address the problem of the static VM allocation with cybersecurity loss awareness by modeling it as a two-player zero-sum game between an attacker and a provider. We first obtain optimal solutions by employing the mathematical programming approach. We then seek to find the optimal solutions by quickly identifying the equilibrium allocation strategies in our formulated zero-sum game. We mean by "equilibrium" that none of the provider nor the attacker has any incentive to deviate from one's chosen strategy. Specifically, we study the characteristics of the game model, based on which, to develop effective and efficient allocation algorithms. Simulation results show that our proposed cybersecurity-aware consolidation algorithms can significantly outperform the commonly used multi-dimensional bin packing approaches for large-scale cloud data centers.

[1]  Vijay V. Vazirani,et al.  Approximation Algorithms , 2001, Springer Berlin Heidelberg.

[2]  Fei Teng,et al.  A New Game Theoretical Resource Allocation Algorithm for Cloud Computing , 2010, GPC.

[3]  Shrisha Rao,et al.  Resource Allocation in Cloud Computing Using the Uncertainty Principle of Game Theory , 2016, IEEE Systems Journal.

[4]  Yulong Zhang,et al.  Incentive Compatible Moving Target Defense against VM-Colocation Attacks in Clouds , 2012, SEC.

[5]  Rajkumar Buyya,et al.  Optimal online deterministic algorithms and adaptive heuristics for energy and performance efficient dynamic consolidation of virtual machines in Cloud data centers , 2012, Concurr. Comput. Pract. Exp..

[6]  Dimitris N. Chorafas Cloud Computing Strategies , 2010 .

[7]  Holger Karl,et al.  A Game-Theoretical Approach to the Benefits of Cloud Computing , 2011, GECON.

[8]  Jing Xu,et al.  Multi-Objective Virtual Machine Placement in Virtualized Data Center Environments , 2010, 2010 IEEE/ACM Int'l Conference on Green Computing and Communications & Int'l Conference on Cyber, Physical and Social Computing.

[9]  Christopher Leckie,et al.  Security Games for Virtual Machine Allocation in Cloud Computing , 2013, GameSec.

[10]  Ming Zhao,et al.  Game Theoretic Modeling of Security and Interdependency in a Public Cloud , 2014, 2014 IEEE 7th International Conference on Cloud Computing.

[11]  H. W. Gould,et al.  Combinatorial Identities for Stirling Numbers: The Unpublished Notes of H W Gould , 2015 .

[12]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[13]  Andrew P. Martin,et al.  Security-Aware Virtual Machine Allocation in the Cloud: A Game Theoretic Approach , 2015, 2015 IEEE 8th International Conference on Cloud Computing.

[14]  M. Dresher Games of Strategy: Theory and Applications , 2007 .

[15]  Gang Quan,et al.  Critical Workload Deployment in Public Clouds with Guaranteed Security Levels and Optimized Resource Usage and Energy Cost , 2018 .

[16]  Arun Venkataramani,et al.  Black-box and Gray-box Strategies for Virtual Machine Migration , 2007, NSDI.

[17]  Craig A. Tovey,et al.  Finding saddlepoints of two-person, zero sum games , 1988 .

[18]  Taskin Koçak,et al.  Smart Grid Technologies: Communication Technologies and Standards , 2011, IEEE Transactions on Industrial Informatics.

[19]  Rina Panigrahy,et al.  Heuristics for Vector Bin Packing , 2011 .

[20]  Andrew Chi-Chih Yao,et al.  Resource Constrained Scheduling as Generalized Bin Packing , 1976, J. Comb. Theory A.

[21]  Iain Dunning,et al.  JuMP: A Modeling Language for Mathematical Optimization , 2015, SIAM Rev..

[22]  J. Nash NON-COOPERATIVE GAMES , 1951, Classics in Game Theory.

[23]  Naixue Xiong,et al.  A game-theoretic method of fair resource allocation for cloud computing services , 2010, The Journal of Supercomputing.

[24]  Shaolei Ren,et al.  Workload Consolidation for Cloud Data Centers with Guaranteed QoS Using Request Reneging , 2017, IEEE Transactions on Parallel and Distributed Systems.

[25]  Malgorzata Steinder,et al.  A scalable application placement controller for enterprise data centers , 2007, WWW '07.