Trust-based grouping for cloud datacenters: Improving security in shared infrastructures

Cloud computing can offer virtually unlimited resources without any upfront capital investment through a payper-use pricing model. However, the shared nature of multitenant cloud datacenter networks enables unfair or malicious use of the intra-cloud network by tenants, allowing attacks against the privacy and integrity of data and the availability of resources. In this paper, we introduce a resource allocation strategy that increases the security of network resource sharing among tenant applications. The key idea behind the strategy is to group applications of mutually trusting users into virtual infrastructures (logically isolated domains composed of a set of virtual machines as well as the virtual network interconnecting them). This provides some level of isolation and higher security. However, the use of groups may lead to fragmentation and negatively affect resource utilization. We study the associated trade-off and feasibility of the proposed approach. Evaluation results show the benefits of our strategy, which is able to offer better network resource protection against attacks with low extra cost.

[1]  Jeffrey C. Mogul,et al.  SPAIN: COTS Data-Center Ethernet for Multipathing over Arbitrary Topologies , 2010, NSDI.

[2]  I. Stoica,et al.  FairCloud: sharing the network in cloud computing , 2011, CCRV.

[3]  George Varghese,et al.  Netshare and stochastic netshare: predictable bandwidth allocation for data centers , 2012, CCRV.

[4]  Vasileios Pappas,et al.  Improving the Scalability of Data Center Networks with Traffic-aware Virtual Machine Placement , 2010, 2010 Proceedings IEEE INFOCOM.

[5]  Di Xie,et al.  The only constant is change: incorporating time-varying network reservations in data centers , 2012, CCRV.

[6]  A. Rowstron,et al.  Towards predictable datacenter networks , 2011, SIGCOMM.

[7]  Jörg Widmer,et al.  TCP Friendly Rate Control (TFRC): Protocol Specification , 2003, RFC.

[8]  Antony I. T. Rowstron,et al.  The price is right: towards location-independent costs in datacenters , 2011, HotNets-X.

[9]  Jörg Widmer,et al.  TCP Friendly Rate Control (TFRC): Protocol Specification , 2008, RFC.

[10]  Anees Shaikh,et al.  CloudNaaS: a cloud networking platform for enterprise applications , 2011, SoCC.

[11]  Raouf Boutaba,et al.  Virtual Network Embedding with Coordinated Node and Link Mapping , 2009, IEEE INFOCOM 2009.

[12]  Meng Wang,et al.  Consolidating virtual machines with dynamic bandwidth demand in data centers , 2011, 2011 Proceedings IEEE INFOCOM.

[13]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[14]  Amin Vahdat,et al.  A scalable, commodity data center network architecture , 2008, SIGCOMM '08.

[15]  Michael K. Reiter,et al.  HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis , 2011, 2011 IEEE Symposium on Security and Privacy.

[16]  Dennis Abts,et al.  A guided tour of data-center networking , 2012, Commun. ACM.

[17]  Mark Handley,et al.  Datagram Congestion Control Protocol (DCCP) , 2006, RFC.

[18]  David Breitgand,et al.  Improving consolidation of virtual machines with risk-aware bandwidth oversubscription in compute clouds , 2012, 2012 Proceedings IEEE INFOCOM.

[19]  Albert G. Greenberg,et al.  VL2: a scalable and flexible data center network , 2009, SIGCOMM '09.

[20]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[21]  Huan Liu,et al.  A new form of DOS attack in a cloud and its avoidance mechanism , 2010, CCSW '10.

[22]  Helen J. Wang,et al.  SecondNet: a data center network virtualization architecture with bandwidth guarantees , 2010, CoNEXT.

[23]  Albert G. Greenberg,et al.  Sharing the Data Center Network , 2011, NSDI.

[24]  Nikos Tsikoudis,et al.  Adapting data-intensive workloads to generic allocation policies in cloud infrastructures , 2012, 2012 IEEE Network Operations and Management Symposium.

[25]  Lisandro Zambenedetti Granville,et al.  Data Center Network Virtualization: A Survey , 2013, IEEE Communications Surveys & Tutorials.

[26]  Albert G. Greenberg,et al.  The cost of a cloud: research problems in data center networks , 2008, CCRV.