Virtual machine allocation policies against co-resident attacks in cloud computing

While the services-based model of cloud computing makes more and more IT resources available to a wider range of customers, the massive amount of data in cloud platforms is becoming a target for malicious users. Previous studies show that attackers can co-locate their virtual machines (VMs) with target VMs on the same server, and obtain sensitive information from the victims using side channels. This paper investigates VM allocation policies and practical countermeasures against this novel kind of co-resident attack by developing a set of security metrics and a quantitative model. A security analysis of three VM allocation policies commonly used in existing cloud computing platforms reveals that the server's configuration, oversubscription and background traffic have a large impact on the ability to prevent attackers from co-locating with the targets. If the servers are properly configured, and oversubscription is enabled, the best policy is to allocate new VMs to the server with the most VMs. Based on these results, a new strategy is introduced that effectively decreases the probability of attackers achieving co-residence. The proposed solution only requires minor changes to current allocation policies, and hence can be easily integrated into existing cloud platforms to mitigate the threat of co-resident attacks.

[1]  Hovav Shacham,et al.  Eliminating fine grained timers in Xen , 2011, CCSW '11.

[2]  Haibo Chen,et al.  Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W).

[3]  Parv Venkitasubramaniam,et al.  Scheduling with privacy constraints , 2012, 2012 IEEE Information Theory Workshop.

[4]  Yongji Wang,et al.  XenPump: A New Method to Mitigate Timing Channel in Cloud Computing , 2012, 2012 IEEE Fifth International Conference on Cloud Computing.

[5]  Rajkumar Buyya,et al.  CloudSim: a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning algorithms , 2011, Softw. Pract. Exp..

[6]  Jianhua Li,et al.  Constructing the On/Off Covert Channel on Xen , 2012, 2012 Eighth International Conference on Computational Intelligence and Security.

[7]  Christopher Leckie,et al.  Security Games for Virtual Machine Allocation in Cloud Computing , 2013, GameSec.

[8]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[9]  Ramakrishna Gummadi,et al.  Determinating timing channels in compute clouds , 2010, CCSW '10.

[10]  Matti A. Hiltunen,et al.  An exploration of L2 cache covert channels in virtualized environments , 2011, CCSW '11.

[11]  Jaehyuk Huh,et al.  Architectural support for secure virtualization under a vulnerable hypervisor , 2011, 2011 44th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[12]  Jennifer Rexford,et al.  Eliminating the hypervisor attack surface for a more secure cloud , 2011, CCS '11.

[13]  Christopher Leckie,et al.  Analysing Virtual Machine Usage in Cloud Computing , 2013, 2013 IEEE Ninth World Congress on Services.

[14]  V. Chiang,et al.  Eucalyptus , 2008, Economic Botany.

[15]  Yongji Wang,et al.  Identification and Evaluation of Sharing Memory Covert Timing Channel in Xen Virtual Machines , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[16]  Yoshihiro Oyama,et al.  Load-based covert channels between Xen virtual machines , 2010, SAC '10.

[17]  Laurent Lefèvre,et al.  Energy Consumption Side-Channel Attack at Virtual Machines in a Cloud , 2011, 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing.

[18]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.