Secure Allocation for Graph-Based Virtual Machines in Cloud Environments

2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-12-13 DOI:10.1109/PST52912.2021.9647766

Mansour Aldawood, Arshad Jhumka

{"title":"Secure Allocation for Graph-Based Virtual Machines in Cloud Environments","authors":"Mansour Aldawood, Arshad Jhumka","doi":"10.1109/PST52912.2021.9647766","DOIUrl":null,"url":null,"abstract":"Cloud computing systems (CCSs) enable the sharing of physical computing resources through virtualisation, where a group of virtual machines (VMs) can share the same physical resources of a given machine. However, this sharing can lead to a so-called side-channel attack (SCA), widely recognised as a potential threat to CCSs. Specifically, malicious VMs can capture information from (target) VMs, i.e., those with sensitive information, by merely co-located with them on the same physical machine. As such, a VM allocation algorithm needs to be cognizant of this issue and attempts to allocate the malicious and target VMs onto different machines, i.e., the allocation algorithm needs to be security-aware. This paper investigates the allocation patterns of VM allocation algorithms that are more likely to lead to a secure allocation. A driving objective is to reduce the number of VM migrations during allocation. We also propose a graph-based secure VMs allocation algorithm (GbSRS) to minimise SCA threats. Our results show that algorithms following a stacking-based behaviour are more likely to produce secure VMs allocation than those following spreading or random behaviours.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"59 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 18th International Conference on Privacy, Security and Trust (PST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PST52912.2021.9647766","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Cloud computing systems (CCSs) enable the sharing of physical computing resources through virtualisation, where a group of virtual machines (VMs) can share the same physical resources of a given machine. However, this sharing can lead to a so-called side-channel attack (SCA), widely recognised as a potential threat to CCSs. Specifically, malicious VMs can capture information from (target) VMs, i.e., those with sensitive information, by merely co-located with them on the same physical machine. As such, a VM allocation algorithm needs to be cognizant of this issue and attempts to allocate the malicious and target VMs onto different machines, i.e., the allocation algorithm needs to be security-aware. This paper investigates the allocation patterns of VM allocation algorithms that are more likely to lead to a secure allocation. A driving objective is to reduce the number of VM migrations during allocation. We also propose a graph-based secure VMs allocation algorithm (GbSRS) to minimise SCA threats. Our results show that algorithms following a stacking-based behaviour are more likely to produce secure VMs allocation than those following spreading or random behaviours.

查看原文本刊更多论文

云环境下基于图的虚拟机的安全分配

云计算系统(CCSs)通过虚拟化实现物理计算资源的共享，一组虚拟机(vm)可以共享给定机器的相同物理资源。然而，这种共享可能导致所谓的侧信道攻击(SCA)，被广泛认为是对ccs的潜在威胁。具体来说，恶意虚拟机可以从(目标)虚拟机(即那些具有敏感信息的虚拟机)捕获信息，只需与它们共同位于同一物理机器上。因此，VM分配算法需要认识到这个问题，并尝试将恶意VM和目标VM分配到不同的机器上，即分配算法需要具有安全意识。本文研究了更可能导致安全分配的虚拟机分配算法的分配模式。驱动目标是在分配过程中减少VM迁移的数量。我们还提出了一种基于图的安全虚拟机分配算法(GbSRS)来最小化SCA威胁。我们的研究结果表明，遵循基于堆栈的行为的算法比遵循传播或随机行为的算法更有可能产生安全的vm分配。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 18th International Conference on Privacy, Security and Trust (PST)

自引率

0.00%

发文量