Dependence-aware modeling of multi-tenant attacks in cloud systems

IF 11 1区工程技术 Q1 ENGINEERING, INDUSTRIAL

Reliability Engineering & System Safety Pub Date : 2025-09-27 DOI:10.1016/j.ress.2025.111750

Yijia Li , Maochao Xu , Peng Zhao

{"title":"Dependence-aware modeling of multi-tenant attacks in cloud systems","authors":"Yijia Li , Maochao Xu , Peng Zhao","doi":"10.1016/j.ress.2025.111750","DOIUrl":null,"url":null,"abstract":"<div><div>Multi-tenant cloud systems are increasingly vulnerable to co-residency attacks, in which adversaries deploy attacker virtual machines (AVMs) to compromise service component versions (SCVs) colocated on shared physical servers. Conventional reliability models often assume independent SCV failures, overlooking dependencies arising from shared vulnerabilities or coordinated attacks. We introduce a dependence-aware probabilistic framework that explicitly models statistical dependence among SCV compromises via copula-based joint distributions, and incorporates various AVM placement policies (random, hash, affinity). We analyze how SCV dependence structure, the number of attacker accounts, and IDS detection sensitivity affect the overall corruption probability. The risk model is further embedded in a Stackelberg game between defender and attacker, incorporating budget and risk-cap constraints and various detection cost regimes. We prove equilibrium existence and compute optimal strategies via a Monte Carlo procedure. It is discovered that dependence significantly increases the risk of corruption. The probability of corruption can increase by up to 75% compared to the independence baseline, with non-overlapping confidence intervals across different copula families and placement policies. Equilibrium analysis shows that placement and cost structure jointly determine the optimal detection sensitivity. These results demonstrate how dependence modeling, placement realism, and operational constraints together shape cloud service resilience and defender strategy.</div></div>","PeriodicalId":54500,"journal":{"name":"Reliability Engineering & System Safety","volume":"266 ","pages":"Article 111750"},"PeriodicalIF":11.0000,"publicationDate":"2025-09-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Reliability Engineering & System Safety","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0951832025009500","RegionNum":1,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, INDUSTRIAL","Score":null,"Total":0}

引用次数: 0

Abstract

Multi-tenant cloud systems are increasingly vulnerable to co-residency attacks, in which adversaries deploy attacker virtual machines (AVMs) to compromise service component versions (SCVs) colocated on shared physical servers. Conventional reliability models often assume independent SCV failures, overlooking dependencies arising from shared vulnerabilities or coordinated attacks. We introduce a dependence-aware probabilistic framework that explicitly models statistical dependence among SCV compromises via copula-based joint distributions, and incorporates various AVM placement policies (random, hash, affinity). We analyze how SCV dependence structure, the number of attacker accounts, and IDS detection sensitivity affect the overall corruption probability. The risk model is further embedded in a Stackelberg game between defender and attacker, incorporating budget and risk-cap constraints and various detection cost regimes. We prove equilibrium existence and compute optimal strategies via a Monte Carlo procedure. It is discovered that dependence significantly increases the risk of corruption. The probability of corruption can increase by up to 75% compared to the independence baseline, with non-overlapping confidence intervals across different copula families and placement policies. Equilibrium analysis shows that placement and cost structure jointly determine the optimal detection sensitivity. These results demonstrate how dependence modeling, placement realism, and operational constraints together shape cloud service resilience and defender strategy.

查看原文本刊更多论文

云系统中多租户攻击的依赖感知建模

多租户云系统越来越容易受到共同驻留攻击，攻击者部署攻击者虚拟机（avm）来破坏共享物理服务器上的服务组件版本（scv）。传统的可靠性模型通常假设独立的SCV故障，忽略了由共享漏洞或协同攻击引起的依赖关系。我们引入了一个依赖感知的概率框架，该框架通过基于copula的联合分布显式地模拟了SCV妥协之间的统计依赖性，并结合了各种AVM放置策略（随机、散列、亲和）。我们分析了SCV依赖结构、攻击者账户数量和IDS检测灵敏度对整体损坏概率的影响。风险模型进一步嵌入到防御者和攻击者之间的Stackelberg博弈中，结合了预算和风险上限约束以及各种检测成本制度。通过蒙特卡罗方法证明了均衡的存在性，并计算了最优策略。研究发现，依赖显著增加了腐败的风险。与独立性基线相比，腐败的可能性可能增加高达75%，不同copula家庭和安置政策之间的置信区间不重叠。均衡分析表明，布局和成本结构共同决定了最优检测灵敏度。这些结果展示了依赖性建模、放置现实性和操作约束如何共同塑造云服务弹性和防御策略。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Reliability Engineering & System Safety 管理科学-工程：工业

CiteScore

15.20

自引率

39.50%

发文量

621

审稿时长

67 days

期刊介绍： Elsevier publishes Reliability Engineering & System Safety in association with the European Safety and Reliability Association and the Safety Engineering and Risk Analysis Division. The international journal is devoted to developing and applying methods to enhance the safety and reliability of complex technological systems, like nuclear power plants, chemical plants, hazardous waste facilities, space systems, offshore and maritime systems, transportation systems, constructed infrastructure, and manufacturing plants. The journal normally publishes only articles that involve the analysis of substantive problems related to the reliability of complex systems or present techniques and/or theoretical results that have a discernable relationship to the solution of such problems. An important aim is to balance academic material and practical applications.