Using Virtual Machine Allocation Policies to Defend against Co-Resident Attacks in Cloud Computing
Cloud computing enables users to consume various IT resources in an on-demand manner, and with low management overhead. However, customers can face new security risks when they use cloud computing platforms. In this paper, we focus on one such threat-the co-resident attack, where malicious users bui...
Gespeichert in:
| Veröffentlicht in: | IEEE transactions on dependable and secure computing 2017-01, Vol.14 (1), p.95-108 |
|---|---|
| Hauptverfasser: | , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 108 |
|---|---|
| container_issue | 1 |
| container_start_page | 95 |
| container_title | IEEE transactions on dependable and secure computing |
| container_volume | 14 |
| creator | Yi Han Chan, Jeffrey Alpcan, Tansu Leckie, Christopher |
| description | Cloud computing enables users to consume various IT resources in an on-demand manner, and with low management overhead. However, customers can face new security risks when they use cloud computing platforms. In this paper, we focus on one such threat-the co-resident attack, where malicious users build side channels and extract private information from virtual machines co-located on the same server. Previous works mainly attempt to address the problem by eliminating side channels. However, most of these methods are not suitable for immediate deployment due to the required modifications to current cloud platforms. We choose to solve the problem from a different perspective, by studying how to improve the virtual machine allocation policy, so that it is difficult for attackers to co-locate with their targets. Specifically, we (1) define security metrics for assessing the attack; (2) model these metrics, and compare the difficulty of achieving co-residence under three commonly used policies; (3) design a new policy that not only mitigates the threat of attack, but also satisfies the requirements for workload balance and low power consumption; and (4) implement, test, and prove the effectiveness of the policy on the popular open-source platform OpenStack. |
| doi_str_mv | 10.1109/TDSC.2015.2429132 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_crossref_primary_10_1109_TDSC_2015_2429132</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>7101258</ieee_id><sourcerecordid>4316974111</sourcerecordid><originalsourceid>FETCH-LOGICAL-c387t-5470b28614b6ae8f91780d694a9832d85d02cae0336006d3984add71e8ec1c083</originalsourceid><addsrcrecordid>eNp9kE1LxDAQhosoqKs_QLwEPHedyUeTHJf6CYqiu15LNslqtDZrkx7893ZZ8ehpBuZ534GnKE4Qpoigz-cXz_WUAoop5VQjozvFAWqOJQCq3XEXXJRCS9wvDlN6B6BcaX5QLBcpdK_kJfR5MC25N_YtdJ7M2jZak0PsyGNsgw0-kRzJhV_5zhHzakKXMqlj-eRTcL7LZJazsR-JhI7UbRzcePxcD3ksPyr2VqZN_vh3TorF1eW8vinvHq5v69ldaZmSuRRcwpKqCvmyMl6tNEoFrtLcaMWoU8IBtcYDYxVA5ZhW3Dgn0Stv0YJik-Js27vu49fgU27e49B348uGouS8EpTCfxQqiRVIKthI4ZayfUyp96tm3YdP0383CM1GeLMR3myEN7_Cx8zpNhO893-8REAqFPsBib16Vw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1871607253</pqid></control><display><type>article</type><title>Using Virtual Machine Allocation Policies to Defend against Co-Resident Attacks in Cloud Computing</title><source>IEEE Electronic Library (IEL)</source><creator>Yi Han ; Chan, Jeffrey ; Alpcan, Tansu ; Leckie, Christopher</creator><creatorcontrib>Yi Han ; Chan, Jeffrey ; Alpcan, Tansu ; Leckie, Christopher</creatorcontrib><description>Cloud computing enables users to consume various IT resources in an on-demand manner, and with low management overhead. However, customers can face new security risks when they use cloud computing platforms. In this paper, we focus on one such threat-the co-resident attack, where malicious users build side channels and extract private information from virtual machines co-located on the same server. Previous works mainly attempt to address the problem by eliminating side channels. However, most of these methods are not suitable for immediate deployment due to the required modifications to current cloud platforms. We choose to solve the problem from a different perspective, by studying how to improve the virtual machine allocation policy, so that it is difficult for attackers to co-locate with their targets. Specifically, we (1) define security metrics for assessing the attack; (2) model these metrics, and compare the difficulty of achieving co-residence under three commonly used policies; (3) design a new policy that not only mitigates the threat of attack, but also satisfies the requirements for workload balance and low power consumption; and (4) implement, test, and prove the effectiveness of the policy on the popular open-source platform OpenStack.</description><identifier>ISSN: 1545-5971</identifier><identifier>EISSN: 1941-0018</identifier><identifier>DOI: 10.1109/TDSC.2015.2429132</identifier><identifier>CODEN: ITDSCM</identifier><language>eng</language><publisher>Washington: IEEE</publisher><subject>Channels ; Cloud computing ; Cloud computing security ; co-resident attack ; Cybersecurity ; Data integrity ; Effectiveness studies ; Information technology ; Measurement ; Network security ; Open source software ; Operating systems ; Policies ; Power consumption ; Power demand ; Resource management ; Security ; security metrics modelling ; Servers ; Virtual environments ; virtual machine allocation policy ; Virtual machining</subject><ispartof>IEEE transactions on dependable and secure computing, 2017-01, Vol.14 (1), p.95-108</ispartof><rights>Copyright IEEE Computer Society Jan-Feb 2017</rights><rights>Copyright IEEE Computer Society 2017</rights><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c387t-5470b28614b6ae8f91780d694a9832d85d02cae0336006d3984add71e8ec1c083</citedby><cites>FETCH-LOGICAL-c387t-5470b28614b6ae8f91780d694a9832d85d02cae0336006d3984add71e8ec1c083</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/7101258$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,776,780,792,27901,27902,54733</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/7101258$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Yi Han</creatorcontrib><creatorcontrib>Chan, Jeffrey</creatorcontrib><creatorcontrib>Alpcan, Tansu</creatorcontrib><creatorcontrib>Leckie, Christopher</creatorcontrib><title>Using Virtual Machine Allocation Policies to Defend against Co-Resident Attacks in Cloud Computing</title><title>IEEE transactions on dependable and secure computing</title><addtitle>TDSC</addtitle><description>Cloud computing enables users to consume various IT resources in an on-demand manner, and with low management overhead. However, customers can face new security risks when they use cloud computing platforms. In this paper, we focus on one such threat-the co-resident attack, where malicious users build side channels and extract private information from virtual machines co-located on the same server. Previous works mainly attempt to address the problem by eliminating side channels. However, most of these methods are not suitable for immediate deployment due to the required modifications to current cloud platforms. We choose to solve the problem from a different perspective, by studying how to improve the virtual machine allocation policy, so that it is difficult for attackers to co-locate with their targets. Specifically, we (1) define security metrics for assessing the attack; (2) model these metrics, and compare the difficulty of achieving co-residence under three commonly used policies; (3) design a new policy that not only mitigates the threat of attack, but also satisfies the requirements for workload balance and low power consumption; and (4) implement, test, and prove the effectiveness of the policy on the popular open-source platform OpenStack.</description><subject>Channels</subject><subject>Cloud computing</subject><subject>Cloud computing security</subject><subject>co-resident attack</subject><subject>Cybersecurity</subject><subject>Data integrity</subject><subject>Effectiveness studies</subject><subject>Information technology</subject><subject>Measurement</subject><subject>Network security</subject><subject>Open source software</subject><subject>Operating systems</subject><subject>Policies</subject><subject>Power consumption</subject><subject>Power demand</subject><subject>Resource management</subject><subject>Security</subject><subject>security metrics modelling</subject><subject>Servers</subject><subject>Virtual environments</subject><subject>virtual machine allocation policy</subject><subject>Virtual machining</subject><issn>1545-5971</issn><issn>1941-0018</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2017</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNp9kE1LxDAQhosoqKs_QLwEPHedyUeTHJf6CYqiu15LNslqtDZrkx7893ZZ8ehpBuZ534GnKE4Qpoigz-cXz_WUAoop5VQjozvFAWqOJQCq3XEXXJRCS9wvDlN6B6BcaX5QLBcpdK_kJfR5MC25N_YtdJ7M2jZak0PsyGNsgw0-kRzJhV_5zhHzakKXMqlj-eRTcL7LZJazsR-JhI7UbRzcePxcD3ksPyr2VqZN_vh3TorF1eW8vinvHq5v69ldaZmSuRRcwpKqCvmyMl6tNEoFrtLcaMWoU8IBtcYDYxVA5ZhW3Dgn0Stv0YJik-Js27vu49fgU27e49B348uGouS8EpTCfxQqiRVIKthI4ZayfUyp96tm3YdP0383CM1GeLMR3myEN7_Cx8zpNhO893-8REAqFPsBib16Vw</recordid><startdate>20170101</startdate><enddate>20170101</enddate><creator>Yi Han</creator><creator>Chan, Jeffrey</creator><creator>Alpcan, Tansu</creator><creator>Leckie, Christopher</creator><general>IEEE</general><general>IEEE Computer Society</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>JQ2</scope></search><sort><creationdate>20170101</creationdate><title>Using Virtual Machine Allocation Policies to Defend against Co-Resident Attacks in Cloud Computing</title><author>Yi Han ; Chan, Jeffrey ; Alpcan, Tansu ; Leckie, Christopher</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c387t-5470b28614b6ae8f91780d694a9832d85d02cae0336006d3984add71e8ec1c083</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2017</creationdate><topic>Channels</topic><topic>Cloud computing</topic><topic>Cloud computing security</topic><topic>co-resident attack</topic><topic>Cybersecurity</topic><topic>Data integrity</topic><topic>Effectiveness studies</topic><topic>Information technology</topic><topic>Measurement</topic><topic>Network security</topic><topic>Open source software</topic><topic>Operating systems</topic><topic>Policies</topic><topic>Power consumption</topic><topic>Power demand</topic><topic>Resource management</topic><topic>Security</topic><topic>security metrics modelling</topic><topic>Servers</topic><topic>Virtual environments</topic><topic>virtual machine allocation policy</topic><topic>Virtual machining</topic><toplevel>online_resources</toplevel><creatorcontrib>Yi Han</creatorcontrib><creatorcontrib>Chan, Jeffrey</creatorcontrib><creatorcontrib>Alpcan, Tansu</creatorcontrib><creatorcontrib>Leckie, Christopher</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>ProQuest Computer Science Collection</collection><jtitle>IEEE transactions on dependable and secure computing</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Yi Han</au><au>Chan, Jeffrey</au><au>Alpcan, Tansu</au><au>Leckie, Christopher</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Using Virtual Machine Allocation Policies to Defend against Co-Resident Attacks in Cloud Computing</atitle><jtitle>IEEE transactions on dependable and secure computing</jtitle><stitle>TDSC</stitle><date>2017-01-01</date><risdate>2017</risdate><volume>14</volume><issue>1</issue><spage>95</spage><epage>108</epage><pages>95-108</pages><issn>1545-5971</issn><eissn>1941-0018</eissn><coden>ITDSCM</coden><abstract>Cloud computing enables users to consume various IT resources in an on-demand manner, and with low management overhead. However, customers can face new security risks when they use cloud computing platforms. In this paper, we focus on one such threat-the co-resident attack, where malicious users build side channels and extract private information from virtual machines co-located on the same server. Previous works mainly attempt to address the problem by eliminating side channels. However, most of these methods are not suitable for immediate deployment due to the required modifications to current cloud platforms. We choose to solve the problem from a different perspective, by studying how to improve the virtual machine allocation policy, so that it is difficult for attackers to co-locate with their targets. Specifically, we (1) define security metrics for assessing the attack; (2) model these metrics, and compare the difficulty of achieving co-residence under three commonly used policies; (3) design a new policy that not only mitigates the threat of attack, but also satisfies the requirements for workload balance and low power consumption; and (4) implement, test, and prove the effectiveness of the policy on the popular open-source platform OpenStack.</abstract><cop>Washington</cop><pub>IEEE</pub><doi>10.1109/TDSC.2015.2429132</doi><tpages>14</tpages></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | ISSN: 1545-5971 |
| ispartof | IEEE transactions on dependable and secure computing, 2017-01, Vol.14 (1), p.95-108 |
| issn | 1545-5971 1941-0018 |
| language | eng |
| recordid | cdi_crossref_primary_10_1109_TDSC_2015_2429132 |
| source | IEEE Electronic Library (IEL) |
| subjects | Channels Cloud computing Cloud computing security co-resident attack Cybersecurity Data integrity Effectiveness studies Information technology Measurement Network security Open source software Operating systems Policies Power consumption Power demand Resource management Security security metrics modelling Servers Virtual environments virtual machine allocation policy Virtual machining |
| title | Using Virtual Machine Allocation Policies to Defend against Co-Resident Attacks in Cloud Computing |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-14T08%3A57%3A23IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Using%20Virtual%20Machine%20Allocation%20Policies%20to%20Defend%20against%20Co-Resident%20Attacks%20in%20Cloud%20Computing&rft.jtitle=IEEE%20transactions%20on%20dependable%20and%20secure%20computing&rft.au=Yi%20Han&rft.date=2017-01-01&rft.volume=14&rft.issue=1&rft.spage=95&rft.epage=108&rft.pages=95-108&rft.issn=1545-5971&rft.eissn=1941-0018&rft.coden=ITDSCM&rft_id=info:doi/10.1109/TDSC.2015.2429132&rft_dat=%3Cproquest_RIE%3E4316974111%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1871607253&rft_id=info:pmid/&rft_ieee_id=7101258&rfr_iscdi=true |