TY - GEN
T1 - A security-awareness virtual machine placement scheme in the cloud
AU - Yu, Si
AU - Gui, Xiaolin
AU - Tian, Feng
AU - Yang, Pan
AU - Zhao, Jianqiang
PY - 2014
Y1 - 2014
N2 - Recent work reveals that side channel attacks (SCA) can lead to leakage of user privacy in the cloud. Enhancing the isolation between users is an effective solution to eliminate the attacks. However, to achieve the stronger isolation, the existing schemes require the sophisticated decision making systems and specific monitoring systems, which may degrade the efficiency of the system. In this paper, to eliminate the SCA, we investigate the isolation enhancement from a novel perspective - VM placement. And the security-awareness VMs placement scheme (SVMPS) is proposed. In this scheme, we use the aggressive conflict of interest relation (ACIR) to describe the constraint relations for users, based on the Chinese wall policy, we put forward the isolation rules to formulate the VMs placement behavior, according to the isolation rules, we design the VMs placement solution calculated algorithm to enforce the VMs placement. The experimental results demonstrate that SVMPS is efficient in guaranteeing the isolation between conflict users, while the resource utilization rate decreases not too much.
AB - Recent work reveals that side channel attacks (SCA) can lead to leakage of user privacy in the cloud. Enhancing the isolation between users is an effective solution to eliminate the attacks. However, to achieve the stronger isolation, the existing schemes require the sophisticated decision making systems and specific monitoring systems, which may degrade the efficiency of the system. In this paper, to eliminate the SCA, we investigate the isolation enhancement from a novel perspective - VM placement. And the security-awareness VMs placement scheme (SVMPS) is proposed. In this scheme, we use the aggressive conflict of interest relation (ACIR) to describe the constraint relations for users, based on the Chinese wall policy, we put forward the isolation rules to formulate the VMs placement behavior, according to the isolation rules, we design the VMs placement solution calculated algorithm to enforce the VMs placement. The experimental results demonstrate that SVMPS is efficient in guaranteeing the isolation between conflict users, while the resource utilization rate decreases not too much.
KW - VM placement
KW - cloud computing
KW - isolation
KW - side channel attacks
KW - virtualization security
UR - https://www.scopus.com/pages/publications/84903995457
U2 - 10.1109/HPCC.and.EUC.2013.152
DO - 10.1109/HPCC.and.EUC.2013.152
M3 - 会议稿件
AN - SCOPUS:84903995457
SN - 9780769550886
T3 - Proceedings - 2013 IEEE International Conference on High Performance Computing and Communications, HPCC 2013 and 2013 IEEE International Conference on Embedded and Ubiquitous Computing, EUC 2013
SP - 1078
EP - 1083
BT - Proceedings - 2013 IEEE International Conference on High Performance Computing and Communications, HPCC 2013 and 2013 IEEE International Conference on Embedded and Ubiquitous Computing, EUC 2013
PB - IEEE Computer Society
T2 - 15th IEEE International Conference on High Performance Computing and Communications, HPCC 2013 and 11th IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, EUC 2013
Y2 - 13 November 2013 through 15 November 2013
ER -