Mitigating cloud co-resident attacks via grouping-based virtual machine placement strategy

Xin Liang; Xiaolin Gui; A. N. Jian; Dewang Ren

doi:10.1109/PCCC.2017.8280448

Mitigating cloud co-resident attacks via grouping-based virtual machine placement strategy

Xin Liang
, Xiaolin Gui
, A. N. Jian
, Dewang Ren

Faculty of Electronic and Information Engineering

Xi'an Jiaotong University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

22 Scopus citations

Abstract

Security is one of the biggest concerns for the further adoption of Clouds. However, Cloud providers usually assign VMs leased by different customers upon the same physical server. Albeit maximizing resource efficiency, this cross-domain sharing poses a serious threat to customers' privacy concerns. A malicious VM could break or bypass the isolation mechanism and execute certain cross-VM attacks, such as side channel attacks or memory Dos attacks, etc. However, most of previous solutions are either attack-specific or unsuitable for immediate deployment, making the mitigation techniques for co-resident attacks still an important and worth-studying problem in cloud security. In this paper, we propose a novel grouping-based VM placement strategy to provide a secure optimization for existing VM placement policies. The theoretical analysis and simulation results show that our strategy decreases enormously the probability of co-residence while incurring only a slight loss on resource efficiency. The results also demonstrate that our strategy is significantly more effective in terms of both co-location resistance and resources efficiency, compared with the CLR policy.

Original language	English
Title of host publication	2017 IEEE 36th International Performance Computing and Communications Conference, IPCCC 2017
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1-8
Number of pages	8
ISBN (Electronic)	9781509064687
DOIs	https://doi.org/10.1109/PCCC.2017.8280448
State	Published - 2 Jul 2017
Event	36th IEEE International Performance Computing and Communications Conference, IPCCC 2017 - San Diego, United States Duration: 10 Dec 2017 → 12 Dec 2017

Publication series

Name	2017 IEEE 36th International Performance Computing and Communications Conference, IPCCC 2017
Volume	2018-January

Conference

Conference	36th IEEE International Performance Computing and Communications Conference, IPCCC 2017
Country/Territory	United States
City	San Diego
Period	10/12/17 → 12/12/17

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 8 Decent Work and Economic Growth
SDG 12 Responsible Consumption and Production

Keywords

Co-location resistance
Co-resident attacks
Group selection strategy
Grouping
Virtual machine placement strategy
cloud computing

Access to Document

10.1109/PCCC.2017.8280448

Cite this

Liang, X., Gui, X., Jian, A. N., & Ren, D. (2017). Mitigating cloud co-resident attacks via grouping-based virtual machine placement strategy. In 2017 IEEE 36th International Performance Computing and Communications Conference, IPCCC 2017 (pp. 1-8). (2017 IEEE 36th International Performance Computing and Communications Conference, IPCCC 2017; Vol. 2018-January). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/PCCC.2017.8280448

Liang, Xin ; Gui, Xiaolin ; Jian, A. N. et al. / Mitigating cloud co-resident attacks via grouping-based virtual machine placement strategy. 2017 IEEE 36th International Performance Computing and Communications Conference, IPCCC 2017. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 1-8 (2017 IEEE 36th International Performance Computing and Communications Conference, IPCCC 2017).

@inproceedings{02d7b38d185c4c8e94d76feec46e068a,

title = "Mitigating cloud co-resident attacks via grouping-based virtual machine placement strategy",

abstract = "Security is one of the biggest concerns for the further adoption of Clouds. However, Cloud providers usually assign VMs leased by different customers upon the same physical server. Albeit maximizing resource efficiency, this cross-domain sharing poses a serious threat to customers' privacy concerns. A malicious VM could break or bypass the isolation mechanism and execute certain cross-VM attacks, such as side channel attacks or memory Dos attacks, etc. However, most of previous solutions are either attack-specific or unsuitable for immediate deployment, making the mitigation techniques for co-resident attacks still an important and worth-studying problem in cloud security. In this paper, we propose a novel grouping-based VM placement strategy to provide a secure optimization for existing VM placement policies. The theoretical analysis and simulation results show that our strategy decreases enormously the probability of co-residence while incurring only a slight loss on resource efficiency. The results also demonstrate that our strategy is significantly more effective in terms of both co-location resistance and resources efficiency, compared with the CLR policy.",

keywords = "Co-location resistance, Co-resident attacks, Group selection strategy, Grouping, Virtual machine placement strategy, cloud computing",

author = "Xin Liang and Xiaolin Gui and Jian, \{A. N.\} and Dewang Ren",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 36th IEEE International Performance Computing and Communications Conference, IPCCC 2017 ; Conference date: 10-12-2017 Through 12-12-2017",

year = "2017",

month = jul,

day = "2",

doi = "10.1109/PCCC.2017.8280448",

language = "英语",

series = "2017 IEEE 36th International Performance Computing and Communications Conference, IPCCC 2017",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1--8",

booktitle = "2017 IEEE 36th International Performance Computing and Communications Conference, IPCCC 2017",

}

Liang, X, Gui, X, Jian, AN & Ren, D 2017, Mitigating cloud co-resident attacks via grouping-based virtual machine placement strategy. in 2017 IEEE 36th International Performance Computing and Communications Conference, IPCCC 2017. 2017 IEEE 36th International Performance Computing and Communications Conference, IPCCC 2017, vol. 2018-January, Institute of Electrical and Electronics Engineers Inc., pp. 1-8, 36th IEEE International Performance Computing and Communications Conference, IPCCC 2017, San Diego, United States, 10/12/17. https://doi.org/10.1109/PCCC.2017.8280448

Mitigating cloud co-resident attacks via grouping-based virtual machine placement strategy. / Liang, Xin; Gui, Xiaolin; Jian, A. N. et al.
2017 IEEE 36th International Performance Computing and Communications Conference, IPCCC 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 1-8 (2017 IEEE 36th International Performance Computing and Communications Conference, IPCCC 2017; Vol. 2018-January).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Mitigating cloud co-resident attacks via grouping-based virtual machine placement strategy

AU - Liang, Xin

AU - Gui, Xiaolin

AU - Jian, A. N.

AU - Ren, Dewang

PY - 2017/7/2

Y1 - 2017/7/2

N2 - Security is one of the biggest concerns for the further adoption of Clouds. However, Cloud providers usually assign VMs leased by different customers upon the same physical server. Albeit maximizing resource efficiency, this cross-domain sharing poses a serious threat to customers' privacy concerns. A malicious VM could break or bypass the isolation mechanism and execute certain cross-VM attacks, such as side channel attacks or memory Dos attacks, etc. However, most of previous solutions are either attack-specific or unsuitable for immediate deployment, making the mitigation techniques for co-resident attacks still an important and worth-studying problem in cloud security. In this paper, we propose a novel grouping-based VM placement strategy to provide a secure optimization for existing VM placement policies. The theoretical analysis and simulation results show that our strategy decreases enormously the probability of co-residence while incurring only a slight loss on resource efficiency. The results also demonstrate that our strategy is significantly more effective in terms of both co-location resistance and resources efficiency, compared with the CLR policy.

AB - Security is one of the biggest concerns for the further adoption of Clouds. However, Cloud providers usually assign VMs leased by different customers upon the same physical server. Albeit maximizing resource efficiency, this cross-domain sharing poses a serious threat to customers' privacy concerns. A malicious VM could break or bypass the isolation mechanism and execute certain cross-VM attacks, such as side channel attacks or memory Dos attacks, etc. However, most of previous solutions are either attack-specific or unsuitable for immediate deployment, making the mitigation techniques for co-resident attacks still an important and worth-studying problem in cloud security. In this paper, we propose a novel grouping-based VM placement strategy to provide a secure optimization for existing VM placement policies. The theoretical analysis and simulation results show that our strategy decreases enormously the probability of co-residence while incurring only a slight loss on resource efficiency. The results also demonstrate that our strategy is significantly more effective in terms of both co-location resistance and resources efficiency, compared with the CLR policy.

KW - Co-location resistance

KW - Co-resident attacks

KW - Group selection strategy

KW - Grouping

KW - Virtual machine placement strategy

KW - cloud computing

UR - https://www.scopus.com/pages/publications/85047408124

U2 - 10.1109/PCCC.2017.8280448

DO - 10.1109/PCCC.2017.8280448

M3 - 会议稿件

AN - SCOPUS:85047408124

T3 - 2017 IEEE 36th International Performance Computing and Communications Conference, IPCCC 2017

SP - 1

EP - 8

BT - 2017 IEEE 36th International Performance Computing and Communications Conference, IPCCC 2017

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 36th IEEE International Performance Computing and Communications Conference, IPCCC 2017

Y2 - 10 December 2017 through 12 December 2017

ER -

Liang X, Gui X, Jian AN, Ren D. Mitigating cloud co-resident attacks via grouping-based virtual machine placement strategy. In 2017 IEEE 36th International Performance Computing and Communications Conference, IPCCC 2017. Institute of Electrical and Electronics Engineers Inc. 2017. p. 1-8. (2017 IEEE 36th International Performance Computing and Communications Conference, IPCCC 2017). doi: 10.1109/PCCC.2017.8280448

Mitigating cloud co-resident attacks via grouping-based virtual machine placement strategy

Abstract

Publication series

Conference

UN SDGs

Keywords

Access to Document

Other files and links

Fingerprint

Cite this