Open Access
Subscription Access
Multi-Criteria Optimization Based VM Placement Strategy to Mitigate Co-Location Risks in Data Centers
Cloud providers generally run one or more Virtual Machine (VM) instances on the same physical machine. Though it increases data center utilization, it exposes VM to a co-location attack. VM placement and migration are the two strategies adopted for mitigating co-locations. Current methods for VM placement or VM migration consider only security as decision criteria and do not consider other factors like Quality-of-Service degradation, data center utilization, etc. This work proposes a placement and migration strategy for mitigation of co-location attacks with joint consideration of multi objectives like QoS, data center utilization, energy consumption, and security risks. A security-driven multi-criteria optimization -based VM placement policy is proposed. A joint consideration of multi - objective performance optimization along with co-location security risk minimization is done to design a novel VM placement policy based on user categorization. The policy can reduce the likelihood of co-location target VM with attacker VM without much degradation to the performance of VM and data center utilization. The solution mitigates co-location risks without much compromise to the performance of VM and data center resource utilization. The co-residence risk is mitigated by the categorization of users into three levels i.e. unlabeled, risky, and safe, and physical machines into two groups as safe and unsafe. The PMs available in data center is grouped into three different VM placement policies, they are undecided pool, safe pool and unsafe pool.
Keywords
Cloud security, VM migration, Mitigation of co- location, Data center utilization, Service degradation
User
Font Size
Information
- Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage, “Hey, you, get off of my cloud: exploring information leakage in thirdparty compute clouds,” Proceedings of the 16th ACM conference on Computer and communications security, pp. 199-212, 2009, DOI.org/10.1145/1653662.1653687.
- Yinqian Zhang, Ari Juels, Michael K. Reiter, Thomas Ristenpart, “Cross-vm side channels and their use to extract private keys”,Proceedings of the 2012 ACM conference on Computer and communications securitys, pp. 305-316,
- DOI.org/10.1145/2382196.2382230.
- Abid Shahzad, Alan Litchfield, “Virtualization Technology: Cross-VM Cache Side Channel Attacks make it Vulnerable”, Presented at the Australasian Conference on Information Systems, pp.1-16, 2016, DOI.org/10.48550/arXiv.1606.01356.
- Tianwei Zhang, Yinqian Zhang, Ruby B. Lee, “Memory dos attacks in multi-tenant clouds: severity and mitigation,” arXiv preprint: 1603.03404, 2016.
- Soo-jin Moon, Vyas Sekar, Michael K. Reiter, “Nomad: mitigating arbitrary cloud side channels via provider-assisted migration”,Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS '15), pp. 1595-1606, 2015,
- Doi.org/10.1145/2810103.2813706.
- Jingzheng Wu, Liping Ding, Yuqi Lin, Nasro Min-Allah, Yongji Wang, “Xenpump: a new method to mitigate timing channel in cloud computing”, IEEE Fifth International Conference on Cloud Computing (CLOUD '12), pp. 678--685, 2012, DOI: 10.1109/CLOUD.2012.28.
- Yinqian Zhang, Michael K. Reiter, “Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud”, Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (CCS '13), pp. 827-838, 2013,
- Doi.org/10.1145/2508859.2516741.
- Taesoo Kim, Marcus Peinado, Gloria Mainar-Ruiz, “Stealthmem: system-level protection against cache-based side channel attacks in the cloud”, Proceedings of the 21st USENIX conference on Security symposium (Security'12), pp. 189-204, 2012,
- Doi/10.5555/2362793.2362804.
- Michael Godfrey, Mohammad Zulkernine, “Preventing cache-based side-channel attacks in a cloud environment”, IEEE Transactions on Cloud Computing, volume. 2, no. 4, pp. 395-408, 2014.
- Adi Fuchs, Ruby B. Lee, “Disruptive prefetching: impact on sidechannel attacks and cache designs”, Proceedings of the 8th ACM International Systems and Storage Conference (SYSTOR '15), pp.1-12, 2015, DOI:10.1145/2757667.2757672
- Ashutosh Kumar Singh, Deepika Saxena, Jitendra Kumar, Vrinda Gupta, “A quantum approach towards the adaptive prediction of cloud workloads”, IEEE Transactions on Parallel and Distributed Systems, volume. 32, no. 12, pp. 2893-2905, 2021.
- Ashutosh Kumar Singh, Deepika Saxena, “A cryptography and machine learning based authentication for secure data-sharing in federated cloud services environment”, Journal of Applied Security Research, volume.
- , no.3, pp. 385-412, 2021.
- Thuan Duong-Ba, Tuan Tran, Thinh Nguyen, Bella Bose, “A dynamic virtual machine placement and migration scheme for data centers”, IEEE Transactions on Services Computing, volume. 14, no. 2, pp. 329341, 2021.
- Deepika Saxena, Ashutosh Kumar Singh, “Energy aware resource efficient-(EARE) server consolidation framework for cloud datacenter", Proceedings of ICACCT, Advances in Communication and
- Computational Technology pp. 1455-1464, 2021, DOI:10.1007/978981-15-5341-7_111.
- Deepika Saxena, Ashutosh Kumar Singh, “Communication cost aware resource efficient load balancing (CARE-LB) framework for cloud datacenter”, Recent Advances in Computer Science and
- Communications, volume. 14, no. 9, pp. 2920-2933, 2021.
- Deepika Saxena, Ashutosh Kumar Singh, "A proactive autoscaling and energy-efficient VM allocation framework using online multi-resource neural network for cloud data center", Neurocomputing, volume. 426, pp. 248-264, 2021.
- Xin Liang, Xiaolin Gui, Jian, A Jian, Dewang Ren, “Mitigating cloud co-resident attacks via grouping-based virtual machine placement strategy”, IEEE 36th International performance computing and communications conference (IPCCC), pp.1-8, 2017,
- DOI:10.1109/PCCC.2017.8280448.
- Amit Agarwal, Ta Nguyen Binh Duong, "Co- Location Resistant Virtual Machine Placement in Cloud Data Centers," IEEE 24th International conference on parallel and distributed systems (ICPADS), pp. 61-68,2018. DOI: 10.1109/PADSW.2018.8644849.
- Yuqin Qiu, Qingni Shen, Yang Luo, Cong Li , Zhonghai Wu,“A secure virtual machine deployment strategy to reduce co-residency in cloud,” IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 347– 354, 2017.
- DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.257
- Mouhebeddine Berrima, Aïcha Katajina Nasr, Narjes Ben Rajeb, “Colocation resistant strategy with full resources optimization,” in Proceedings of the 2016 ACM on Cloud Computing Security
- Workshop, pp. 3–10,2016, DOI.org/10.1145/2996429.2996435.
- Varun Natu, Ta Nguyen Binh Duong,“Secure virtual machine placement in infrastructure cloud services,” IEEE 10th Conference on Service-Oriented Computing and Applications (SOCA) pp. 26–33, 2017, DOI: 10.1109/SOCA.2017.12
- Yi Han, Jeffrey Chan, Tansu Alpcan,Christopher Leckie, “Using virtual machine allocation policies to defend against co-resident attacks in cloud computing”, IEEE Transactions on Dependable and Secure Computing, volume. 14, no. 1, pp. 95–108, 2017.
- Mansour Aldawood, Arshad Jhumka, Suhaib Fahmy, “Sit Here: Placing Virtual Machines Securely in Cloud Environments”, Proceedings of the 11th International Conference on Cloud Computing and Services Science - CLOSER, pp.248-259, 2021,
- DOI:10.5220/0010459202480259.
- Yi Han, Tansu Alpcan, Jeffrey Chan, Christopher Leckie, Benjamin I.
- P. Rubinstein, “A game theoretical approach to defend against coresident attacks in cloud computing: Preventing co-residence using semi-supervised learning”, IEEE Transactions on information Forensics and Security, volume.11,no.3,pp.556–570, 2015.
- Deepika Saxena, Ishu Gupta, Jitendra Kumar, Ashutosh Kumar Singh, Xiaoqing, “A Secure and Multi-objective Virtual Machine Placement Framework for Cloud Data Centre”, IEEE Systems Journal, volume.16, no.2, pp. 3163 – 3174,2021.
- Sakshi Chhabra,Ashutosh Kumar Singh, “A secure vm allocation scheme to preserve against co-resident threat”, International Journal of Web Engineering and Technology, volume. 15, no. 1, pp. 96–115, 2020.
- Vu Duc Long,Ta Nguyen Binh Duong,"Group Instance: Flexible CoLocation Resistant Virtual Machine Placement in IaaS Clouds",IEEE 29th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), pp. 64-69,2020. DOI: 10.1109/WETICE49692.2020.00021.
- Nguyen Binh Duong, Neha Pimpalkar, Handling Co-Resident Attacks: A Case for Cost-Efficient Dedicated Resource Provisioning. IEEE 11th International Conference on Cloud Computing (CLOUD), pp.849852,2018, DOI: 10.1109/CLOUD.2018.00119.
- David Siegmund, “The Sequential Probability Ratio Test” Sequential Analysis, Springer Series in Statistics book series (SSS), Chapter.2, pp.8-33, 1985.
- T. Padmavathy,R. Anitha, “An efficient virtual machine allocation using single stage weapon target assignment model in cloud softwaredefined network environment”, International Journal of communication systems, volume 35,no. 6, 2022.
Abstract Views: 220
PDF Views: 1