research-article

Co-location Resistant Strategy with Full Resources Optimization

Authors:

Mouhebeddine Berrima,

Aïcha Katajina Nasr,

Narjes Ben RajebAuthors Info & Claims

CCSW '16: Proceedings of the 2016 ACM on Cloud Computing Security Workshop

Pages 3 - 10

https://doi.org/10.1145/2996429.2996435

Published: 28 October 2016 Publication History

Abstract

In the public clouds, an adversary can co-locate his or her virtual machines (VMs) with others on the same physical servers to start an attack against the integrity, confidentiality or availability. The one important factor to decrease the likelihood of this co-location attack is the VMs placement strategy. However, a co-location resistant strategy will compromise the resources optimization of the cloud providers. The tradeoff between security and resources optimization introduces one of the most crucial challenges in the cloud security. In this work we propose a placement strategy allowing the decrease of co-location rate by compromising the VM startup time instead of the optimization of resources. We give a mathematical analysis to quantify the co-location resistance. The proposed strategy is evaluated against the abusing placement locality, where the attack and target VMs are launched simultaneously or within a short time window. Referring to EC2 placement strategy, the best co-location resistant strategy out of the existing public cloud providers strategies, our strategy decreases enormously the co-location attacks with a slight VM startup delay (relatively to the actual VM startup delay in the public cloud providers).

References

[1]

Amazon usage estimates. http://www.rightscale.com/blog/cloud-industry-insights/amazon-usage-estimates. Accessed: 2016-07-23.

[2]

Rightscale 2015 state of the cloud report. http://www.rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2015-state-cloud-survey. Accessed: 2016-07-23.

[3]

Z. Afoulki and J. Rouzaud-Cornabas. A security-aware scheduler for virtual machines on Iaas clouds. Technical report, University of Orleans, 2011.

[4]

Y. Azar, S. Kamara, I. Menache, M. Raykova, and B. Shepard. Co-location-resistant clouds. In Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing Security, CCSW '14, pages 9--20. ACM, 2014.

Digital Library

[5]

A. Beloglazov and R. Buyya. Optimal online deterministic algorithms and adaptive heuristics for energy and performance efficient dynamic consolidation of virtual machines in cloud data centers. Concurr. Comput.: Pract. Exper., 24(13):1397--1420, 2012.

Digital Library

[6]

N. Bobroff, A. Kochut, and K. Beaty. Dynamic placement of virtual machines for managing sla violations. In Proceedings of 10th IFIP/IEEE International Symposium on Integrated Network Management.

[7]

G. Dósa and J. Sgall. First Fit bin packing: A tight analysis. In 30th International Symposium on Theoretical Aspects of Computer Science, STACS 2013, pages 538--549. Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik, 2013.

[8]

Digital Pwer Group. The cloud begins with coal -- big data, big networks, big infrastructure, and big power. 2013.

[9]

Y. Han, J. chan, T. Alpcan, and C. Leckie. Virtual machine allocation policies against co-resident attacks in cloud computing. In Proceedings of the 2014 IEEE International Conference on Communications, ICC'14, pages 786 -- 792. IEEE, 2014.

[10]

Z.Á. Mann. Allocation of virtual machines in cloud data centers--a survey of problem models and optimization algorithms. ACM Comput. Surv., 48(1):11:1--11:34, 2015.

Digital Library

[11]

M. Mao and M. Humphrey. A performance study on the vm startup time in the cloud. In Proceedings of the 2012 IEEE Fifth International Conference on Cloud Computing, CLOUD '12, pages 423--430. IEEE Computer Society, 2012.

Digital Library

[12]

F.L. Pires and B. Barán. Virtual machine placement literature review. CoRR, 2015.

[13]

T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS '09, pages 199--212. ACM, 2009.

Digital Library

[14]

Daniel D. Sleator and Robert E. Tarjan. Amortized efficiency of list update and paging rules. Commun. ACM, 28(2):202--208, 1985.

Digital Library

[15]

V. Varadarajan, Y. Zhang, T. Ristenpart, and M. Swift. A placement vulnerability study in multi-tenant public clouds. In Proceedings of the 24th USENIX Conference on Security Symposium, SEC'15, pages 913--928. USENIX Association, 2015.

Digital Library

[16]

A. Verma, P. Ahuja, and A. Neogi. pmapper: Power and migration cost aware application placement in virtualized systems. In Proceedings of the 9th ACM/IFIP/USENIX International Conference on Middleware, Middleware '08, pages 243--264. Springer-Verlag New York, Inc., 2008.

Digital Library

[17]

A. Verma, G. Dasgupta, T.K. Nayak, P. De, and R. Kothari. Server workload analysis for power minimization using consolidation. In Proceedings of the 2009 Conference on USENIX Annual Technical Conference, USENIX'09, pages 28--28. USENIX Association, 2009.

Digital Library

[18]

Z. Wu, Z. Xu, and H. Wang. Whispers in the hyper-space: High-speed covert channel attacks in the cloud. In Proceedings of the 21st USENIX Conference on Security Symposium, Security'12, pages 9--9. USENIX Association, 2012.

Digital Library

[19]

Z. Xu, H. Wang, and Z. Wu. A measurement study on co-residence threat inside the cloud. In Proceedings of the 24th USENIX Conference on Security Symposium, SEC'15, pages 929--944. USENIX Association, 2015.

Digital Library

[20]

Z. Xu, H. Wang, Z. Xu, and X. Wang. Power attack: An increasing threat to data centers. In Proceedings of 21st Annual Network and Distributed System Security Symposium, NDSS'14, 2014.

[21]

Y. Zhang, A. Jules, K. Reiter, and T. Ristenpart. Cross-tenant side-channel attacks in paas clouds. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS '14, pages 990--1003. ACM, 2014.

Digital Library

Cited By

Thabet MBerrima MHnich B(2023)A secure optimal placement strategy based on Monte Carlo simulation and hypothesis testingFuture Generation Computer Systems10.1016/j.future.2022.07.025138:C(89-103)Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1016/j.future.2022.07.025
Manikandan JSriLaskhmi U(2023)HMM-Assisted Proactive Vulnerability Mitigation in Virtualization Datacenter Though Controlled VM PlacementProceedings of Data Analytics and Management10.1007/978-981-19-7615-5_32(363-377)Online publication date: 25-Mar-2023
https://doi.org/10.1007/978-981-19-7615-5_32
Aldawood MJhumka AFahmy S(2023)Toward Secure VMs Allocation: Analysis of VMs Allocation Behaviours in the Cloud Computing EnvironmentsCloud Computing and Services Science10.1007/978-3-031-21637-4_2(25-46)Online publication date: 1-Jan-2023
https://doi.org/10.1007/978-3-031-21637-4_2
Show More Cited By

Index Terms

Co-location Resistant Strategy with Full Resources Optimization

Recommendations

Co-Location-Resistant Clouds
CCSW '14: Proceedings of the 6th edition of the ACM Workshop on Cloud Computing Security

We consider the problem of designing multi-tenant public infrastructure clouds resistant to cross-VM attacks without relying on single-tenancy or on assumptions about the cloud's servers. In a cross-VM attack (which have been demonstrated recently in ...
Secure virtual machine placement in cloud data centers
Abstract
Due to an increasing number of avenues for conducting cross-VM side-channel attacks, the security of multi-tenant public IaaS cloud environments is a growing concern. These attacks allow an adversary to steal private information from a target ...
Highlights
- New, realistic metrics defined for assessing secure VM placements.
- A new placement scheme having better security and resource-efficiency.
- User classification improves security in VM placement.
Approximate Co-Location-Resistant VM Placement Strategy With Low Energy Consumption
Abstract
In cloud computing, muti-tenancy enables virtual machines to co-host the same server to reduce the power expenses. Although, there may exist co-hosts that attempt to conduct co-location attacks, which cause data leakage. To address this challenge, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCSW '16: Proceedings of the 2016 ACM on Cloud Computing Security Workshop

October 2016

116 pages

ISBN:9781450345729

DOI:10.1145/2996429

Conference Chairs:
Mathias Payer
Purdue University, USA
,
Stefan Mangard
IAIK TU Graz, Austria
,
General Chairs:
Edgar Weippl
SBA Research, Austria
,
Stefan Katzenbeisser
Technische Universität Darmstadt, Germany
,
Program Chairs:
Elli Androulaki
IBM Research-Zurich, Switzerland
,
Michael K. Reiter
University of North Carolina at Chapel Hill, USA

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 October 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'16

Sponsor:

SIGSAC

CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security

October 28, 2016

Vienna, Austria

Acceptance Rates

CCSW '16 Paper Acceptance Rate 8 of 23 submissions, 35%;

Overall Acceptance Rate 37 of 108 submissions, 34%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
154
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Thabet MBerrima MHnich B(2023)A secure optimal placement strategy based on Monte Carlo simulation and hypothesis testingFuture Generation Computer Systems10.1016/j.future.2022.07.025138:C(89-103)Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1016/j.future.2022.07.025
Manikandan JSriLaskhmi U(2023)HMM-Assisted Proactive Vulnerability Mitigation in Virtualization Datacenter Though Controlled VM PlacementProceedings of Data Analytics and Management10.1007/978-981-19-7615-5_32(363-377)Online publication date: 25-Mar-2023
https://doi.org/10.1007/978-981-19-7615-5_32
Aldawood MJhumka AFahmy S(2023)Toward Secure VMs Allocation: Analysis of VMs Allocation Behaviours in the Cloud Computing EnvironmentsCloud Computing and Services Science10.1007/978-3-031-21637-4_2(25-46)Online publication date: 1-Jan-2023
https://doi.org/10.1007/978-3-031-21637-4_2
Cui SHomsi S(2022)Perspective Chapter: Deep Reinforcement Learning for Co-Resident Attack Mitigation in The CloudCloud Computing - New Perspectives for AI and Cybersecurity [Working Title]10.5772/intechopen.105991Online publication date: 28-Oct-2022
https://doi.org/10.5772/intechopen.105991
Thabet MHnich BBerrima M(2022)A sampling-based online Co-Location-Resistant Virtual Machine placement strategyJournal of Systems and Software10.1016/j.jss.2022.111215187:COnline publication date: 1-May-2022
https://dl.acm.org/doi/10.1016/j.jss.2022.111215
Aldawood MJhumka A(2021)Secure Allocation for Graph-Based Virtual Machines in Cloud Environments2021 18th International Conference on Privacy, Security and Trust (PST)10.1109/PST52912.2021.9647766(1-7)Online publication date: 13-Dec-2021
https://doi.org/10.1109/PST52912.2021.9647766
Agarwal ABinh Duong T(2018)Co- Location Resistant Virtual Machine Placement in Cloud Data Centers2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS)10.1109/PADSW.2018.8644849(61-68)Online publication date: Dec-2018
https://doi.org/10.1109/PADSW.2018.8644849
Natu VDuong T(2017)Secure Virtual Machine Placement in Infrastructure Cloud Services2017 IEEE 10th Conference on Service-Oriented Computing and Applications (SOCA)10.1109/SOCA.2017.12(26-33)Online publication date: Nov-2017
https://doi.org/10.1109/SOCA.2017.12
Liang XGui XJian ARen D(2017)Mitigating cloud co-resident attacks via grouping-based virtual machine placement strategy2017 IEEE 36th International Performance Computing and Communications Conference (IPCCC)10.1109/PCCC.2017.8280448(1-8)Online publication date: Dec-2017
https://doi.org/10.1109/PCCC.2017.8280448

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents