Secure Allocation for Graph-Based Virtual Machines in Cloud Environments
| Title | Secure Allocation for Graph-Based Virtual Machines in Cloud Environments |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Aldawood, Mansour, Jhumka, Arshad |
| Conference Name | 2021 18th International Conference on Privacy, Security and Trust (PST) |
| Keywords | cloud computing, composability, cryptography, cyber physical systems, data centers, data privacy, machine learning, pubcrawl, resilience, Resiliency, side-channel attacks, Topology, virtual machine allocation, virtual machine security, Virtual machining, virtualization privacy |
| Abstract | Cloud computing systems (CCSs) enable the sharing of physical computing resources through virtualisation, where a group of virtual machines (VMs) can share the same physical resources of a given machine. However, this sharing can lead to a so-called side-channel attack (SCA), widely recognised as a potential threat to CCSs. Specifically, malicious VMs can capture information from (target) VMs, i.e., those with sensitive information, by merely co-located with them on the same physical machine. As such, a VM allocation algorithm needs to be cognizant of this issue and attempts to allocate the malicious and target VMs onto different machines, i.e., the allocation algorithm needs to be security-aware. This paper investigates the allocation patterns of VM allocation algorithms that are more likely to lead to a secure allocation. A driving objective is to reduce the number of VM migrations during allocation. We also propose a graph-based secure VMs allocation algorithm (GbSRS) to minimise SCA threats. Our results show that algorithms following a stacking-based behaviour are more likely to produce secure VMs allocation than those following spreading or random behaviours. |
| DOI | 10.1109/PST52912.2021.9647766 |
| Citation Key | aldawood_secure_2021 |