Biblio
Cloud computing systems (CCSs) enable the sharing of physical computing resources through virtualisation, where a group of virtual machines (VMs) can share the same physical resources of a given machine. However, this sharing can lead to a so-called side-channel attack (SCA), widely recognised as a potential threat to CCSs. Specifically, malicious VMs can capture information from (target) VMs, i.e., those with sensitive information, by merely co-located with them on the same physical machine. As such, a VM allocation algorithm needs to be cognizant of this issue and attempts to allocate the malicious and target VMs onto different machines, i.e., the allocation algorithm needs to be security-aware. This paper investigates the allocation patterns of VM allocation algorithms that are more likely to lead to a secure allocation. A driving objective is to reduce the number of VM migrations during allocation. We also propose a graph-based secure VMs allocation algorithm (GbSRS) to minimise SCA threats. Our results show that algorithms following a stacking-based behaviour are more likely to produce secure VMs allocation than those following spreading or random behaviours.
Source location privacy (SLP) is becoming an important property for a large class of security-critical wireless sensor network applications such as monitoring and tracking. Much of the previous work on SLP have focused on the development of various protocols to enhance the level of SLP imparted to the network, under various attacker models and other conditions. Others works have focused on analysing the level of SLP being imparted by a specific protocol. In this paper, we focus on deconstructing routing-based SLP protocols to enable a better understanding of their structure. We argue that the SLP-aware routing protocols can be classified into two main categories, namely (i) spatial and (ii) temporal. Based on this, we show that there are three important components, namely (i) decoy selection, (ii) use and routing of control messages and (iii) use and routing of decoy messages. The decoy selection technique imparts the spatial or temporal property of SLP-aware routing. We show the viability of the framework through the construction of well-known SLP-aware routing protocols using the identified components.