A Secure Virtual Machine Allocation Strategy Against Co-Resident Attacks

Abstract

In the area of network development, especially cloud computing, security has been a long-standing issue. In order to better utilize physical resources, cloud service providers usually allocate different tenants on the same physical machine, i.e., physical resources such as CPU, memory, and network devices are shared among multiple tenants on the same host. Virtual machine (VM) co-resident attack, a serious threat in this sharing methodology, includes malicious tenants who tend to steal private data. Currently, most solutions focus on how to eliminate known specific side channels, but they have little effect on unknown side channels. Compared to eliminating side channels, developing a VM allocation strategy is an effective countermeasure against VM co-resident attack as it reduces the probability of VM co-residency, but research on this topic is still in its infancy. In this study, firstly, a novel, efficient, and secure VM allocation strategy named Against VM Co-resident attack based on Multi-objective Optimization Best Fit Decreasing (AC-MOBFD) is proposed, which simultaneously optimizes load balancing, energy consumption, and host resource utilization during VM placement. Subsequently, security of the proposed allocation strategy is measured using two metrics – VM attack efficiency and VM attack coverage. Extensive experiments on simulated and real cloud platforms, CloudSim and OpenStack, respectively, demonstrate that using our strategy, the attack efficiency of VM co-residency is reduced by 37.3% and VM coverage rate is reduced by 24.4% when compared to existing strategies. Finally, we compare the number of co-resident hosts with that of hosts in a real cloud platform. Experimental results show that the deviation is below 9.4%, which validates the feasibility and effectiveness of the presented strategy.