A Secure VM Placement Strategy to Defend against Co-residence Attack in Cloud Datacentres

PDF (1017KB), PP.55-64

Views: 0 Downloads: 0

Author(s)

Ankita Srivastava 1,* Narander Kumar 1

1. Department of Computer Science, Babasaheb Bhimrao Ambedkar University, Lucknow-226010, India

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2024.02.05

Received: 9 Sep. 2022 / Revised: 1 Nov. 2022 / Accepted: 29 Dec. 2022 / Published: 8 Apr. 2024

Index Terms

Co-residency, Co-location Attacks, Cloud Security, Virtual Machine Placement, Energy Consumption

Abstract

With the increasing number of co-residence attacks, the security of the multi-tenant public IaaS cloud environment has become a growing concern. The co-residence attacker creates a side channel to retrieve the secured data. These attacks help the adversary to leak out the sensitive information of the user with whom it is co-located. This paper discusses a secured VM placement technique, Previous Server and Co-resident users First (PSCF), which focuses on facilitating security against the co-residence attack by minimizing the probability of co-locating the malicious user with the authentic user. Co-location resistance and core utilization metrics are utilized to evaluate the algorithm’s performance. The proposed method is simulated, and the result is analysed and compared with existing approaches like Best Fit, Worst Fit, PSSF, and SC-PSSF. It is observed that the proposed approach furnished maximum co-location resistance of 74.32% and a core utilization of 82.63%. Further, the algorithm has shown significant performance in balancing the load and energy consumption. The result has reduced the probability that malicious users co-located with the authentic one, thus reducing the security breach of confidential information. 

Cite This Paper

Ankita Srivastava, Narander Kumar, "A Secure VM Placement Strategy to Defend against Co-residence Attack in Cloud Datacentres", International Journal of Computer Network and Information Security(IJCNIS), Vol.16, No.2, pp.55-64, 2024. DOI:10.5815/ijcnis.2024.02.05

Reference

[1]Chuka-Maduji N. and Anu V., “Cloud Computing Security Challenges and Related Defensive Measures: A Survey and Taxonomy,” SN Computer Science, Vol. 2, No. 4, pp 1-17, 2021. doi:10.1007/s42979-021-00732-3.
[2]Srivastava A. and Kumar N, “Resource management techniques in cloud computing: A State of Art,” ICIC Express Letters, Vol. 14, No. 9, pp. 909–916, 2020. doi:10.24507/icicel.14.09.909.
[3]Kumar P and Kumar Bhatt A, “Enhancing multi‐tenancy security in the cloud computing using hybrid ECC‐based data encryption approach,” IET Communications, Vol. 14, No. 18, pp. 3212-3222, 2020. doi:10.1049/iet-com.2020.0255.
[4]Umar Sayibu, Frimpong Twum, Issah Baako, "Delivering a Secured Cloud Computing Architecture and Traditional IT Outsourcing Environment via Penetration Tools in Ghana", International Journal of Computer Network and Information Security Vol.11, No.11, pp.46-59, 2019. 
[5]Compastié M, Badonnel R, Festor O, He R, “From virtualization security issues to cloud protection opportunities: An in-depth analysis of system virtualization models,” Computers & Security, Vol. 97, pp. 101905, 2020. doi:10.1016/j.c,ose.2020.101905.
[6]Hasan M M and Rahman M A, “A signaling game approach to mitigate co-resident attacks in an IaaS cloud environment,” Journal of Information Security and Applications, Vol. 50, pp. 102397, 2020. doi:10.1016/j.jisa.2019.102397
[7]Thirumalai C, Mohan S, Srivastava G., “An efficient public key secure scheme for cloud and IoT security,” Computer Communications, Vol. 150, pp. 634-643, 2020. doi:10.1016/j.comcom.2019.12.015.
[8]Narayana K E and Jayashree K, “Survey on cross virtual machine side channel attack detection and properties of cloud computing as sustainable material,” Materials Today: Proceedings, Vol. 45, pp. 6465-6470, 2021. doi:10.1016/j.matpr.2020.11.283
[9]Saxena D, Gupta I, Kumar J, Singh A K, Wen X, “A secure and multiobjective virtual machine placement framework for cloud data center,” IEEE Systems Journal, Vol. 16, No. 2, pp. 3163-3174, 2021. doi:10.1109/JSYST.2021.3092521.
[10]Hansraj, Tiwari P K, Chaudhary A, “Secure VM placement analysis against co-location based attack in cloud,” Journal of Discrete Mathematical Sciences and Cryptography, Vol. 24, No. 5, pp. 1457-1465, 2021. doi:10.1080/09720529.2021.1945215.
[11]Azizi S., Zandsalimi M. H, Li, D., “An energy-efficient algorithm for virtual machine placement optimization in cloud data centers,” Cluster Computing, Vol. 23, No. 4, pp. 3421-3434, 2020. doi:10.1007/s10586-020-03096-0
[12]Tao X, Wang L, Xu Z, Xie R.,”Secure and Efficient Allocation of Virtual Machines in Cloud Data Center,” In 2021 IEEE Symposium on Computers and Communications (ISCC), 2021. doi:10.1109/ISCC53001.2021.9631399
[13]Narayana K E and Jayashree K., “Survey on cross virtual machine side channel attack detection and properties of cloud computing as sustainable material,” Materials Today: Proceedings, Vol. 45, pp. 6465-6470, 2021. doi: 10.1016/j.matpr.2020.11.283
[14]Tao X, Wang L, Xu Z, Xie R., “SCAMS: A Novel Side-Channel Attack Mitigation System in IaaS Cloud,” In MILCOM 2021-2021 IEEE Military Communications Conference (MILCOM), 2021. doi:10.1109/MILCOM52596.2021.9652991
[15]Xiao Y, Liu L, Ma Z, Wang Z, Meng W., “Defending co‐resident attack using reputation‐based virtual machine deployment policy in cloud computing,” Transactions on Emerging Telecommunications Technologies. Vol. 32, No. 9, pp. e4271, 2021. doi:10.1002/ett.4271
[16]Saxena S, Sanyal G, Srivastava S, Amin R., “Preventing from Cross-VM Side-Channel Attack Using New Replacement Method,” Wireless Personal Communications, Vol. 97, No. 3, pp. 4827–4854, 2017. doi:10.1007/s11277-017-4753-7
[17]Kulah Y, Dincer B, Yilmaz C, Savas E., “SpyDetector: An approach for detecting side-channel attacks at runtime,” International Journal of Information Security, Vol. 18, No. 4, pp. 393-422, 2019. doi:10.1007/s10207-018-0411-7
[18]Z. Wang, J. Wu, Z. Guo, G. Cheng, H. Hu, “Secure virtual network embedding to mitigate the risk of covert channel attacks,” In Computer Communications Workshops (INFOCOM WKSHPS) IEEE, 2016, pp. 144–145. Doi: 10.1109/INFCOMW.2016.7562061
[19]Chhabra S and Singh A K., “A secure VM allocation scheme to preserve against co-resident threat,” International Journal of Web Engineering and Technology, Vol. 15, No. 1, pp. 96-115,2020. 
[20]Wang, X., Wang, L., Miao, F., & Yang, J., “Svmdf: A secure virtual machine deployment framework to mitigate co-resident threat in cloud,” In 2019 IEEE Symposium on Computers and Communications (ISCC), pp.1-7, 2019. 10.1109/ISCC47284.2019.8969721.
[21]Y. Han, J. Chan, T. Alpcan, and C. Leckie., “Using virtual machine allocation policies to defend against Co-resident attacks in cloud computing,” IEEE Transactions on Dependable & Secure Computing, Vol. 14, No. 1, pp. 95–108, 2017, 10.1109/TDSC.2015.2429132
[22]Jia, H., Liu, X., Di, X., Qi, H., Cong, L., Li, J., & Yang, H, “Security strategy for virtual machine allocation in cloud computing,” Procedia computer science, Vol. 147, pp. 140-144, 2019. doi: 10.1016/j.procs.2019.01.204
[23]Thabet, M., Hnich, B., & Berrima, M., “A sampling-based online Co-Location-Resistant Virtual Machine placement strategy,” Journal of Systems and Software, Vol. 187, pp. 111215, 2022. doi:10.1016/j.jss.2022.111215
[24]"CloudSim," http://www.cloudbus.org/cloudsim/.
[25]Sankaran, L., & Subramanian, S. J., “CloudSim Exploration: A Knowledge Framework for Cloud Computing Researchers,” In Applied Soft Computing and Communication Networks, Springer, Singapore, pp. 107-122, 2021. doi:10.1007/978-981-33-6173-7_8
[26]Mishra, S. K., Puthal, D., Sahoo, B., Jayaraman, P. P., Jun, S., Zomaya, A. Y., & Ranjan, R. “Energy-efficient VM-placement in cloud data center,” Sustainable computing: informatics and systems, Vol. 20, pp. 48-55, 2018. doi: 10.1016/j.suscom.2018.01.002