Disk storage isolation and verification in cloud

摘要

Multi-tenancy of the cloud maximizes the utility of computation and storage resources by multiplexing the underlying hardware infrastructure amongst cloud customers; however, it also introduces significant security issues such as information leakage between two virtual machines (VMs) even if certain access control policy (e.g., Chinese Wall security policy) has been deployed in the cloud. Physical resource isolation between VMs is an effective mechanism to remove the covert channels in the cloud and prevent information leakage; however, due to economic concerns or negligence, some cheap-and-lazy cloud providers are not motivated to enforce the physical resource isolation as they promised. In this paper, we first develop a mechanism to check the co-residency of two files on local hard disk(s) by measuring the file access time, and then extend our mechanism to check data storage co-residency on Amazon S3 cloud storage.