Improving Users' Isolation in IaaS: Virtual Machine Placement with Security Constraints

摘要

Nowadays, virtualization is used as the sole mechanism to isolate different users on Cloud platforms. In this paper, we show that, due to improper virtualization of micro-architectural components, data leak and modification can occur on public Clouds. Furthermore, using the same vector, it is possible to induce performance interferences, i.e. noisy neighbors. Using this approach, a VM can steal resources from, and slow down, concurrent VMs. To counter this, we propose placement heuristics that take into account isolation requirements, thus allowing a user to specify the level of isolation he accepts, and with whom. We modify 3 classical heuristics to take into account these requirements. In addition, we propose 4 new heuristics that take into account the hierarchy of Cloud platforms and isolation requirements. Finally, we evaluate these heuristics and compare them with the modified classical ones. We show that our heuristics perform at least as well as the classical ones, while scaling better and being faster by a few orders of magnitude.