Mitigating cloud co-resident attacks via grouping-based virtual machine placement strategy

摘要

Security is one of the biggest concerns for the further adoption of Clouds. However, Cloud providers usually assign VMs leased by different customers upon the same physical server. Albeit maximizing resource efficiency, this cross-domain sharing poses a serious threat to customers' privacy concerns. A malicious VM could break or bypass the isolation mechanism and execute certain cross-VM attacks, such as side channel attacks or memory Dos attacks, etc. However, most of previous solutions are either attack-specific or unsuitable for immediate deployment, making the mitigation techniques for co-resident attacks still an important and worth-studying problem in cloud security. In this paper, we propose a novel grouping-based VM placement strategy to provide a secure optimization for existing VM placement policies. The theoretical analysis and simulation results show that our strategy decreases enormously the probability of co-residence while incurring only a slight loss on resource efficiency. The results also demonstrate that our strategy is significantly more effective in terms of both co-location resistance and resources efficiency, compared with the CLR policy.