It's Time to Migrate! A Game-Theoretic Framework for Protecting a Multi-Tenant Cloud against Collocation Attacks

摘要

We present a novel game-theoretic framework for the Virtual Machine (VM) migration timing problem. In a multi-tenant cloud, a number of VMs are collocated on the same physical machine. This increases the risk of a malicious VM performing side-channel attacks and leaking sensitive information. To this end, this paper develops and analyzes a game-theoretic framework for the timing problem in which the cloud provider decides when to migrate a VM to a different physical machine to reduce the risk of being compromised by a collocated malicious VM. The adversary decides the rate at which she launches new VMs to collocate with the victim VMs. Our formulation captures a data leakage model in which the cost incurred by the cloud provider depends on the duration of collocation as well as the overhead in migration. We establish sufficient conditions for the existence of Nash equilibria for general cost functions, as well as for specific instantiations, and characterize the best response for both players. Our theoretical findings are corroborated with extensive numerical results in various settings.