SeLance: Secure Load Balancing of Virtual Machines in Cloud

摘要

The rapid development of cloud computing expands the scale of modern cloud data centers, resulting in growing challenges of energy consumption. Load balancing of virtual machines(VMs), for the purposes of improving the utilization of physical resources and reducing energy consumption, has become a research focus in recent years. However, the existing researches mostly focus on how to maximize resource utilization and reduce energy consumption. Security issues in the context of load balancing of VMs were rarely addressed. In this paper, we research the key procedures of load balancing, VM selection and VM placement, we find that the existing schemes introduced several security problems. In consideration of some conclusions of recent researches and inevitable live migrations during load balancing, common tenants have sufficient reasons to worry about their VMs' security when they are migrated to strange hosts and/or co-reside with the VMs owned by strange tenants. In short, VMs' mobility introduced by load balance expands the attack surface. In this work, we classify and analyze related security threats and create an information leakage model for load balancing. We present a new security policy, SeLance, to secure the load balancing via avoiding above threats as far as possible. We develop exact implementations in CloudSim and OpenStack. We show that SeLance can effectively alleviate the threats introduced by load balancing, the security score can improve 46.90%-81.15%, while keeping the load balancer's original function to a great extent (± 2.5%).