Abstract
It is a common practice that public clouds adopt Virtual Machine (VM) multiplexing to improve resource usage and energy consumption. However, packing multiple VMs of different security requirements into a single hypervisor gives rise to major cybersecurity issues, such as VM to VM Interdependency-based cybersecurity (ICS) risks. For example, the chances of successfully compromising a secure Critical VM (CVM) are very high when an attacker compromises the hosting hypervisor after a successful attack on one of its less secure, non-critical VMs (NVMs). In this paper, we study how to securely and efficiently collocate CVMs with NVMs in public cloud clusters. Specifically, we model and analyze the ICS risks imposed on CVMs by NVMs using noncooperative game models involving two players, i.e., an attacker and a cloud provider. We then introduce a novel approach that can judiciously determine the allocation of VMs so that the ICS risks imposed on critical VMs are guaranteed to be minimized. Our experimental results show that our proposed algorithm can judiciously optimize the provider’s overall resource usage, energy consumption, and operational expense while minimizing the potential security loss given a successful attack on any VM.
Approved for Public Release; Distribution Unlimited: 88ABW-2018-3268; Dated 27 Jun 2018.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Homsi, S., Liu, S., Chaparro-Baquero, G.A., Bai, O., Ren, S., Quan, G.: Workload consolidation for cloud data centers with guaranteed qos using request reneging. IEEE TPDS 28(7), 2103–2116 (2017)
Kamhoua, C.A., Kwiat, L., Kwiat, K.A., Park, J.S., Zhao, M., Rodriguez, M.: Game theoretic modeling of security and interdependency in a public cloud. In: CLOUD, 2014 IEEE 7th International Conference on 2014, pp. 514–521 (2014)
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds, pp. 199–212 (2009)
Hadji, M., Zeghlache, D.: Mathematical programming approach for revenue maximization in cloud federations. IEEE TCC 5(1), 99–111 (2017)
Gai, K., Qiu, M., Zhao, H.: Cost-aware multimedia data allocation for heterogeneous memory using genetic algorithm in cloud computing. IEEE TCC (2016)
von Neumann, J.: On the theory of parlor games. Mathematische Annalen (1928)
Meng, R., Ye, Y., Xie, N.-G.: Multi-objective optimization design methods based on game theory. In: 8th World Congress on WCICA, pp. 2220–2227. IEEE (2010)
Wei, G., Vasilakos, A.V., Zheng, Y., Xiong, N.: A game-theoretic method of fair resource allocation for cloud computing services. J. Supercomput. 54(2), 252–269 (2010)
Kunsemoller, J., Karl, H.: A Game-Theoretical Approach to the Benefits of Cloud Computing, pp. 148–160. Springer, Heidelberg (2012)
Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-vm side channels and their use to extract private keys, pp. 305–316 (2012)
Kwiat, L., Kamhoua, C.A., Kwiat, K.A., Tang, J., Martin, A.: Security-aware virtual machine allocation in the cloud: a game theoretic approach. In: 2015 IEEE 8th International Conference on Cloud Computing (CLOUD), pp. 556–563 (2015)
Zhang, Y., Li, M., Bai, K., Yu, M., Zang, W.: Incentive compatible moving target defense against vm-colocation attacks in clouds. In: IFIP International Information Security Conference, pp. 388–399. Springer (2012)
Li, M., Zhang, Y., Bai, K., Zang, W., Yu, M., He, X.: Improving cloud survivability through dependency based virtual machine placement. In: SECRYPT, pp. 321–326 (2012)
Han, Y., Alpcan, T., Chan, J., Leckie, C.: Security games for virtual machine allocation in cloud computing. In: International Conference on DGTS, pp. 99–118. Springer (2013)
Acknowledgment
This work was performed when Mr. Homsi was an intern in the Air Force Research Laboratory (AFRL) and it is supported by the Summer Fellowship Program for Students with the Cyber Assurance Branch of the AFRL, Rome, NY. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the AFRL.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Homsi, S., Quan, G., Njilla, L. (2019). Critical Workload Deployment in Public Clouds with Guaranteed Security Levels and Optimized Resource Usage and Energy Cost. In: Arai, K., Bhatia, R., Kapoor, S. (eds) Proceedings of the Future Technologies Conference (FTC) 2018. FTC 2018. Advances in Intelligent Systems and Computing, vol 881. Springer, Cham. https://doi.org/10.1007/978-3-030-02683-7_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-02683-7_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02682-0
Online ISBN: 978-3-030-02683-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)