Advertisement

Critical Workload Deployment in Public Clouds with Guaranteed Security Levels and Optimized Resource Usage and Energy Cost

  • Soamar HomsiEmail author
  • Gang QuanEmail author
  • Laurent NjillaEmail author
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 881)

Abstract

It is a common practice that public clouds adopt Virtual Machine (VM) multiplexing to improve resource usage and energy consumption. However, packing multiple VMs of different security requirements into a single hypervisor gives rise to major cybersecurity issues, such as VM to VM Interdependency-based cybersecurity (ICS) risks. For example, the chances of successfully compromising a secure Critical VM (CVM) are very high when an attacker compromises the hosting hypervisor after a successful attack on one of its less secure, non-critical VMs (NVMs). In this paper, we study how to securely and efficiently collocate CVMs with NVMs in public cloud clusters. Specifically, we model and analyze the ICS risks imposed on CVMs by NVMs using noncooperative game models involving two players, i.e., an attacker and a cloud provider. We then introduce a novel approach that can judiciously determine the allocation of VMs so that the ICS risks imposed on critical VMs are guaranteed to be minimized. Our experimental results show that our proposed algorithm can judiciously optimize the provider’s overall resource usage, energy consumption, and operational expense while minimizing the potential security loss given a successful attack on any VM.

Keywords

Cloud computing Cybersecurity Game theory Power consumption 

Notes

Acknowledgment

This work was performed when Mr. Homsi was an intern in the Air Force Research Laboratory (AFRL) and it is supported by the Summer Fellowship Program for Students with the Cyber Assurance Branch of the AFRL, Rome, NY. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the AFRL.

References

  1. 1.
    Homsi, S., Liu, S., Chaparro-Baquero, G.A., Bai, O., Ren, S., Quan, G.: Workload consolidation for cloud data centers with guaranteed qos using request reneging. IEEE TPDS 28(7), 2103–2116 (2017)Google Scholar
  2. 2.
    Kamhoua, C.A., Kwiat, L., Kwiat, K.A., Park, J.S., Zhao, M., Rodriguez, M.: Game theoretic modeling of security and interdependency in a public cloud. In: CLOUD, 2014 IEEE 7th International Conference on 2014, pp. 514–521 (2014)Google Scholar
  3. 3.
    Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds, pp. 199–212 (2009)Google Scholar
  4. 4.
    Hadji, M., Zeghlache, D.: Mathematical programming approach for revenue maximization in cloud federations. IEEE TCC 5(1), 99–111 (2017)Google Scholar
  5. 5.
    Gai, K., Qiu, M., Zhao, H.: Cost-aware multimedia data allocation for heterogeneous memory using genetic algorithm in cloud computing. IEEE TCC (2016)Google Scholar
  6. 6.
    von Neumann, J.: On the theory of parlor games. Mathematische Annalen (1928)Google Scholar
  7. 7.
    Meng, R., Ye, Y., Xie, N.-G.: Multi-objective optimization design methods based on game theory. In: 8th World Congress on WCICA, pp. 2220–2227. IEEE (2010)Google Scholar
  8. 8.
    Wei, G., Vasilakos, A.V., Zheng, Y., Xiong, N.: A game-theoretic method of fair resource allocation for cloud computing services. J. Supercomput. 54(2), 252–269 (2010)CrossRefGoogle Scholar
  9. 9.
    Kunsemoller, J., Karl, H.: A Game-Theoretical Approach to the Benefits of Cloud Computing, pp. 148–160. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  10. 10.
    Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-vm side channels and their use to extract private keys, pp. 305–316 (2012)Google Scholar
  11. 11.
    Kwiat, L., Kamhoua, C.A., Kwiat, K.A., Tang, J., Martin, A.: Security-aware virtual machine allocation in the cloud: a game theoretic approach. In: 2015 IEEE 8th International Conference on Cloud Computing (CLOUD), pp. 556–563 (2015)Google Scholar
  12. 12.
    Zhang, Y., Li, M., Bai, K., Yu, M., Zang, W.: Incentive compatible moving target defense against vm-colocation attacks in clouds. In: IFIP International Information Security Conference, pp. 388–399. Springer (2012)Google Scholar
  13. 13.
    Li, M., Zhang, Y., Bai, K., Zang, W., Yu, M., He, X.: Improving cloud survivability through dependency based virtual machine placement. In: SECRYPT, pp. 321–326 (2012)Google Scholar
  14. 14.
    Han, Y., Alpcan, T., Chan, J., Leckie, C.: Security games for virtual machine allocation in cloud computing. In: International Conference on DGTS, pp. 99–118. Springer (2013)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of Electrical and Computer EngineeringFlorida International UniversityMiamiUSA
  2. 2.The Cyber Assurance Branch, Air Force Research LaboratoryRomeUSA

Personalised recommendations