Abstract
Infrastructure as a Service (IaaS) facilitates the provisioning of virtual machines (VMs) in cloud computing platform for disjoint customers in a highly scalable, flexible, and cost-efficient fashion. However, introducing new VMs to a physical server where vulnerable VM already exists could lead to potential security risks to the new ones. Furthermore, even the physical server itself could be compromised by attackers through one of these vulnerable VMs. Therefore, VM placement could bring great impact over the security level of the whole cloud. In this chapter, we first quantify the security risks of cloud environments based on virtual machine vulnerabilities and placement schemes. Based on our security evaluation, we present a novel VM placement algorithm that can minimize the cloud’s overall security risks by considering the connections among VMs. According to the experimental results, our approach can greatly improve the survivability of most VMs and the entire cloud. The computing costs and deployment costs of our techniques are also practical.
Keywords
- Cloud Computing
- Virtual Machine
- Cloud Provider
- Security Risk
- Physical Machine
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, access via your institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptions
Notes
- 1.
This chapter includes copyrighted materials, which were reproduced with permission of IEEE and the authors. The original article is: Xuebiao Yuchi and Sachin Shetty, “Enabling security-aware virtual machine placement in IaaS clouds,” IEEE Military Communications Conference (Milcom 2015), pp.1554–1559, 26–28 Oct. 2015, ©IEEE. Reprinted by permission.
References
M. Alicherry and T. Lakshman, “Optimizing data access latencies in cloud systems by intelligent virtual machine placement,” in INFOCOM, 2013 Proceedings IEEE. IEEE, 2013, pp. 647–655.
H. Maziku and S. Shetty, “Network aware vm migration in cloud data centers,” in Research and Educational Experiment Workshop (GREE), 2014 Third GENI. IEEE, 2014, pp. 25–28.
A. Hameed, A. Khoshkbarforoushha, R. Ranjan, P. P. Jayaraman, J. Kolodziej, P. Balaji, S. Zeadally, Q. M. Malluhi, N. Tziritas, A. Vishnu et al., “A survey and taxonomy on energy efficient resource allocation techniques for cloud computing systems,” Computing, pp. 1–24, 2014.
D. Hatzopoulos, I. Koutsopoulos, G. Koutitas, and W. Van Heddeghem, “Dynamic virtual machine allocation in cloud server facility systems with renewable energy sources,” in Communications (ICC), 2013 IEEE International Conference on. IEEE, 2013, pp. 4217–4221.
S. Zhang, X. Zhang, and X. Ou, “After we knew it: empirical study and modeling of cost-effectiveness of exploiting prevalent known vulnerabilities across iaas cloud,” in Proceedings of the 9th ACM symposium on Information, computer and communications security. ACM, 2014, pp. 317–328.
S. Bugiel, S. Nürnberger, T. Pöppelmann, A.-R. Sadeghi, and T. Schneider, “Amazonia: when elasticity snaps back,” in Proceedings of the 18th ACM conference on Computer and communications security. ACM, 2011, pp. 389–400.
Z. Afoulki, A. Bousquet, and J. Rouzaud-Cornabas, “A security-aware scheduler for virtual machines on iaas clouds,” Report 2011, 2011.
M. Li, Y. Zhang, K. Bai, W. Zang, M. Yu, and X. He, “Improving cloud survivability through dependency based virtual machine placement.” in SECRYPT, 2012, pp. 321–326.
E. Caron, A. D. Le, A. Lefray, and C. Toinard, “Definition of security metrics for the cloud computing and security-aware virtual machine placement algorithms,” in Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2013 International Conference on. IEEE, 2013, pp. 125–131.
S. Al-Haj, E. Al-Shaer, and H. V. Ramasamy, “Security-aware resource allocation in clouds,” in Services Computing (SCC), 2013 IEEE International Conference on. IEEE, 2013, pp. 400–407.
NVD, “US National Vulnerability Database,” https://nvd.nist.gov.
NVD, “US National Vulnerability Database,” https://nvd.nist.gov.
H. Holm, M. Ekstedt, and D. Andersson, “Empirical analysis of system-level vulnerability metrics through actual attacks,” Dependable and Secure Computing, IEEE Transactions on, vol. 9, no. 6, pp. 825–837, 2012.
D. J. Leversage and E. James, “Estimating a system’s mean time-to-compromise,” Security & Privacy, IEEE, vol. 6, no. 1, pp. 52–60, 2008.
S. Frei, M. May, U. Fiedler, and B. Plattner, “Large-scale vulnerability analysis,” in Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense. ACM, 2006, pp. 131–138.
Acknowledgements
This work is based on research sponsored by the Office of the Assistant Secretary of Defense for Research and Engineering (OASD(R&E)) under agreement number FAB750-15-2-0120. The US Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the Office of the Assistant Secretary of Defense for Research and Engineering (OASD(R&E)) or the US Government. This work is also supported in part by an ARO grant W911NF-12-1-0055, National Science Foundation (NSF) Grant HRD-1137466, Department of Homeland Security (DHS) SLA grant 2010-ST-062-0000041 and 2014-ST-062-000059.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Shetty, S., Yuchi, X., Song, M. (2016). Security-Aware Virtual Machine Placement in Cloud Data Center. In: Moving Target Defense for Distributed Systems. Wireless Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-31032-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-31032-9_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31031-2
Online ISBN: 978-3-319-31032-9
eBook Packages: Computer ScienceComputer Science (R0)