Skip to main content
SpringerLink
Log in

Security Games for Virtual Machine Allocation in Cloud Computing

  • Conference paper
Book cover Decision and Game Theory for Security (GameSec 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8252))

Included in the following conference series:

Abstract

While cloud computing provides many advantages in accessibility, scalability and cost efficiency, it also introduces a number of new security risks. This paper concentrates on the co-resident attack, where malicious users aim to co-locate their virtual machines (VMs) with target VMs on the same physical server, and then exploit side channels to extract private information from the victim.Most of the previous work has discussed how to eliminate or mitigate the threat of side channels. However, the presented solutions are impractical for the current commercial cloud platforms. We approach the problem from a different perspective, and study how to minimise the attacker’s possibility of co-locating their VMs with the targets, while maintaining a satisfactory workload balance and low power consumption for the system. Specifically, we introduce a security game model to compare different VM allocation policies. Our analysis shows that rather than deploying one single policy, the cloud provider decreases the attacker’s possibility of achieving co-location by having a policy pool, where each policy is selected with a certain probability. Our solution does not require any changes to the underlying infrastructure. Hence, it can be easily implemented in existing cloud computing platforms.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the Art of Virtualization. Operating Systems Review 37, 164–177 (2003)

    Article  Google Scholar 

  2. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. In: 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 199–212 (2009)

    Google Scholar 

  3. Zhang, Y., Juels, A., Reiter, M., Ristenpart, T.: Cross-VM Side Channels and Their Use to Extract Private Keys. In: 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 305–316 (2012)

    Google Scholar 

  4. Aviram, A., Hu, S., Ford, B., Gummadi, R.: Determinating Timing Channels in Compute Clouds. In: 2010 ACM Workshop on Cloud Computing Security Workshop, CCSW 2010, pp. 103–108 (2010)

    Google Scholar 

  5. Vattikonda, B., Das, S., Shacham, H.: Eliminating Fine Grained Timers in Xen. In: 3rd ACM Workshop on Cloud Computing Security Workshop, CCSW 2011, pp. 41–46 (2011)

    Google Scholar 

  6. Wu, J., Ding, L., Lin, Y., Min Allah, N., Wang, Y.: XenPump: A New Method to Mitigate Timing Channel in Cloud Computing. In: 2012 IEEE Fifth International Conference on Cloud Computing, pp. 678–685 (2012)

    Google Scholar 

  7. Shi, J., Shi, J., Song, X., Chen, H., Zang, B.: Limiting Cache-based Side-channel in Multi-tenant Cloud using Dynamic Page Coloring. In: 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W), pp. 194–199 (2011)

    Google Scholar 

  8. Jin, S., Ahn, J., Cha, S., Huh, J.: Architectural Support for Secure Virtualization under a Vulnerable Hypervisor. In: 44th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO-44 2011, pp. 272–283 (2011)

    Google Scholar 

  9. Szefer, J., Keller, E., Lee, R., Rexford, J.: Eliminating the Hypervisor Attack Surface for a More Secure Cloud. In: 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 401–412 (2011)

    Google Scholar 

  10. Osvik, D.A., Shamir, A., Tromer, E.: Cache Attacks and Countermeasures: The case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  11. Tromer, E., Osvik, D.A., Shamir, A.: Efficient Cache Attacks on AES, and Countermeasures. Journal of Cryptology 23, 37–71 (2010)

    Article  MathSciNet  MATH  Google Scholar 

  12. Hlavacs, H., Treutner, T., Gelas, J.-P., Lefevre, L., Orgerie, A.-C.: Energy Consumption Side-Channel Attack at Virtual Machines in a Cloud. In: 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing, pp. 605–612 (2011)

    Google Scholar 

  13. Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., Schlichting, R.: An Exploration of L2 Cache Covert Channels in Virtualized Environments. In: 3rd ACM Workshop on Cloud Computing Security, CCSW 2011, pp. 29–39 (2011)

    Google Scholar 

  14. Okamura, K., Okamura, K., Oyama, Y.: Load-based Covert Channels between Xen Virtual Machines. In: 2010 ACM Symposium on Applied Computing, SAC 2010, pp. 173–180 (2010)

    Google Scholar 

  15. Wu, J., Ding, L., Wang, Y., Han, W.: Identification and Evaluation of Sharing Memory Covert Timing Channel in Xen Virtual Machines. In: 2011 IEEE 4th International Conference on Cloud Computing, pp. 283–291 (2011)

    Google Scholar 

  16. Kadloor, S., Kadloor, S., Kiyavash, N., Venkitasubramaniam, P.: Scheduling with Privacy Constraints. In: 2012 IEEE Information Theory Workshop, pp. 40–44 (2012)

    Google Scholar 

  17. Xia, Y., Yetian, X., Xiaochao, Z., Lihong, Y., Li, P., Jianhua, L.: Constructing the On/Off Covert Channel on Xen. In: 2012 Eighth International Conference on Computational Intelligence and Security, pp. 568–572 (2012)

    Google Scholar 

  18. Bedi, H., Shiva, S.: Securing Cloud Infrastructure Against Co-Resident DoS Attacks Using Game Theoretic Defense Mechanisms. In: International Conference on Advances in Computing, Communications and Informatics, ICACCI 2012, pp. 463–469 (2012)

    Google Scholar 

  19. Varadarajan, V., Kooburat, T., Farley, B., Ristenpart, T., Swift, M.: Resource-Freeing Attacks: Improve Your Cloud Performance (at Your Neighbor’s Expense). In: 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 281–292 (2012)

    Google Scholar 

  20. Yang, Z., Yang, Z., Fang, H., Wu, Y., Li, C., Zhao, B., Huang, H.H.: Understanding the Effects of Hypervisor I/O Scheduling for Virtual Machine Performance Interference. In: 4th IEEE International Conference on Cloud Computing Technology and Science, pp. 34–41 (2012)

    Google Scholar 

  21. Zhou, F.F., Goel, M., Desnoyers, P., Sundaram, R.: Scheduler Vulnerabilities and Coordinated Attacks in Cloud Computing. In: 10th IEEE International Symposium on Network Computing and Applications, NCA (2011)

    Google Scholar 

  22. Zhang, Y., Li, M., Bai, K., Yu, M., Zang, W.: Incentive Compatible Moving Target Defense against VM-Colocation Attacks in Clouds. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) Information Security and Privacy Research, vol. 376, pp. 388–399. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  23. Li, M.: Improving cloud survivability through dependency based virtual machine placement. In: The International Conference on Security and Cryptography, SECRYPT 2012, pp. 321–326 (2012)

    Google Scholar 

  24. Alpcan, T., Baar, T.: Network Security: A Decision and Game-Theoretic Approach. Cambridge University Press (2010)

    Google Scholar 

  25. CloudSim, http://www.cloudbus.org/cloudsim/

  26. Calheiros, R., Ranjan, R., Beloglazov, A., De Rose, C.A.F., Buyya, R.: CloudSim: a Toolkit for Modeling and Simulation of Cloud Computing Environments and Evaluation of Resource Provisioning Algorithms. Software, Practice and Experience 41, 23–50 (2011)

    Article  Google Scholar 

  27. Beloglazov, A., Abawajy, J., Buyya, R.: Energy-aware Resource Allocation Heuristics for Efficient Management of Data Centers for Cloud Computing. Future Generation Computer Systems 28, 755–768 (2012)

    Article  Google Scholar 

  28. Han, Y., Chan, J., Leckie, C.: Analysing Virtual Machine Usage in Cloud Computing. In: IEEE 2013 3rd International Workshop on Performance Aspects of Cloud and Service Virtualization, CloudPerf 2013 (to appear, 2013)

    Google Scholar 

  29. Synthetic self-similar traffic generation, http://glenkramer.com/ucdavis/trf_research.html

  30. Buyya, R., Beloglazov, A., Abawajy, J.: Energy-Efficient Management of Data Center Resources for Cloud Computing: A Vision, Architectural Elements, and Open Challenges. In: 2010 International Conference on Parallel and Distributed Processing Techniques and Applications, PDPTA 2010 (2010)

    Google Scholar 

  31. Gambit: Software Tools for Game Theory, http://www.gambit-project.org/gambit13/index.html

Download references

Author information

Authors and Affiliations

  1. Department of Computing and Information Systems, University of Melbourne, Melbourne, Australia

    Yi Han, Jeffrey Chan & Christopher Leckie

  2. Department of Electrical and Electronic Engineering, University of Melbourne, Melbourne, Australia

    Tansu Alpcan

Authors
  1. Yi Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tansu Alpcan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jeffrey Chan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Christopher Leckie
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Missouri University of Science and Technology, 500 West 15th Street, 325B Computer Science Building, 65409, Rolla, MO, USA

    Sajal K. Das

  2. Department of Computer Science, Purdue University, LWSN 2142J, 305 N. University Street, 47907, West Lafayette, IN, USA

    Cristina Nita-Rotaru

  3. Data Seurity and Privacs Lab, University of Texas at Dallas, 800 W. Campbell Road, MS EC31, 75080, Richardson, TX, USA

    Murat Kantarcioglu

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer International Publishing Switzerland

About this paper

Cite this paper

Han, Y., Alpcan, T., Chan, J., Leckie, C. (2013). Security Games for Virtual Machine Allocation in Cloud Computing. In: Das, S.K., Nita-Rotaru, C., Kantarcioglu, M. (eds) Decision and Game Theory for Security. GameSec 2013. Lecture Notes in Computer Science, vol 8252. Springer, Cham. https://doi.org/10.1007/978-3-319-02786-9_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-02786-9_7

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-02785-2

  • Online ISBN: 978-3-319-02786-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation