Interdependency Attack-Aware Secure and Performant Virtual Machine Allocation Policies With Low Attack Efficiency and Coverage

Bernard Ousmane Sane; Mandicou Ba; Doudou Fall; Yuzo Taenaka; Ibrahima Niang; Youki Kadobayashi

doi:10.1109/ACCESS.2024.3404949

IEEE Access (Jan 2024)

Interdependency Attack-Aware Secure and Performant Virtual Machine Allocation Policies With Low Attack Efficiency and Coverage

Bernard Ousmane Sane,
Mandicou Ba,
Doudou Fall,
Yuzo Taenaka,
Ibrahima Niang,
Youki Kadobayashi

Affiliations

Bernard Ousmane Sane: ORCiD; Laboratoire d’Informatique de Dakar (LID), Faculty of Science and Technology, University Cheikh Anta Diop of Dakar, Dakar, Senegal
Mandicou Ba: ORCiD; Laboratoire d’Informatique de Dakar (LID), Faculty of Science and Technology, University Cheikh Anta Diop of Dakar, Dakar, Senegal
Doudou Fall: Laboratory for Cyber Resilience, Nara Institute of Science and Technology, Ikoma, Nara, Japan
Yuzo Taenaka: Laboratory for Cyber Resilience, Nara Institute of Science and Technology, Ikoma, Nara, Japan
Ibrahima Niang: Laboratoire d’Informatique de Dakar (LID), Faculty of Science and Technology, University Cheikh Anta Diop of Dakar, Dakar, Senegal
Youki Kadobayashi: Laboratory for Cyber Resilience, Nara Institute of Science and Technology, Ikoma, Nara, Japan

DOI: https://doi.org/10.1109/ACCESS.2024.3404949
Journal volume & issue: Vol. 12
pp. 74944 – 74960

Abstract

Read online

Cloud computing has completely changed IT (information technology) by providing IT resources as services on the internet. However, certain types of attacks, such as interdependency attacks, impede its wide adoption. With the latter, an attacker who succeeds in compromising the VM of a user can traverse the hypervisor to launch an attack on the VM(s) of other users on the same hypervisor. Unfortunately, we note a lack of secure and performant allocation policies against this problem. Existing policies focus on security but ignore other factors, including workload balance and energy consumption, which are vital for commercial cloud platforms. In this context, we propose different allocation policies for choosing the datacenter server to which we allocate a new virtual machine. These policies aim to minimize the interdependence of different users’ VMs while keeping the system performant regarding workload balance and/or power consumption. By default, our allocation policies treat all legitimate users as attackers and host their virtual machines according to their efficiency and coverage. We first design a secure and balanced solution that increases workload balance to prevent the servers from being overused. Afterward, we propose an algorithm that addresses security, power consumption, and workload balance objectives simultaneously. Based on our simulation results, our solutions perform better than existing algorithms regarding security, workload balance, and power consumption. The balanced solution reduces the chance of an attacker to zero and increases workload balance linearly. In other words, the workload balance is between $[{5, 35}]$ , and it utilizes slightly more hosts than existing proposals, with gains between $[{2, 8}]$ . Although our final proposal is less secure than previous algorithms, it performs better, so it has a good workload balance ( $[{5, 30}]$ ) and consumes less energy.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords