Egyptian Informatics Journal (Sep 2021)

Security-aware dynamic VM consolidation

  • Mohamed A. Elshabka,
  • Hanan A. Hassan,
  • Walaa M. Sheta,
  • Hany M. Harb

Journal volume & issue
Vol. 22, no. 3
pp. 277 – 284

Abstract

Read online

The explosive growth of cloud usage encourages several challenges, especially high energy consumption of Cloud Data Centers (CDCs), new security risks to Virtual Machines (VMs) resulting from co-residency with other risky VMs on the same Physical Machine (PM), and the Quality of Service (QoS) degradation due to sharing resources. Many recent studies have proposed Dynamic VM Consolidation (DVMC) to save energy with minimum degradation of the QoS. However, due to the lack of reliable security measurements and consolidating VMs without any awareness of their security risk degrees, the overall security risk of the CDC may be increased. To tackle these challenges, this study presents a Security-aware DVMC (SDVMC) that consists of a Security Monitoring Module (SMM) and a SDVMC module. The SMM utilizes a three-dimensional security assessment model, while in the SDVMC module we propose a novel VM placement algorithm called Minimum Risk Increase (MRI) with Risk Increase Threshold (RITH). The proposed MRI with RITH VM placement algorithm selects the host that leads to minimum risk increase to the overall security risk while maintaining the risk increase for each VM does not exceed the value of the proposed RITH constraint; which is set according to the aims of the cloud provider. Simulation results show that using our approach with RITH 0.8 results in security improvement, overall risk was decreased by 2% to 5%, without negative impact on energy consumption or QoS. Moreover, using our approach with RITH less than 0.8 enables the tradeoff between energy consumption and the overall security risk. The maximum overall risk decrease ranged from 10% up to 40%, according to the intensive of the communication overhead between the VMs, while the used energy in its maximum was less than half if we used a non-power-ware VM allocation policy.

Keywords