Abstract

Cloud computing has completely changed IT (information technology) by providing IT resources as services on the internet. However, certain types of attacks, such as interdependency attacks, impede its wide adoption. With the latter, an attacker who succeeds in compromising the VM of a user can traverse the hypervisor to launch an attack on the VM(s) of other users on the same hypervisor. Unfortunately, we note a lack of secure and performant allocation policies against this problem. Existing policies focus on security but ignore other factors, including workload balance and energy consumption, which are vital for commercial cloud platforms. In this context, we propose different allocation policies for choosing the datacenter server to which we allocate a new virtual machine. These policies aim to minimize the interdependence of different users’ VMs while keeping the system performant regarding workload balance and/or power consumption. By default, our allocation policies treat all legitimate users as attackers and host their virtual machines according to their efficiency and coverage. We first design a secure and balanced solution that increases workload balance to prevent the servers from being overused. Afterward, we propose an algorithm that addresses security, power consumption, and workload balance objectives simultaneously. Based on our simulation results, our solutions perform better than existing algorithms regarding security, workload balance, and power consumption. The balanced solution reduces the chance of an attacker to zero and increases workload balance linearly. In other words, the workload balance is between [5,35] , and it utilizes slightly more hosts than existing proposals, with gains between [2,8] . Although our final proposal is less secure than previous algorithms, it performs better, so it has a good workload balance ( [5,30] ) and consumes less energy.

Introduction

Cloud computing is one of the most remarkable advances in IT in the last two decades. It offers resource consumption on demand, a flexible environment, and easy to use. These facilities make it widely adopted by the customers. However, in cloud computing, the hypervisor allows multiple virtual machines (VMs) of different users to run simultaneously on the same physical server. Ideally, each of these users’ virtual machines should operate in isolation to maintain optimal security conditions. Unfortunately, perfect logical isolation has not been achieved in practice, leaving attackers with the possibility of launching attacks such as interdependency attacks, etc. [1], [2], [3], [4], [5], [6], [7]. With the interdependency attack, a malicious user who has compromised the VM(s) of a user i can traverse the hypervisor to launch an attack on the VMs of another user j≠i on the same hypervisor.

Hence, to tackle this issue, most of the proposals tried to satisfy security and/or performance constraints by using optimization methods such as heuristic algorithms [8], [9], [10], game theory approaches [3], [11], [12], [13], the multi-objectives optimization [14], [15], [16] since the problem is NP-hard [14]. However, we note the absence of a secure and performant virtual machine allocation technique against the interdependency problem. For instance, in [16], the authors proposed a secure solution against the interdependency attack that minimizes both attacker’s efficiency and coverage, which respectively represent the probability of success of the attacker and the probability that the virtual machine of a legitimate user will be compromised. Nevertheless, this solution overlooked essential performance constraints related to minimizing power consumption and maximizing workload balance in the datacenter. These two performance constraints are very important for commercial cloud platforms. The first one motivates a provider to allocate a lot of VMs to fewer servers to reduce the cost of energy consumption and the emission of carbon dioxide (CO2). Significant energy consumption leads to high energy costs among providers. On the other hand, maximizing the workload balance spreads users’ virtual machines among the servers to prevent the hosts from being over-utilized. To accommodate these two performance constraints essential for commercial cloud platforms, we propose extending [16]. We address the interdependency problem and the interdependency attack interchangeably throughout the paper. We also refer to the performance by workload balance and power consumption.

Conclusion

In this paper, we develop the first secure and performant solution against the interdependency attack between cloud users sharing the same hypervisor. It focuses on minimizing security metrics while considering power consumption and workload balance. This approach considers all legitimate users as attackers who attempt to hack the host’s hypervisor and gain unauthorized privileges on the VMs it contains. Specifically, we define a secure allocation policy that maximizes workload balance (SALAEC-B) and a secure and performant allocation policy that simultaneously optimizes security, workload balance, and power consumption (SPALAEC). We also show that these solutions are optimal with polynomial complexities synonymous with “feasible” and “efficient”. In addition, results from the simulation show that SALAEC-B is secure and balanced, and it performs better than its counterpart in the related work, PSSF-Balanced [14]. Finally, SPALAEC is also secure against the interdependency attack while being efficient regarding workload balance and power consumption. Furthermore, our VM allocation policies prevent the negative impact that can be caused by the failure of one of the servers, unlike in PSSF-LEAST [15] and PSSF-Balanced [14]. Our allocation policies do not consider the possibility of migrating a virtual machine from one server to another. We propose an energy-aware approach with virtual machine migration as future work to deal with the high energy consumption in cloud computing and service level agreements (SLAs) violations. In addition, during allocation, our algorithms use the amount of security investment, which does not change over time (i). Our future work may investigate (i) and other simulation scenarios with many users.