Defending Against Side Channel Attacks in Cloud Resource Management

S. Velliangiri*
Department of Computer Science and Engineering, GMR Institute of Technology, Rajam, Andhra Pradesh, India.
Periodicity:January - June'2021
DOI : https://doi.org/10.26634/jcc.8.1.18454

Abstract

The cloud computing environment allows for the sharing of highly scalable hardware and software resources over the internet. Virtual Machines (VM) allow the cloud provider to share hardware resources with cloud clients. Co-resident VMs are Virtual Machines (VMs) that run on the same physical server. The Virtual Machines in Co-Residence are logically separated from one another. The harmful users' side channels compromise the logical isolation. Co-resident attacks are described as unauthorized users accessing sensitive information from Co-resident VMs. Malicious users gain access to critical information such as cryptographic keys, workloads, and web traffic rates. Co-location, co-residence, and coresidency threats are all terms used to describe a Co-resident attack. The Virtual Machine allocation policy is used to determine where the Virtual Machines should be placed on the physical server. The malicious user co-locates their Virtual Machine with the target Virtual Machine. The Virtual Machine deployment procedure takes into account security, workload balancing, and power consumption criteria. Secure metrics are defined to assess the VM allocation policy's security. The Balanced VM Allocation Policy is designed to distribute virtual machines among physical servers. With security metrics, the Previous Selected Server First (PSSF) policy is applied. With the workload balance parameter, the least VM allocation policy, most VM allocation policy, and random allocation policy are applied. Within the same environment, the data centres are connected to the Virtual Machines. With centralised and distributed scheduling algorithms, the attack-resistant Virtual Machine Management framework is built. Side channel attacks are prevented during live VM transfer. Multiple data centre management mechanisms have been added to the system. To allocate virtual machines on the physical server, the Distributed VM Placement (DVMP) policy is created.

Keywords

Cloud Resources, Virtual Machine Allocation Policies, Side Channel Attacks, Co-residential Attacks, Distributed Scheduling.

How to Cite this Article?

Velliangiri, S. (2021). Defending Against Side Channel Attacks in Cloud Resource Management. i-manager's Journal on Cloud Computing, 8(1), 1-7. https://doi.org/10.26634/jcc.8.1.18454

References

[1]. Bates, A., Mood, B., Pletcher, J., Pruse, H., Valafar, M., & Butler, K. (2014). On detecting co-resident cloud instances using network flow watermarking techniques. International Journal of Information Security, 13(2), 171-189. https://doi.org/10.1007/s10207-013-0210-0
[2]. Bowers, K. D., Van Dijk, M., Juels, A., Oprea, A., & Rivest, R. L. (2011, October). How to tell if your cloud files are vulnerable to drive crashes. In Proceedings of the 18th ACM Conference on Computer and Communications Security (pp. 501-514). https://doi.org/10.1145/2046707.2046766
[3]. Butt, S., Lagar-Cavilla, H. A., Srivastava, A., & Ganapathy, V. (2012, October). Self-service cloud computing. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (pp. 253- 264). https://doi.org/10.1145/2382196.2382226
[4]. Lee, E. K., Viswanathan, H., & Pompili, D. (2015). Proactive thermal-aware resource management in virtualized HPC cloud datacenters. IEEE Transactions on Cloud Computing, 5(2), 234-248. https://doi.org/10.1109/ TCC.2015.2474368
[5]. McCune, J. M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., & Perrig, A. (2010, May). TrustVisor: Efficient TCB reduction and attestation. In 2010, IEEE Symposium on Security and Privacy (pp. 143-158). IEEE. https://doi.org/10. 1109/SP.2010.17
[6]. Szefer, J., Keller, E., Lee, R. B., & Rexford, J. (2011, October). Eliminating the hypervisor attack surface for a more secure cloud. In Proceedings of the 18th ACM Conference on Computer and Communications Security (pp. 401-412). https://doi.org/10.1145/2046707.2046754
[7]. Varadarajan, V., Kooburat, T., Farley, B., Ristenpart, T., & Swift, M. M. (2012, October). Resource-freeing attacks: improve your cloud performance (at your neighbor's expense). In Proceedings of the 2012 ACM Conference on Computer and Communications Security (pp. 281-292). https://doi.org/10.1145/2382196.2382228
[8]. Wu, H., Ren, S., Garzoglio, G., Timm, S., Bernabeu, G., Chadwick, K., & Noh, S. Y. (2014). A reference model for virtual machine launching overhead. IEEE Transactions on Cloud Computing, 4(3), 250-264. https://doi.org/10.1109/ TCC.2014.2369439
[9]. Zhang, Y., Juels, A., Oprea, A., & Reiter, M. K. (2011, May). Homealone: Co-residency detection in the cloud via side-channel analysis. In 2011, IEEE symposium on security and privacy (pp. 313 - 328). IEEE . https://doi.org/10.1109/SP.2011.31
[10]. Zhang, Y., Juels, A., Reiter, M. K., & Ristenpart, T. (2012, October). Cross-VM side channels and their use to extract private keys. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (pp. 305- 316). https://doi.org/10.1145/2382196.2382230
If you have access to this article please login to view the article or kindly login to purchase the article

Purchase Instant Access

Single Article

North Americas,UK,
Middle East,Europe
India Rest of world
USD EUR INR USD-ROW
Online 15 15

Options for accessing this content:
  • If you would like institutional access to this content, please recommend the title to your librarian.
    Library Recommendation Form
  • If you already have i-manager's user account: Login above and proceed to purchase the article.
  • New Users: Please register, then proceed to purchase the article.