Incentive Compatible Moving Target Defense against VM-Colocation Attacks in Clouds

Abstract : Cloud computing has changed how services are provided and supported through the computing infrastructure. However, recent work [11] reveals that virtual machine (VM) colocation based side-channel attack can leak users privacy. Techniques have been developed against side-channel attacks. Some of them like NoHype remove the hypervisor layer, which suggests radically changes of the current cloud architecture. While some other techniques may require new processor design that is not immediately available to the cloud providers.In this paper, we propose to construct an incentive-compatible moving-target-defense by periodically migrating VMs, making it much harder for adversaries to locate the target VMs. We developed theories about whether the migration of VMs is worthy and how the optimal migration interval can be determined. To the best of our knowledge, our work is the first effort to develop a formal and quantified model to guide the migration strategy of clouds to improve security. Our analysis shows that our placement based defense can significantly improve the security level of the cloud with acceptable costs.
Document type :
Conference papers
Complete list of metadatas

https://hal.inria.fr/hal-01518239
Contributor : Hal Ifip <>
Submitted on : Thursday, May 4, 2017 - 1:45:32 PM
Last modification on : Thursday, October 18, 2018 - 6:06:02 PM
Long-term archiving on : Saturday, August 5, 2017 - 1:15:26 PM

File

978-3-642-30436-1_32_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Yulong Zhang, Min Li, Kun Bai, Meng Yu, Wanyu Zang. Incentive Compatible Moving Target Defense against VM-Colocation Attacks in Clouds. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. pp.388-399, ⟨10.1007/978-3-642-30436-1_32⟩. ⟨hal-01518239⟩

Share

Metrics

Record views

151

Files downloads

173