Skip to Main content Skip to Navigation
Conference papers

Incentive Compatible Moving Target Defense against VM-Colocation Attacks in Clouds

Abstract : Cloud computing has changed how services are provided and supported through the computing infrastructure. However, recent work [11] reveals that virtual machine (VM) colocation based side-channel attack can leak users privacy. Techniques have been developed against side-channel attacks. Some of them like NoHype remove the hypervisor layer, which suggests radically changes of the current cloud architecture. While some other techniques may require new processor design that is not immediately available to the cloud providers.In this paper, we propose to construct an incentive-compatible moving-target-defense by periodically migrating VMs, making it much harder for adversaries to locate the target VMs. We developed theories about whether the migration of VMs is worthy and how the optimal migration interval can be determined. To the best of our knowledge, our work is the first effort to develop a formal and quantified model to guide the migration strategy of clouds to improve security. Our analysis shows that our placement based defense can significantly improve the security level of the cloud with acceptable costs.
Document type :
Conference papers
Complete list of metadata
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Thursday, May 4, 2017 - 1:45:32 PM
Last modification on : Thursday, October 18, 2018 - 6:06:02 PM
Long-term archiving on: : Saturday, August 5, 2017 - 1:15:26 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Yulong Zhang, Min Li, Kun Bai, Meng Yu, Wanyu Zang. Incentive Compatible Moving Target Defense against VM-Colocation Attacks in Clouds. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. pp.388-399, ⟨10.1007/978-3-642-30436-1_32⟩. ⟨hal-01518239⟩



Record views


Files downloads