Skip to Main content Skip to Navigation
Reports

Improving users' isolation in IaaS: Virtual Machine Placement with Security Constraints

Eddy Caron 1 Jonathan Rouzaud-Cornabas 1, *
* Corresponding author
1 AVALON - Algorithms and Software Architectures for Distributed and HPC Platforms
Inria Grenoble - Rhône-Alpes, LIP - Laboratoire de l'Informatique du Parallélisme
Abstract : Nowadays virtualization is used as the sole mechanism to isolate different users on Cloud platforms. We will show that due to improper virtualization of micro-architectural components, data leak and modification can occur on public Clouds. Furthermore, using the same vector, it is possible to induce performance interferences, i.e. noisy neighbors. Using this approach, a VM can slow down and steal resources from concurrent VMs. We propose placement heuristics that take into account isolation requirements. We modify three classical heuristics to take into account these requirements. Furthermore, we propose four new heuristics that take into account the hierarchy of the Cloud platforms and the isolation requirements. Finally, we evaluate these heuristics and compare them with the modified classical ones. We show that our heuristics are performing at least as good as classical ones but are scaling better and are faster by a few order of magnitude than the classical ones.
Complete list of metadatas

Cited literature [37 references]  Display  Hide  Download

https://hal.inria.fr/hal-00924296
Contributor : Jonathan Rouzaud-Cornabas <>
Submitted on : Friday, January 10, 2014 - 2:30:31 PM
Last modification on : Monday, May 4, 2020 - 11:40:01 AM
Long-term archiving on: : Thursday, April 10, 2014 - 10:05:52 PM

Files

RR-8444.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-00924296, version 1

Citation

Eddy Caron, Jonathan Rouzaud-Cornabas. Improving users' isolation in IaaS: Virtual Machine Placement with Security Constraints. [Research Report] RR-8444, INRIA. 2014. ⟨hal-00924296⟩

Share

Metrics

Record views

695

Files downloads

607