Skip to Main content Skip to Navigation

Microarchitecture-Aware Virtual Machine Placement under Information Leakage Constraints

Arnaud Lefray 1, 2 Eddy Caron 2 Jonathan Rouzaud-Cornabas 3, 4 Christian Toinard 1
2 AVALON - Algorithms and Software Architectures for Distributed and HPC Platforms
Inria Grenoble - Rhône-Alpes, LIP - Laboratoire de l'Informatique du Parallélisme
4 BEAGLE - Artificial Evolution and Computational Biology
LBBE - Laboratoire de Biométrie et Biologie Evolutive - UMR 5558, Inria Grenoble - Rhône-Alpes, LIRIS - Laboratoire d'InfoRmatique en Image et Systèmes d'information
Abstract : One of the major concerns when moving to Clouds is data confidentiality. Nevertheless, more and more applications are outsourced to a public or private Cloud. In general, the usage of virtualization is acknowledged as an isolation mechanism between applications running on shared resources. But, as previously shown, virtualization does not ensure data security. Indeed, the isolation can be broken due to covert channels existing in both the software and the hardware (e.g., improperly virtualized caches). Furthermore, even if a perfect control mechanism could be design, it would not protect against covert channels as they bypass control mechanism using legal means. In this paper, we first describe how these attacks are working. Next, after presenting the existing mitigation mechanisms, we show that a good solution is to take into account security while allocating resources (i.e., when placing the VMs). Furthermore, depending on which resources are shared, we demonstrate that the achievable bitrate of these attacks can change dramatically. We propose a new metric to quantify them and use it as an acceptable risk for isolation properties. Then, we show how to use them when allocating resources and the importance of a fine-grained resource allocation mechanism. Finally, we demonstrate that a security-oblivious placement algorithm breaks a fair amount of properties but taking into account the isolation impacts the acceptance rate (i.e., the percentage of successfully placed VMs).
Complete list of metadatas

Cited literature [22 references]  Display  Hide  Download

https://hal.inria.fr/hal-01240573
Contributor : Eddy Caron <>
Submitted on : Wednesday, December 9, 2015 - 12:37:53 PM
Last modification on : Monday, February 10, 2020 - 4:36:52 PM
Document(s) archivé(s) le : Saturday, April 29, 2017 - 9:47:15 AM

File

cloud-2015.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution - NonCommercial - NoDerivatives 4.0 International License

Identifiers

Citation

Arnaud Lefray, Eddy Caron, Jonathan Rouzaud-Cornabas, Christian Toinard. Microarchitecture-Aware Virtual Machine Placement under Information Leakage Constraints. 8th IEEE International Conference on Cloud Computing (IEEE Cloud 2015), http://www.thecloudcomputing.org/2015/, Jun 2015, New-York, United States. pp.588 - 595 ⟨10.1109/CLOUD.2015.84⟩. ⟨hal-01240573⟩

Share

Metrics

Record views

3878

Files downloads

555