Skip to Main content Skip to Navigation
New interface
Conference papers

Microarchitecture-Aware Virtual Machine Placement under Information Leakage Constraints

Arnaud Lefray 1, 2 Eddy Caron 2 Jonathan Rouzaud-Cornabas 3, 4 Christian Toinard 1 
2 AVALON - Algorithms and Software Architectures for Distributed and HPC Platforms
Inria Grenoble - Rhône-Alpes, LIP - Laboratoire de l'Informatique du Parallélisme
4 BEAGLE - Artificial Evolution and Computational Biology
LIRIS - Laboratoire d'InfoRmatique en Image et Systèmes d'information, Inria Grenoble - Rhône-Alpes, LBBE - Laboratoire de Biométrie et Biologie Evolutive - UMR 5558
Abstract : One of the major concerns when moving to Clouds is data confidentiality. Nevertheless, more and more applications are outsourced to a public or private Cloud. In general, the usage of virtualization is acknowledged as an isolation mechanism between applications running on shared resources. But, as previously shown, virtualization does not ensure data security. Indeed, the isolation can be broken due to covert channels existing in both the software and the hardware (e.g., improperly virtualized caches). Furthermore, even if a perfect control mechanism could be design, it would not protect against covert channels as they bypass control mechanism using legal means. In this paper, we first describe how these attacks are working. Next, after presenting the existing mitigation mechanisms, we show that a good solution is to take into account security while allocating resources (i.e., when placing the VMs). Furthermore, depending on which resources are shared, we demonstrate that the achievable bitrate of these attacks can change dramatically. We propose a new metric to quantify them and use it as an acceptable risk for isolation properties. Then, we show how to use them when allocating resources and the importance of a fine-grained resource allocation mechanism. Finally, we demonstrate that a security-oblivious placement algorithm breaks a fair amount of properties but taking into account the isolation impacts the acceptance rate (i.e., the percentage of successfully placed VMs).
Complete list of metadata

Cited literature [22 references]  Display  Hide  Download
Contributor : Eddy Caron Connect in order to contact the contributor
Submitted on : Wednesday, December 9, 2015 - 12:37:53 PM
Last modification on : Tuesday, October 25, 2022 - 4:20:15 PM
Long-term archiving on: : Saturday, April 29, 2017 - 9:47:15 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution - NonCommercial - NoDerivatives 4.0 International License



Arnaud Lefray, Eddy Caron, Jonathan Rouzaud-Cornabas, Christian Toinard. Microarchitecture-Aware Virtual Machine Placement under Information Leakage Constraints. 8th IEEE International Conference on Cloud Computing (IEEE Cloud 2015),, Jun 2015, New-York, United States. pp.588 - 595 ⟨10.1109/CLOUD.2015.84⟩. ⟨hal-01240573⟩



Record views


Files downloads