Microarchitecture-Aware Virtual Machine Placement under Information Leakage Constraints

Arnaud Lefray 1, 2 Eddy Caron 2 Jonathan Rouzaud-Cornabas 3, 4 Christian Toinard 1
2 AVALON - Algorithms and Software Architectures for Distributed and HPC Platforms
Inria Grenoble - Rhône-Alpes, LIP - Laboratoire de l'Informatique du Parallélisme
4 BEAGLE - Artificial Evolution and Computational Biology
LIRIS - Laboratoire d'InfoRmatique en Image et Systèmes d'information, Inria Grenoble - Rhône-Alpes, LBBE - Laboratoire de Biométrie et Biologie Evolutive, CarMeN - Laboratoire de recherche en cardiovasculaire, métabolisme, diabétologie et nutrition
Abstract : One of the major concerns when moving to Clouds is data confidentiality. Nevertheless, more and more applications are outsourced to a public or private Cloud. In general, the usage of virtualization is acknowledged as an isolation mechanism between applications running on shared resources. But, as previously shown, virtualization does not ensure data security. Indeed, the isolation can be broken due to covert channels existing in both the software and the hardware (e.g., improperly virtualized caches). Furthermore, even if a perfect control mechanism could be design, it would not protect against covert channels as they bypass control mechanism using legal means. In this paper, we first describe how these attacks are working. Next, after presenting the existing mitigation mechanisms, we show that a good solution is to take into account security while allocating resources (i.e., when placing the VMs). Furthermore, depending on which resources are shared, we demonstrate that the achievable bitrate of these attacks can change dramatically. We propose a new metric to quantify them and use it as an acceptable risk for isolation properties. Then, we show how to use them when allocating resources and the importance of a fine-grained resource allocation mechanism. Finally, we demonstrate that a security-oblivious placement algorithm breaks a fair amount of properties but taking into account the isolation impacts the acceptance rate (i.e., the percentage of successfully placed VMs).
Type de document :
Communication dans un congrès
IEEE. 8th IEEE International Conference on Cloud Computing (IEEE Cloud 2015), Jun 2015, New-York, United States. pp.588 - 595 2015, Cloud Computing (CLOUD), 2015 IEEE 8th International Conference on 〈10.1109/CLOUD.2015.84〉
Liste complète des métadonnées

Littérature citée [22 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01240573
Contributeur : Eddy Caron <>
Soumis le : mercredi 9 décembre 2015 - 12:37:53
Dernière modification le : vendredi 20 avril 2018 - 15:44:26
Document(s) archivé(s) le : samedi 29 avril 2017 - 09:47:15

Fichier

cloud-2015.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité - Pas d'utilisation commerciale - Pas de modification 4.0 International License

Identifiants

Citation

Arnaud Lefray, Eddy Caron, Jonathan Rouzaud-Cornabas, Christian Toinard. Microarchitecture-Aware Virtual Machine Placement under Information Leakage Constraints. IEEE. 8th IEEE International Conference on Cloud Computing (IEEE Cloud 2015), Jun 2015, New-York, United States. pp.588 - 595 2015, Cloud Computing (CLOUD), 2015 IEEE 8th International Conference on 〈10.1109/CLOUD.2015.84〉. 〈hal-01240573〉

Partager

Métriques

Consultations de la notice

1282

Téléchargements de fichiers

181