Incentive Compatible Moving Target Defense against VM-Colocation Attacks in Clouds

Abstract : Cloud computing has changed how services are provided and supported through the computing infrastructure. However, recent work [11] reveals that virtual machine (VM) colocation based side-channel attack can leak users privacy. Techniques have been developed against side-channel attacks. Some of them like NoHype remove the hypervisor layer, which suggests radically changes of the current cloud architecture. While some other techniques may require new processor design that is not immediately available to the cloud providers.In this paper, we propose to construct an incentive-compatible moving-target-defense by periodically migrating VMs, making it much harder for adversaries to locate the target VMs. We developed theories about whether the migration of VMs is worthy and how the optimal migration interval can be determined. To the best of our knowledge, our work is the first effort to develop a formal and quantified model to guide the migration strategy of clouds to improve security. Our analysis shows that our placement based defense can significantly improve the security level of the cloud with acceptable costs.
Type de document :
Communication dans un congrès
Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.388-399, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_32〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01518239
Contributeur : Hal Ifip <>
Soumis le : jeudi 4 mai 2017 - 13:45:32
Dernière modification le : jeudi 4 mai 2017 - 14:53:53
Document(s) archivé(s) le : samedi 5 août 2017 - 13:15:26

Fichier

978-3-642-30436-1_32_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Yulong Zhang, Min Li, Kun Bai, Meng Yu, Wanyu Zang. Incentive Compatible Moving Target Defense against VM-Colocation Attacks in Clouds. Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.388-399, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_32〉. 〈hal-01518239〉

Partager

Métriques

Consultations de la notice

110

Téléchargements de fichiers

74