Incentive Compatible Moving Target Defense against VM-Colocation Attacks in Clouds - Information Security and Privacy Research
Conference Papers Year : 2012

Incentive Compatible Moving Target Defense against VM-Colocation Attacks in Clouds

Kun Bai
  • Function : Author
  • PersonId : 1007497
Meng Yu
  • Function : Author
  • PersonId : 1007498

Abstract

Cloud computing has changed how services are provided and supported through the computing infrastructure. However, recent work [11] reveals that virtual machine (VM) colocation based side-channel attack can leak users privacy. Techniques have been developed against side-channel attacks. Some of them like NoHype remove the hypervisor layer, which suggests radically changes of the current cloud architecture. While some other techniques may require new processor design that is not immediately available to the cloud providers.In this paper, we propose to construct an incentive-compatible moving-target-defense by periodically migrating VMs, making it much harder for adversaries to locate the target VMs. We developed theories about whether the migration of VMs is worthy and how the optimal migration interval can be determined. To the best of our knowledge, our work is the first effort to develop a formal and quantified model to guide the migration strategy of clouds to improve security. Our analysis shows that our placement based defense can significantly improve the security level of the cloud with acceptable costs.
Fichier principal
Vignette du fichier
978-3-642-30436-1_32_Chapter.pdf (462.72 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Dates and versions

hal-01518239 , version 1 (04-05-2017)

Licence

Identifiers

Cite

Yulong Zhang, Min Li, Kun Bai, Meng Yu, Wanyu Zang. Incentive Compatible Moving Target Defense against VM-Colocation Attacks in Clouds. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. pp.388-399, ⟨10.1007/978-3-642-30436-1_32⟩. ⟨hal-01518239⟩
254 View
215 Download

Altmetric

Share

More