Enhancing Security in Cloud Computing Through Virtual Machine Placement
Cloud computing, while becoming more and more popular as a dominant computing platform, introduces new security challenges. Considering the benefits provided by the infrastructure as a Service(IaaS) model, such as reduced cost for customer and better resource utilization for service provider, it attracted more attention from attacker. In recent years, the attacks are specifically designed to co-locate with target virtual machines in the cloud. Thus, when virtual machines are deployed in a cloud environment, virtual machine placement strategies can significantly affect the overall security risks of the entire cloud. The virtual machine placement without considering the security risks may put the customers, or even the entire cloud, in danger.
This dissertation addresses the problem of risk evaluation of a cloud and put the co-residency risk into consideration. The current state-of-art VM allocation policies were reviewed and existing multi-objective optimization algorithms were studied. We believed that existing solutions of Virtual Machine Placement(VMP) lack consideration of security issues generated by co-residency and proper security metrics should be proposed to guide the new solution of VMP. To address this issue, We proposed a Secured Multi-Objective Optimization based virtual machine Placement algorithm (SMOOP) to seek an overall improved solution to reduce overall security risks of a cloud. This target will be accomplished by three steps. First of all, we proposed a practical security metrics to quantify a comprehensive security risk evaluation of cloud environments from network, host and VM aspects. In the second step, we finished the design and implementation of SMOOP, which will apply our security metrics to improve the security level of the cloud, while also considering workload balance, resource utilization on CPU, memory, disk, and network traffic. The optimized direction could be adapted by users' own configuration. In the last step, we extended our work by studying art-of-state VM allocation policy, and integrate them into our system design to defeat co-residency attacks. Our evaluation results show that the security level of clouds can be effectively improved through our proposed algorithm with affordable overhead, while other objects were also satisfied at the same time.
To better enhance the adaptability of our proposed security metrics, we focused on developing a fine-grained model to better quantify the risk rate generated by co-residency. Based on a large scale dataset collected from Microsoft Azure Platform, we finished the task to profile the behavior pattern of normal service subscriber based on our proposed feature metrics and service subscribers would be clustered into multiple categories. After the baseline was built up by the normal behavior pattern, the derivation rate would be evaluated for each category and the high-risk group would be labeled accordingly. With these labeled data, a classification component and a quantification component would be constructed and used to dynamically quantify the co-residency risk rate for a specific VM. Based on the evaluation of our experiment result, our model demonstrated great robustness to new seen data and the accuracy rate was verified by examination of F Measuring Matrix.