Abstract | ||
---|---|---|
Cloud computing provides a paradigm where users can utilize various configurable IT resources in an on-demand and cost-effective manner. However, new security risks such as co-resident attacks have arisen. This paper models a situation when a user partitions and distributes sensitive data among several virtual machines to make unauthorized access to the entire data difficult in a cloud environment subject to the co-resident attacks. The attacker creates virtual machines in the same environment aiming to get access to users data. The cloud resource management system distributes all virtual machines among servers at random. The unauthorized access to data associated with users virtual machine is possible only if this machine co-resides in the same server with the attackers virtual machines. It is assumed that creating a side channel and getting access to the data is a common event for all the servers in which users and attackers virtual machines co-reside. Based on the suggested probabilistic model, an optimal number of users virtual machines (i.e., number of different data blocks partitioned) is obtained for a fixed or an uncertain number of attackers virtual machines, and for the case where the attacker knows the number of users virtual machines and responds optimally on any number of these machines. Examples demonstrate that the proposed optimal data partitioning policy can effectively mitigate effects of the co-resident attacks through minimizing users losses. Co-residence attacks on data distributed among virtual machines are considered.Model of full co-residence coverage probability is developed for cloud systems.The optimal data partition policy is considered.The minmax partition policy problem for strategic attackers is formulated and solved. |
Year | DOI | Venue |
---|---|---|
2017 | 10.1016/j.future.2016.12.025 | Future Generation Comp. Syst. |
Keywords | Field | DocType |
Cloud computing,Virtual machine,Co-residence attack,Data partitioning,Optimization,Minmax | Virtual machine,Temporal isolation among virtual machines,Computer science,Server,Real-time computing,Resource Management System,Side channel attack,Statistical model,Data access,Distributed computing,Cloud computing | Journal |
Volume | Issue | ISSN |
70 | C | 0167-739X |
Citations | PageRank | References |
9 | 0.45 | 30 |
Authors | ||
3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Gregory Levitin | 1 | 1422 | 115.34 |
Liudong Xing | 2 | 1214 | 109.89 |
Yuan-Shun Dai | 3 | 1357 | 98.96 |