Authors:
Min Li
1
;
Yulong Zhang
2
;
Kun Bai
3
;
Wanyu Zang
1
;
Meng Yu
1
and
Xubin He
1
Affiliations:
1
Virginia Commonwealth University, United States
;
2
Virginia Commonwealth Unversity, United States
;
3
IBM T.J. Watson Research Center, United States
Keyword(s):
Cloud Computing, Virtual Machine Placement, Security, Survivability.
Related
Ontology
Subjects/Areas/Topics:
Data and Application Security and Privacy
;
Information and Systems Security
;
Secure Cloud Computing
;
Security in Distributed Systems
Abstract:
Cloud computing is becoming more and more popular in computing infrastructure and it also introduces new security problems. For example, a physical server shared by many virtual machines can be taken over by an attacker if the virtual machine monitor is compromised through one of the virtual machines. Thus, collocating with vulnerable virtual machines, or “bad neighbours”, on the same physical server introduces additional security risks. Moreover, the connections between virtual machines, such as the network connection between a web server and its back end database server, are natural paths of attacks. Therefore, both virtual machine placement and connections among virtual machines in the cloud have great impact over the overall security of cloud. In this paper, we quantify the security risks of cloud environments based on virtual machine vulnerabilities and placement schemes. Based on our security evaluation, we develop techniques to generate virtual machine placement that can minim
ize the security risks considering the connections among virtual machines. According to the experimental results, our approach can greatly improve the survivability of most virtual machines and the whole cloud. The computing costs and deployment costs of our techniques are also practical.
(More)