scholarly journals A Security-Awareness Virtual Machine Management Scheme Based on Chinese Wall Policy in Cloud Computing

2014 ◽  
Vol 2014 ◽  
pp. 1-12 ◽  
Author(s):  
Si Yu ◽  
Xiaolin Gui ◽  
Jiancai Lin ◽  
Feng Tian ◽  
Jianqiang Zhao ◽  
...  
Keyword(s):  
Cloud Computing ◽  
Virtual Machine ◽  
Utilization Rate ◽  
Side Channel ◽  
Security Awareness ◽  
Side Channel Attacks ◽  
Privacy Leakage ◽  
Management Scheme ◽  
Series Of Experiments ◽  
And Migration

Cloud computing gets increasing attention for its capacity to leverage developers from infrastructure management tasks. However, recent works reveal that side channel attacks can lead to privacy leakage in the cloud. Enhancing isolation between users is an effective solution to eliminate the attack. In this paper, to eliminate side channel attacks, we investigate the isolation enhancement scheme from the aspect ofvirtual machine(VM) management. The security-awareness VMs management scheme (SVMS), a VMs isolation enhancement scheme to defend against side channel attacks, is proposed. First, we use theaggressive conflict of interest relation(ACIR) andaggressive in ally with relation(AIAR) to describe user constraint relations. Second, based on the Chinese wall policy, we put forward four isolation rules. Third, the VMs placement and migration algorithms are designed to enforce VMs isolation between the conflict users. Finally, based on the normal distribution, we conduct a series of experiments to evaluate SVMS. The experimental results show that SVMS is efficient in guaranteeing isolation between VMs owned by conflict users, while the resource utilization rate decreases but not by much.

Adaptive multilevel fuzzy-based authentication framework to mitigate Cache side channel attack in cloud computing

2018 ◽  
Vol 09 (05) ◽  
pp. 1850045 ◽  
Author(s):  
Bharati Ainapure ◽  
Deven Shah ◽  
A. Ananda Rao
Keyword(s):  
Cloud Computing ◽  
Private Information ◽  
Privacy Preservation ◽  
Virtual Machines ◽  
Fuzzy Rule ◽  
Data Access ◽  
Side Channel ◽  
Side Channel Attack ◽  
Side Channel Attacks ◽  
Cloud Providers

Cloud computing supports multitenancy to satisfy the users’ demands for accessing resources and simultaneously it increases revenue for cloud providers. Cloud providers adapt multitenancy by virtualizing the resources, like CPU, network interfaces, peripherals, hard drives and memory using hypervisor to fulfill the demand. In a virtualized environment, many virtual machines (VMs) can run on the same core with the help of the hypervisor by sharing the resources. The VMs running on the same core are the target for the malicious or abnormal attacks like side channel attacks. Among various side channel attacks in cloud computing, cache-based side channel attack is one that leaks private information of the users based on the shared resources. Here, as the shared resource is the cache, a process can utilize the cache usage of another by cache contention. Cache sharing provides a way for the attackers to gain considerable information so that the key used for encryption can be inferred. Discovering this side channel attack is a challenging task. This requires identification of a feature that influences the attack. Even though there are various techniques available in the literature to mitigate such attacks, an effective solution to reduce the cache-based side channel attack is still an issue. Therefore, a novel fuzzy rule-based mechanism is integrated to detect the cache side channel attackers by monitoring the cache data access (CDA). The factor that determines the attack is CDA in a log file created by the framework during authorization. The proposed framework also utilizes certain security properties including ECC and hashing for the privacy preservation and the decision is made with the aid of a fuzzy logic system.

scholarly journals A Virtual Machine Migration Strategy Based on the Relevance of Services against Side-Channel Attacks

2021 ◽  
Vol 2021 ◽  
pp. 1-17
Author(s):  
Ji-Ming Chen ◽  
Shi Chen ◽  
Xiang Wang ◽  
Lin Lin ◽  
Li Wang
Keyword(s):  
Internet Of Things ◽  
Virtual Machine ◽  
Virtual Machines ◽  
Edge Computing ◽  
Security And Privacy ◽  
Side Channel ◽  
Virtual Machine Migration ◽  
Side Channel Attacks ◽  
Migration Strategy ◽  
Vm Migration

With the rapid development of Internet of Things technology, a large amount of user information needs to be uploaded to the cloud server for computing and storage. Side-channel attacks steal the private information of other virtual machines by coresident virtual machines to bring huge security threats to edge computing. Virtual machine migration technology is currently the main way to defend against side-channel attacks. VM migration can effectively prevent attackers from realizing coresident virtual machines, thereby ensuring data security and privacy protection of edge computing based on the Internet of Things. This paper considers the relevance between application services and proposes a VM migration strategy based on service correlation. This strategy defines service relevance factors to quantify the degree of service relevance, build VM migration groups through service relevance factors, and effectively reduce communication overhead between servers during migration, design and implement the VM memory migration based on the post-copy method, effectively reduce the occurrence of page fault interruption, and improve the efficiency of VM migration.

scholarly journals A Resource-aware Container Management Scheme in a Heterogeneous Cluster

2021 ◽  
Author(s):  
Yiwen Chen
Keyword(s):  
Cloud Computing ◽  
Virtual Machine ◽  
Real Life ◽  
Management Tool ◽  
Heterogeneous Cluster ◽  
Management Scheme ◽  
Important Player ◽  
Resource Aware ◽  
Internet Revolution

Cloud computing nowadays is not an emerging topic, and virtualization is an indispensable technology to expedite cloud computing to become the next sign of the coming Internet revolution. In real life, scientists never stop at exploring the possibilities from such technology by investigating millions of experiments and applications to enhance the quality of virtual services. However, isolated construction for the virtual machine doesn’t save the technology from unwanted data volumes or insensitive processing time. Containers are created to address such problems, by distributing applications without initiating the entire virtual machine. Docker, as an important player in this game, is an open-source application of the container family. The management tool from Docker containers, Swamskit, does not take heterogeneities in either virtualized containers or physical nodes. There are different nodes in the cluster, and each node is different in configurations, resource availability, or concerning resource, etc. Furthermore, the requirements initiated by different services change all the time. The demand might be CPU-intensive (e.g. Clustering services) and also memory-intensive (e.g. Web services), or completely at the opposite. In this paper, we focus on exploring the Docker container cluster and designing, DRAPS, a resource-aware placement scheme, to improve the system performance in a heterogeneous cluster.

Sign in / Sign up

Export Citation Format

Share Document