دانلود مقاله خط‌مشی های تخصیص ماشین مجازی ایمن و کارآمد با راندمان و پوشش کم حمله

خلاصه
مقدمه
II. کار مرتبط
III. فرمول مسئله و الزامات
IV. الگوریتم‌های پیشنهادی برای امنیت جلسه و عوامل عملکرد
V. ارزیابی
VI. بحث ها و محدودیت ها
VII. نتیجه
منابع

Abstract
I. Introduction
II. Related Work
III. Problem Formulation and Requirements
IV. Proposed Algorithms for Meeting Security and Performance Factors
V. Evaluation
VI. Discussions and Limitations
VII. Conclusion
References

چکیده
رایانش ابری با ارائه منابع فناوری اطلاعات به عنوان خدمات در اینترنت، فناوری اطلاعات (فناوری اطلاعات) را به طور کامل تغییر داده است. با این حال، انواع خاصی از حملات، مانند حملات وابستگی متقابل، مانع پذیرش گسترده آن می شود. با دومی، مهاجمی که موفق به به خطر انداختن VM یک کاربر می‌شود، می‌تواند از هایپروایزر عبور کند تا به VM(های) سایر کاربران در همان Hypervisor حمله کند. متأسفانه، ما به عدم وجود سیاست های تخصیص ایمن و کارآمد در برابر این مشکل اشاره می کنیم. سیاست‌های موجود بر امنیت تمرکز می‌کنند، اما عوامل دیگر، از جمله تعادل حجم کار و مصرف انرژی را که برای پلتفرم‌های ابری تجاری حیاتی هستند، نادیده می‌گیرند. در این زمینه، ما سیاست‌های تخصیص متفاوتی را برای انتخاب سرور مرکز داده که یک ماشین مجازی جدید را به آن اختصاص می‌دهیم، پیشنهاد می‌کنیم. هدف این سیاست ها به حداقل رساندن وابستگی متقابل ماشین های مجازی کاربران مختلف است و در عین حال عملکرد سیستم را در مورد تعادل بار کاری و/یا مصرف انرژی حفظ می کند. به‌طور پیش‌فرض، خط‌مشی‌های تخصیص ما با همه کاربران قانونی به‌عنوان مهاجم برخورد می‌کند و ماشین‌های مجازی آن‌ها را با توجه به کارایی و پوشش آن‌ها میزبانی می‌کند. ما ابتدا یک راه حل امن و متعادل طراحی می کنیم که تعادل بار کاری را افزایش می دهد تا از استفاده بیش از حد از سرورها جلوگیری کند. پس از آن، ما الگوریتمی را پیشنهاد می کنیم که به طور همزمان به اهداف امنیتی، مصرف انرژی و تعادل بار کاری می پردازد. بر اساس نتایج شبیه‌سازی ما، راه‌حل‌های ما بهتر از الگوریتم‌های موجود در رابطه با امنیت، تعادل بار کاری و مصرف انرژی عمل می‌کنند. راه حل متعادل شانس مهاجم را به صفر می رساند و تعادل بار کاری را به صورت خطی افزایش می دهد. به عبارت دیگر، توازن حجم کار بین [5، 35] است، و از میزبان‌های کمی بیشتر از پیشنهادات موجود استفاده می‌کند، با سود بین [2، 8]. اگرچه پیشنهاد نهایی ما نسبت به الگوریتم‌های قبلی از امنیت کمتری برخوردار است، اما عملکرد بهتری دارد، بنابراین تعادل بار کاری خوبی دارد ([5، 30]) و انرژی کمتری مصرف می‌کند.

Abstract

Cloud computing has completely changed IT (information technology) by providing IT resources as services on the internet. However, certain types of attacks, such as interdependency attacks, impede its wide adoption. With the latter, an attacker who succeeds in compromising the VM of a user can traverse the hypervisor to launch an attack on the VM(s) of other users on the same hypervisor. Unfortunately, we note a lack of secure and performant allocation policies against this problem. Existing policies focus on security but ignore other factors, including workload balance and energy consumption, which are vital for commercial cloud platforms. In this context, we propose different allocation policies for choosing the datacenter server to which we allocate a new virtual machine. These policies aim to minimize the interdependence of different users’ VMs while keeping the system performant regarding workload balance and/or power consumption. By default, our allocation policies treat all legitimate users as attackers and host their virtual machines according to their efficiency and coverage. We first design a secure and balanced solution that increases workload balance to prevent the servers from being overused. Afterward, we propose an algorithm that addresses security, power consumption, and workload balance objectives simultaneously. Based on our simulation results, our solutions perform better than existing algorithms regarding security, workload balance, and power consumption. The balanced solution reduces the chance of an attacker to zero and increases workload balance linearly. In other words, the workload balance is between [5,35] , and it utilizes slightly more hosts than existing proposals, with gains between [2,8] . Although our final proposal is less secure than previous algorithms, it performs better, so it has a good workload balance ( [5,30] ) and consumes less energy.

Introduction

Cloud computing is one of the most remarkable advances in IT in the last two decades. It offers resource consumption on demand, a flexible environment, and easy to use. These facilities make it widely adopted by the customers. However, in cloud computing, the hypervisor allows multiple virtual machines (VMs) of different users to run simultaneously on the same physical server. Ideally, each of these users’ virtual machines should operate in isolation to maintain optimal security conditions. Unfortunately, perfect logical isolation has not been achieved in practice, leaving attackers with the possibility of launching attacks such as interdependency attacks, etc. [1], [2], [3], [4], [5], [6], [7]. With the interdependency attack, a malicious user who has compromised the VM(s) of a user i can traverse the hypervisor to launch an attack on the VMs of another user j≠i on the same hypervisor.

Hence, to tackle this issue, most of the proposals tried to satisfy security and/or performance constraints by using optimization methods such as heuristic algorithms [8], [9], [10], game theory approaches [3], [11], [12], [13], the multi-objectives optimization [14], [15], [16] since the problem is NP-hard [14]. However, we note the absence of a secure and performant virtual machine allocation technique against the interdependency problem. For instance, in [16], the authors proposed a secure solution against the interdependency attack that minimizes both attacker’s efficiency and coverage, which respectively represent the probability of success of the attacker and the probability that the virtual machine of a legitimate user will be compromised. Nevertheless, this solution overlooked essential performance constraints related to minimizing power consumption and maximizing workload balance in the datacenter. These two performance constraints are very important for commercial cloud platforms. The first one motivates a provider to allocate a lot of VMs to fewer servers to reduce the cost of energy consumption and the emission of carbon dioxide (CO2). Significant energy consumption leads to high energy costs among providers. On the other hand, maximizing the workload balance spreads users’ virtual machines among the servers to prevent the hosts from being over-utilized. To accommodate these two performance constraints essential for commercial cloud platforms, we propose extending [16]. We address the interdependency problem and the interdependency attack interchangeably throughout the paper. We also refer to the performance by workload balance and power consumption.

Conclusion

In this paper, we develop the first secure and performant solution against the interdependency attack between cloud users sharing the same hypervisor. It focuses on minimizing security metrics while considering power consumption and workload balance. This approach considers all legitimate users as attackers who attempt to hack the host’s hypervisor and gain unauthorized privileges on the VMs it contains. Specifically, we define a secure allocation policy that maximizes workload balance (SALAEC-B) and a secure and performant allocation policy that simultaneously optimizes security, workload balance, and power consumption (SPALAEC). We also show that these solutions are optimal with polynomial complexities synonymous with “feasible” and “efficient”. In addition, results from the simulation show that SALAEC-B is secure and balanced, and it performs better than its counterpart in the related work, PSSF-Balanced [14]. Finally, SPALAEC is also secure against the interdependency attack while being efficient regarding workload balance and power consumption. Furthermore, our VM allocation policies prevent the negative impact that can be caused by the failure of one of the servers, unlike in PSSF-LEAST [15] and PSSF-Balanced [14]. Our allocation policies do not consider the possibility of migrating a virtual machine from one server to another. We propose an energy-aware approach with virtual machine migration as future work to deal with the high energy consumption in cloud computing and service level agreements (SLAs) violations. In addition, during allocation, our algorithms use the amount of security investment, which does not change over time (i). Our future work may investigate (i) and other simulation scenarios with many users.