A limited-trust capacity model for mitigating threats of internal malicious services in cloud computing

Abstract

Hidden persistent malware in guest virtual machine instances are among the most common internal threats in cloud computing, affecting the security of both cloud customers and providers. With the growing sophistication of modern malware, traditional methods are becoming increasingly ineffective for tackling cloud security problems. Moreover, given the pay-per-use model of clouds, consumption of resources by these malwares and malicious services can cause huge losses to both the cloud provider and customer. Thus, it is important to develop mechanisms that can limit the scale of malicious attacks in order to minimize their resources consumption. Trust management is a fundamental technique for assessing and increasing the reliability and security of cloud services. Unfortunately, majority of existing mechanisms for trust management in clouds have limitations that prevent them from being fully effective. In this paper, we propose a novel limited-trust capacity model to mitigate the threats of internal malicious software and services in cloud computing using concepts from flow networks to reduce the scale of malicious software or services. Our limited-trust capacity model can be utilized in the following two ways: (1) to manage the trust relationship among the guest services and to evaluate the threats of unknown malicious services, and (2) to minimize risk associated with renting cloud services and limiting the resource drain caused by malicious guest services. Finally, experimental results show that our limited-trust capacity model can effectively restrict the scale of malicious services and significantly mitigate the threats of internal attacks.