Co-residence based data vulnerability vs. security in cloud computing system with random server assignment

Abstract

The virtualization technology, particularly virtual machines (VMs) used in cloud computing systems have raised unique security and survivability risks for cloud users. This paper focuses on one of such risks, co-residence attacks where a user's information in one VM can be accessed (stolen) or corrupted through side channels by a malicious attacker's VM co-residing on the same server. We model and optimize users’ data protection policy in which sensitive data are partitioned into several blocks to enhance data security and multiple replicas are further created for each block to provide data survivability in a cloud environment subject to the co-residence attacks. Both users’ and attackers’ VMs are distributed among cloud servers at random. Probabilistic models are first suggested to derive the overall probabilities of an attacker's success in data theft and data corruption. Based on the suggested probabilistic evaluation models, optimization problems of obtaining the data partition/replication policy to balance data security, data survivability and a user's overheads are formulated and solved. The possible user's uncertainty about the number of attacker's VMs is taken into account. Numerical examples demonstrating influence of different constraints on the optimal policy are presented.