Investigating, quantifying and controlling the co-location attack’s conditional value at risk of VM placement strategies

Abstract

Co-location attacks jeopardize data privacy and performance of virtual machines (VMs) in cloud computing, which can result in unexpected monetary losses that are not supported or covered by the investments made by users and providers. The uncertainty about the VM type (attacker, target or neutral) exacerbates the difficulty of the problem. However, existing methods, particularly VM placement strategies, fail to capture the risk of significant losses. The measures of risk have a crucial role in coping with the losses that might be incurred by the involved parties in finance or the insurance industry. In this paper, we introduce the notion of risk to the co-location resistant VM placement strategies. We develop a novel framework that assesses the co-location attack risk of an assignment returned by a specific VM placement strategy. A thorough analysis of multiple existing VM placement algorithms highlights the significance of incorporating this measure as it reveals a discernible correlation pattern with respect to co-location attack coverage and resource consumption. Based on these findings, we propose a new Approximate Co-Location Resistant Placement Strategy with Risk Constraints (ACLRPS-RC) to protect the involved parties from overwhelming security losses. The simulations on CloudSim using real workloads show the ability of the new strategy to meet a given level of risk while maintaining an adequate number of used servers.