Reliability versus Vulnerability of N-Version Programming Cloud Service Component With Dynamic Decision Time Under Co-Resident Attacks

Abstract

The virtual machine (VM) co-resident architecture of cloud computing enables simultaneous provision of multiple services to different users, but also makes these services vulnerable to co-resident attacks. For example, by establishing side channels, a malicious attacker can access and even corrupt services performed by other VMs co-residing on the same server as the attacker's VM (AVM). We model a threshold-voting-based <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">N</i> -version programming service component with multiple independent versions simultaneously performing the same requested service to enhance the service reliability. However, the reliability enhancement can be greatly hindered by the co-resident attack, which may corrupt an adequate number of versions leading to a wrong output. We formulate and solve constrained optimization problems that determine the number of service component versions and the voting threshold to balance two conflicting service performance metrics: reliability (service component success probability) and vulnerability (service corruption attack success probability). Two cases respectively having certain and uncertain knowledge about the attacker's power in terms of the number of AVMs are considered. We also investigate impacts of different model parameters on the service performance as well as on solutions to the considered optimization problems through examples.