Strategic Virtual Machine Provisioning to Reduce the Risk of Information Leakage in Clouds
DescriptionVirtualization is one key enabler of cloud computing, which, however, is also a double-edged sword. It may cause information leakage of a user or application which deploys virtual machines (VMs).Information leakage may happen through a so-called covert channel between a victim’s VM and an adversary’s VM when they are placed on the same server, which we refer to as direct covert channel attacks. Information leakage may also happen between two VMs even when they are not placed on the same server, which we refer to as indirect covert channel attacks. The latter risk exists when a victim’s VM communicates with a third-party VM which is co-resident with an adversary’s VM on another server. This project aims to investigate the behaviors of various covert channel attacks and to develop counter measures. Specifically, we propose to mitigate the effectiveness of various direct and indirect covert channel attacks through strategic VM provisioning, a novel approach that does not sacrifice the resource utilization or change the hypervisor and guest OSs.Our preliminary experiments have shown that on a server, the activities of additional co-resident VMs (other than the victim and adversary VMs of a covert channel) can generate significant interference to the covert channel, causing an attacker to experience a high error rate when trying to recover information through the covert channel, and thus mitigating the effectiveness of direct covert channel attacks. This project proposes to conduct intensive and comprehensive experiments on different cloud platforms to quantify and profile the interference caused by the co-resident VMs. Based on the understanding of the interference, we will then study how to provision and re-provision VMs so that, while maintaining high resource utilization, the interference from the co-resident VMs to any potential covert channel is also sufficiently high.For indirect covert channel attacks, we have observed that the risk of information leakage is smaller when there is a longer information flow path between a victim VM and an adversary VM. This project will study VM provisioning so that the VMs with conflicts of interests are placed as “far” as possible, a supplement to the protection provided against direct covert channel attacks.In summary, we aim to protect vulnerable VMs subject to covert channel attacks at the high level through VM provisioning. To the best of our knowledge, this is the first attempt to systematically study VM provisioning to thwart direct and indirect covert channel attacks.
|Effective start/end date||1/01/14 → 6/12/17|