Secure virtual machines allocation in cloud computing environments

Aldawood, Mansour (2021) Secure virtual machines allocation in cloud computing environments. PhD thesis, University of Warwick.

[thumbnail of WRAP_Theses_Aldawood_2021.pdf]

Preview

PDF
WRAP_Theses_Aldawood_2021.pdf - Submitted Version - Requires a PDF viewer.
Download (30MB) | Preview

Official URL: http://webcat.warwick.ac.uk/record=b3761172

Request Changes to record.

Abstract

A Cloud Computing Environment (CCE) leverages the advantages offered by virtualisation to enable the sharing of computing resources among cloud users elastically and based on the user requirements. Hence, virtual machines (VMs) can share physical resources within the same physical machine (PM).

However, resource sharing is exposed to potential security threats that can lead to a malicious co-residency, or multitenancy, between the co-located VMs. The malicious co-residency happens when a malicious VM is co-located with a critical, or target, VM on the same PM, leading to side-channel attacks (SCAs), widely recognised as a potential threat in CCEs. Specifically, the SCAs allow the malicious VMs to capture private information from the target VMs by co-locating with them on the same PM. The co-location of VMs is an outcome of the VMs allocation algorithm behaviour, which is responsible for allocating the VMs to a specific PM based on defined allocation objectives. As such, the VMs allocation behaviours can potentially lead to a malicious co-residency; hence, it is significant that the implemented VMs allocation algorithms need to be made secure.

Most of the earlier studies tackled the malicious co-residency, which leads to SCAs, through specific solutions, by focusing on either formulating VMs allocation algorithms or modifying the architecture of the CCEs to mitigate the threats of SCAs. However, most of them are oriented to specific situations and assumptions, leading to malicious co-residency when applied to other scopes or situations. While in our work, we presented the solution from a different holistic perspective by studying the allocation behaviours and other properties that affect and lead to obtaining a secure VMs allocation. In addition, we develop a secure VMs allocation model that aims to minimise the malicious co-residency under various situations and constraints. Furthermore, we introduce an evaluation of our model using an optimisation-based approach by utilising a linear programming technique to capture the behaviour of the optimal VMs allocation. Moreover, based on the optimisation-based outcomes, we develop security-aware VMs allocation and VMs migration algorithms that aim to allocate the VMs securely to reduce the potential threats from malicious co-residency.

Therefore, to accomplish our objectives, we utilise state of the art tools and simulations such as PuLP and CloudSim to examine and implement the VMs allocation algorithms. Moreover, we perform an extensive examination of selected VMs allocation behaviours, which are stacking-based, random-based and spreading-based. The examinations are performed under different scenarios and structures for each behaviour to understand the possible situations that lead to secure VMs allocation.

Hence, we show that the stacking-based behaviours algorithms are more likely to produce secure allocations than those with spreading-based or randombased allocation behaviours algorithms. Accordingly, our stacking-based algorithms are significantly better as they produce secure allocations more than the compared algorithms under the same examined situations. Moreover, our results show that VMs arrival time has a significant impact producing secure allocations, where the arrival of target or malicious VMs earlier than the rest of VMs often minimises the malicious co-residency occurrence. In addition, the high available resources diversity between the available resources of PMs yields to produce more secure allocations as it offers more allocation options for the allocation algorithms and thus more flexibility. Furthermore, our stacking-based algorithms show the lowest PMs usage among the compared algorithms, by significant amounts, under most examined situations, leading to utilising fewer PMs and therefore fewer power consumption of the available resources. Lastly, the number of VMs migration is the lowest among the examined algorithms, leading to the higher availability of the VMs in cloud systems by avoiding many interruptions resulting from the VMs migration while enhancing the state of the secure allocations.

Item Type:	Thesis [via Doctoral College] (PhD)
Subjects:	Q Science > QA Mathematics > QA76 Electronic computers. Computer science. Computer software
Library of Congress Subject Headings (LCSH):	Cloud computing, Virtual computer systems -- Security measures, Computer security, Algorithms
Official Date:	October 2021
Dates:	Date Event October 2021 UNSPECIFIED
Institution:	University of Warwick
Theses Department:	Department of Computer Science
Thesis Type:	PhD
Publication Status:	Unpublished
Supervisor(s)/Advisor:	Jhumka, Arshad, 1974- ; Fahmy, Suhaib
Format of File:	pdf
Extent:	xvii, 249 leaves : illustrations
Language:	eng
URI:	https://wrap.warwick.ac.uk/165180/

Export / Share Citation

Request changes or add full text files to a record

Repository staff actions (login required)

View Item