Mitigating Multi-Tenancy Risks in IaaS Cloud Through Constraints-Driven Virtual Resource Scheduling

Bijon, Khalid Zaman; Krishnan, Ram; Sandhu, Ravi

doi:10.1145/2752952.2752964

Cited by 17 publications

(5 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, it is more likely that there is a need for a new type of access control policy between tenants in intra-cloud communication [9]. A tenant can be an enterprise in the context of a public cloud or a department within an enterprise in the context of a private cloud [10]. The flexibility feature of IaaS enables the user to configure their own virtual machines and computing infrastructure [11].…”

Section: Security Challenges Of Infrastructure As a Servicementioning

confidence: 99%

“…Fine-grained attributebased access controls mechanism [12] Obtain virial recources in a secure manner Propose attribute-based constraints specification and enforcement [10] Multi-tenancy risks that arise in cloud IaaS…”

Section: Iaas Access Controlmentioning

confidence: 99%

“…The access control models based on the attribute are recommended by several researchers [10,12,70,73]. On the other hand, it was claimed by Khamadja [68] that even the attribute-based model is not sufficient for cloud computing.…”

Section: Iaas Access Controlmentioning

confidence: 99%

See 2 more Smart Citations

Infrastructure as a service: Exploring network access control challenges

Amri

Guan

2016

2016 SAI Computing Conference (SAI)

View full text Add to dashboard Cite

Section: Security Challenges Of Infrastructure As a Servicementioning

confidence: 99%

Section: Iaas Access Controlmentioning

confidence: 99%

See 1 more Smart Citation

Infrastructure as a service: Exploring network access control challenges

Amri

Guan

2016

2016 SAI Computing Conference (SAI)

View full text Add to dashboard Cite

“…In [28], different virtual resource orchestration constraints are resumed and expressed by attribute-based paradigm. Regarding these constraints, a conflict-free strategy is developed to mitigate risks in IaaS Cloud [29]. Most of above works have been motivated from security requirements expressed by CSC.…”

Section: Related Workmentioning

confidence: 99%

Expression and Enforcement of Security Policy for Virtual Resource Allocation in IaaS Cloud

Cuppens-Boulahia²,

Crom

et al. 2016

ICT Systems Security and Privacy Protection

View full text Add to dashboard Cite

Part 3: Cyber InfrastructureInternational audienceMany research works focus on the adoption of cloud infrastructure as a service (IaaS), where virtual machines (VM) are deployed on multiple cloud service providers (CSP). In terms of virtual resource allocation driven by security requirements, most of proposals take the aspect of cloud service customer (CSC) into account but do not address such requirements from CSP. Besides, it is a shared understanding that using a formal policy model to support the expression of security requirements can drastically ease the cloud resource management and conflict resolution. To address these theoretical limitations, our work is based on a formal model that applies organization-based access control (OrBAC) policy to IaaS resource allocation. In this paper, we first integrate the attribute-based security requirements in service level agreement (SLA) contract. After transformation, the security requirements are expressed by OrBAC rules and these rules are considered together with other non-security demands during the enforcement of resource allocation. We have implemented a prototype for VM scheduling in OpenStack-based multi-cloud environment and evaluated its performance

show abstract

“…Although, defenses against such vulnerabilities and researches on VM allocation and scheduling policies to mitigate multi-tenancy risks (Bijon et al, 2015); (Han et al, 2014) are already being proposed in the academic literature (Godfrey and Zulkernine, 2014); (Godfrey and Zulkernine, 2013); (Raj et al, 2009), multi-tenancy risk still cannot be ignored.…”

Section: Introductionmentioning

confidence: 99%

Sift - An Efficient Method for Co-residency Detection on Amazon EC2

Chen

Shen

et al. 2016

Proceedings of the 2nd International Conference on Information Systems Security and Privacy

View full text Add to dashboard Cite

Cloud computing, an emerging computing and service paradigm, where the computing and storage capabilities are outsourced on demand, offers the advanced capabilities of sharing and multi-tenancy. But security has been a major barrier for its adoption to enterprise, as being placed with other tenants on the same physical machine (i.e. co-residency or co-location) poses a particular risk. Former research has shown how side channels in shared hardware may enable attackers to exfiltrate sensitive data across virtual machines (VMs). In view of such risks, tenants need to be able to verify physical isolation of their VMs. This paper presents Sift, an efficient and reliable approach for co-residency detection. Through a prefiltration procedure, the time for co-residency detection could be significantly reduced. We describe the cloud scenarios envisaged for use of Sift and the accompanying threat model. A preliminary validation of Sift has been carried out in a local lab Xen virtualization experimental platform. Then, using the Amazon's Elastic Compute Cloud (EC2) as the test platform, we evaluate its practicability in production cloud environment. It appears that Sift can confirm co-residency with a target VM instance in less than 5 seconds with an extremely low false rate.

show abstract

Mitigating Multi-Tenancy Risks in IaaS Cloud Through Constraints-Driven Virtual Resource Scheduling

Cited by 17 publications

References 32 publications

Infrastructure as a service: Exploring network access control challenges

Infrastructure as a service: Exploring network access control challenges

Expression and Enforcement of Security Policy for Virtual Resource Allocation in IaaS Cloud

Sift - An Efficient Method for Co-residency Detection on Amazon EC2

Contact Info

Product

Resources

About