Gregory Levitin,Liudong Xing,Yanping Xiang

DOI: https://doi.org/10.1016/j.ress.2019.106666

2020-01-01

Abstract:This paper models a software service component implementing the N-version programming (NVP) redundancy on the cloud computing platform to enhance the service reliability. Specifically, multiple versions of the same service component are activated in parallel on different servers of the cloud to perform the requested service. At required service response time, the output is determined based on a threshold first-past-the-post voting rule (output with the most votes and the number of these votes exceeds a predetermined threshold). However, effectiveness of the NVP approach can be greatly compromised by co-residence attacks, a common type of cyber-attacks launched to corrupt user's service through co-residing user's and attacker's virtual machines on the same cloud server. This paper formulates and solves an optimization problem, particularly, a minmax game problem that finds the number of service component versions (SCVs) and the threshold to maximize the user's utility while considering a strategic attack behavior aiming to maximize the attacker's utility. The solution methodology encompasses a probabilistic model of evaluating the service success probability (SSP) and corruption attack success probability (CAP), two performance metrics used in the computation of the user's and attacker's utilities. Examples are analyzed to demonstrate influences of different model parameters on SSP, CAP, and solutions to the considered optimization problem.

Gregory Levitin,Liudong Xing,Yanping Xiang

DOI: https://doi.org/10.1109/tsmc.2020.3002930

2022-01-01

Abstract:Powered by virtualization, the cloud computing has brought good merits of cost effective and on-demand resource sharing among many users. On the other hand, cloud users face security risks from co-residence attacks when using this virtualized platform. Particularly, a malicious attacker may create side channels to steal data from a target user’s virtual machine (VM) that co-resides with the attacker’s VM on the same physical server. This article models a cloud service undergoing the co-residence data theft attacks. The threshold-voting-based ${N}$ -version programming (NVP) is implemented to improve the service reliability, where multiple service component versions (SCVs) are activated in parallel to perform the requested service. The final output is determined upon receiving a threshold number of identical outputs from the SCVs, immediately followed by canceling all outstanding SCVs to reduce expenses. Probabilistic models are first introduced to evaluate performance metrics of the considered service, including the data theft probability, service success probability, expected service operation time, and expected utility. Optimization problems are further solved to find the optimal number of SCVs maximizing the expected utility. Interactions among different model parameters and VM allocation policies, as well as their effects on the considered performance metrics and on the optimization solutions are studied through examples.

Liudong Xing,Gregory Levitin,Yanping Xiang

DOI: https://doi.org/10.1109/tsc.2019.2904958

IF: 11.019

2019-01-01

IEEE Transactions on Services Computing

Abstract:The real innovation of Internet of Things (IoT) can be spurred only when being combined with cloud computing, a paradigm that allows numerous users to simultaneously access configurable resources and services. However, serious vulnerability concerns have arisen from the virtual machine co-resident architecture of the IoT cloud. Specifically, co-resident attacks can be launched, where an attacker can access and corrupt a user's sensitive data/software by co-locating their virtual machines on the same physical server. Various solutions have been suggested in literature to mitigate negative effects of the co-resident attacks in the cloud environment. However, to the best of our knowledge no work has been performed for studying co-resident attacks in cloud systems with N-version programming (NVP), a popular redundancy technique for enhancing survivability of critical cloud service components. This paper makes original contributions by modeling IoT cloud system services implementing the NVP component redundancy, and evaluating the corruption probability of the NVP service component. Further, users' policies on choosing the optimal number of service component versions are investigated through formulating and solving a new set of optimization problems with the objective to minimize the expected cost of losses of a cloud service provider. As demonstrated through examples, these policies can effectively help defend the NVP service component against the co-resident attacks in the cloud system.

Gregory Levitin,Liudong Xing,Yanping Xiang

DOI: https://doi.org/10.1016/j.ress.2020.106969

2020-01-01

Abstract:Due to the virtual machine co-resident architecture, cloud computing systems are vulnerable to co-resident attacks (CRAs) where a malicious attacker may access and corrupt information of a target user through co-locating their virtual machines on the same physical server. To defend against cyber threats such as the CRA, early warning mechanisms have been developed with the aim to detect and block an attack at a nascent stage. In this paper, we study the optimal strategy of allocating early warning resources to defend against CRAs for the voting-based N-version programming (NVP) service running in the cloud. A probabilistic model is proposed to evaluate the failure probability of the NVP service program and further the expected cost of loss for the considered service. Optimization problems of co-determining the optimal numbers of service program versions and early warning agents are further solved to minimize the expected cost of loss. As demonstrated through examples, the resultant optimal strategies can effectively allocate service and defense resources to defend the NVP cloud service against CRAs.

Ji-Ming Chen,Shi Chen,Xiang Wang,Lin,Li Wang

DOI: https://doi.org/10.1155/2021/2729949

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:With the rapid development of Internet of Things technology, a large amount of user information needs to be uploaded to the cloud server for computing and storage. Side-channel attacks steal the private information of other virtual machines by coresident virtual machines to bring huge security threats to edge computing. Virtual machine migration technology is currently the main way to defend against side-channel attacks. VM migration can effectively prevent attackers from realizing coresident virtual machines, thereby ensuring data security and privacy protection of edge computing based on the Internet of Things. This paper considers the relevance between application services and proposes a VM migration strategy based on service correlation. This strategy defines service relevance factors to quantify the degree of service relevance, build VM migration groups through service relevance factors, and effectively reduce communication overhead between servers during migration, design and implement the VM memory migration based on the post-copy method, effectively reduce the occurrence of page fault interruption, and improve the efficiency of VM migration.

Luo Liang,Liudong Xing,Gregory Levitin

DOI: https://doi.org/10.1016/j.ress.2018.09.014

2019-01-01

Abstract:Utilizing the virtualization technology, multiple virtual machines (VMs) can be created on a single physical server for different tasks, enabling cost-effective resource sharing in cloud computing systems. However, this co-resident VM architecture can be exploited by malicious attackers, posing unique survivability and security risks for cloud users. This paper addresses one of such risks called co-residence attacks, where a malicious attacker can steal or corrupt a user's sensitive information through co-residing the attacker's VM with the target user's VM on the same physical server. We model users’ data protection policy in which sensitive data are replicated and stored on different VMs to enhance data survivability. Both user's and attacker's VMs are distributed among cloud servers at random. The arrival of attacker's requests for creating VMs is modeled by a Poisson stochastic process. We propose a probabilistic model to obtain dynamic data survivability and security indices. Based on the suggested evaluation model, dynamic data replication policies are analyzed and optimized. Numerical examples are presented to demonstrate impacts of different model parameters on the dynamic data survivability and security.

Gregory Levitin,Liudong Xing,Yanshun Dai

DOI: https://doi.org/10.1016/j.ress.2021.107920

IF: 7.247

2021-01-01

Reliability Engineering & System Safety

Abstract:As one of the enabling technologies for cyber-physical systems and Internet of Things systems, the cloud computing provides cost-effective resources in an on-demand manner. This merit lends the cloud to running critical services that need redundancy to achieve high reliability. This paper models a cloud service using the Nversion programming (NVP) redundancy technique that creates and runs multiple task solver versions (TSVs) in parallel to perform a requested service and decides the output using the threshold voting. A malicious attacker may get an unauthorized access to a user's data when the user's and attacker's virtual machines co-reside in the same cloud server. To reduce the chance of the co-residence attack success and users' expense, an individual TSV cancellation policy is implemented, which removes a TSV's virtual machine from its host server immediately once this TSV completes the task execution. A probabilistic method is proposed to evaluate the task reliability and data security under the considered cloud service model. Constrained optimization problems are further formulated and solved, which find the optimal number of TSVs maximizing the task reliability subject to providing a desired level of data security. Examples are presented to demonstrate interactions and impacts of different parameters on the task reliability and data security, as well as on the optimization solutions.

Weiwei Qiu,Zibin Zheng,Xinyu Wang,Xiaohu Yang,Michael R. Lyu

DOI: https://doi.org/10.1109/tsc.2013.38

IF: 11.019

2014-01-01

IEEE Transactions on Services Computing

Abstract:The on-demand use, high scalability, and low maintainance cost nature of cloud computing have attracted more and more enterprises to migrate their legacy applications to the cloud environment. Although the cloud platform itself promises high reliability, ensuring high quality of service is still one of the major concerns, since the enterprise applications are usually complicated and consist of a large number of distributed components. Thus, improving the reliability of an application during cloud migration is a challenging and critical research problem. To address this problem, we propose a reliability-based optimization framework, named ROCloud, to improve the application reliability by fault tolerance. ROCloud includes two ranking algorithms. The first algorithm ranks components for the applications that all their components will be migrated to the cloud. The second algorithm ranks components for hybrid applications that only part of their components are migrated to the cloud. Both algorithms employ the application structure information as well as the historical reliability information for component ranking. Based on the ranking result, optimal fault-tolerant strategy will be selected automatically for the most significant components with respect to their predefined constraints. The experimental results show that by refactoring a small number of error-prone components and tolerating faults of the most significant components, the reliability of the application can be greatly improved.

Gregory Levitin,Liudong Xing,Yuanshun Dai

DOI: https://doi.org/10.1016/j.ejor.2017.11.064

IF: 6.4

2017-01-01

European Journal of Operational Research

Abstract:The virtualization technology, particularly virtual machines (VMs) used in cloud computing systems have raised unique security and survivability risks for cloud users. This paper focuses on one of such risks, co-residence attacks where a user's information in one VM can be accessed (stolen) or corrupted through side channels by a malicious attacker's VM co-residing on the same server. We model and optimize users' data protection policy in which sensitive data are partitioned into several blocks to enhance data security and multiple replicas are further created for each block to provide data survivability in a cloud environment subject to the co-residence attacks. Both users' and attackers' VMs are distributed among cloud servers at random. Probabilistic models are first suggested to derive the overall probabilities of an attacker's success in data theft and data corruption. Based on the suggested probabilistic evaluation models, optimization problems of obtaining the data partition/replication policy to balance data security, data survivability and a user's overheads are formulated and solved. The possible user's uncertainty about the number of attacker's VMs is taken into account. Numerical examples demonstrating influence of different constraints on the optimal policy are presented. (C) 2017 Elsevier B.V. All rights reserved.

Yuheng Zhu,Jiawei Liu,Gongming Zhao,Hongli Xu,Huaqing Tu

DOI: https://doi.org/10.1109/icpads60453.2023.00313

2023-01-01

Abstract:Cloud computing plays an increasingly vital role in both commercial and personal services. In multi-tenant clouds, cloud providers encounter challenges such as physical machine failures and malicious tenant attacks. Ensuring the reliability and robustness of cloud remain significant and complex challenges for cloud providers to improve quality of service and profitability. Previous works either fail to strike a balance between these aspects or result in resource waste and increased costs. In this paper, we propose an innovative virtual machine placement solution without additional resource overhead. Specifically, we place tenants’ virtual machines (VMs) on physical machines (PMs) that meet the reliability requirements specified in the service level agreement, while also limiting the number of PMs to mitigate the impact of malicious attacks, thereby enhancing the robustness of the cloud. However, the dynamic nature of tenant traffic exacerbates the complexity of the problem. To tackle this challenge, we present KR-OPD, a two-stage algorithm with superior competitive ratios. Through large-scale simulations and small-scale testbed, KR-OPD outperforms existing state-of-the-art solutions. For example, our algorithm reduces the affected range of tenants by 47%-64% and the packet loss rate of PM nodes by over 70% compared with other alternatives.

Lu Cao,Ruiwen Li,Xiaojun Ruan,Yuhong Liu

DOI: https://doi.org/10.48550/arXiv.2203.10734

2022-03-21

Abstract:Resource sharing among users serves as the foundation of cloud computing, which, however, may also cause vulnerabilities to diverse co-residence attacks launched by malicious virtual machines (VM) residing in the same physical server with the victim VMs. In this paper, we aim to defend against such co-residence attacks through a secure, workload-balanced, and energy-efficient VM allocation strategy. Specifically, we model the problem as an optimization problem by quantifying and minimizing three key factors: (1) the security risks, (2) the power consumption and (3) the unbalanced workloads among different physical servers. Furthermore, this work considers a realistic environmental setting by assuming a random number of VMs from different users arriving at random timings, which requires the optimization solution to be continuously evolving. As the optimization problem is NP-hard, we propose to first cluster VMs in time windows, and further adopt the Ant Colony Optimization (ACO) algorithm to identify the optimal allocation strategy for each time window. Comprehensive experimental results based on real world cloud traces validates the effectiveness of the proposed scheme.

Distributed, Parallel, and Cluster Computing

Liudong Xing,Gregory Levitin

DOI: https://doi.org/10.1016/j.ress.2017.06.006

IF: 7.247

2017-01-01

Reliability Engineering & System Safety

Abstract:This paper models cloud computing systems subject to co-resident attacks, where an attacker can get access to a user's sensitive data through co-residence of their virtual machines on the same physical server. Both attackers’ and users’ virtual machines are distributed among cloud servers at random. It is assumed that attacker's successes in getting unauthorized access to data in different servers are independent events that can occur with a given probability. To mitigate effects of the co-resident attacks, a data protection policy based on the partition technique is applied where sensitive data are divided and distributed among multiple virtual machines in the cloud. As the information is useful only in its integrity, the attacker should get access to all of the separated data blocks to steal the information. On the other hand, corrupting any block can destroy the information and make it useless. Hence, creating more blocks can make data more difficult to steal (lower data theft probability), but easier to corrupt (higher data corruption probability). This work makes original contributions by formulating and solving constrained optimization problems to balance the data theft and data corruption probabilities. Particularly probabilistic models are first presented, which derive probabilities that an attacker can succeed in the data theft and data corruption. Further an optimal number of different data blocks (corresponding to the number of user's virtual machines) is obtained, which minimizes the data theft probability subject to meeting a data corruption probability constraint. Both fixed and uncertain numbers of attacker's virtual machines are considered. Numerical examples are presented to demonstrate influence of cloud system parameters on the optimal user's data partition policy obtained.

Isaac Polinsky,Kyle Martin,William Enck,Michael K. Reiter

DOI: https://doi.org/10.48550/arXiv.1910.08648

2019-10-19

Abstract:Web servers are a popular target for adversaries as they are publicly accessible and often vulnerable to compromise. Compromises can go unnoticed for months, if not years, and recovery often involves a complete system rebuild. In this paper, we propose n-m-Variant Systems, an adversarial-resistant software rejuvenation framework for cloud-based web applications. We improve the state-of-the-art by introducing a variable m that provides a knob for administrators to tune an environment to balance resource usage, performance overhead, and security guarantees. Using m, security guarantees can be tuned for seconds, minutes, days, or complete resistance. We design and implement an n-m-Variant System prototype to protect a Mediawiki PHP application serving dynamic content from an external SQL persistent storage. Our performance evaluation shows a throughput reduction of 65% for 108 seconds of resistance and 83% for 12 days of resistance to sophisticated adversaries, given appropriate resource allocation. Furthermore, we use theoretical analysis and simulation to characterize the impact of system parameters on resilience to adversaries. Through these efforts, our work demonstrates how properties of cloud-based servers can enhance the integrity of Web servers.

Cryptography and Security

Adiba Mahmud,Samiha Nazrul,Mohammad Rahman,Fan Wu

DOI: https://doi.org/10.1109/cloud-summit61220.2024.00033

2024-01-01

Abstract:This research investigates the influence of virtual machine diversity and redundancy on the survival probability of cloud systems under attack over a specified period. We have formulated the problem by applying game theory to achieve maximum payoff and employing a tree diagram to integrate the sequential attack strategy systematically. Through simulations, we demonstrate the effectiveness of integrating diversity and redundancy in enhancing system survival probability. Furthermore, this research presents a cost analysis to guide the optimal selection of system configurations that achieve the highest survival probability within budget constraints.

Xin Yang,Abla Smahi,Hui Li,Huayu Zhang,Shuo-Yen Robert Li

DOI: https://doi.org/10.1109/globecom54140.2023.10437647

2023-01-01

Abstract:Cloud computing provides users with cost-effective on-demand resource sharing, but the shared resources also creates additional security risks due to co-location with malicious tenants. In addition to static defensive technologies, Virtual Machine (VM) migration, a type of Moving Target Defense (MTD) technique, provides an alternative solution to mitigate co-resident attacks by dynamically migrating services/tasks among various servers. Although significant progress has been made in this area, critical gaps remain regarding the quantification of these techniques' synergistic effectiveness in cloud computing, as previous research focused on either evaluating the defensive capability of MTD or on examining the characteristics of static strategies. In this paper, we aim to use analytical modeling techniques to quantitatively evaluate the synergistic effectiveness of integrating MTD with VM allocation policies. We designed a synergistically defensive architecture and proposed a Stochastic Reward Net (SRN) model to describe the execution and attacking processes of tasks migrating among multiple servers under three commonly used allocation policies. Moreover, experiments were implemented using SimPy to verify the analytical results obtained from the SRN model and to broaden the evaluation scope. Our comprehensive assessment, using both SRN and experiments, evaluates the defensive capacity and corresponding features for different scenarios. The obtained simulation results were approximate, with an error rate of less than 3.40 %, reflecting the reliability of our methods. Several defensive suggestions were further summarized based on the evaluation.

Xin Liang,Xiaolin Gui,Jian An,Dewang Ren

DOI: https://doi.org/10.1109/pccc.2017.8280448

2017-01-01

Abstract:Security is one of the biggest concerns for the further adoption of Clouds. However, Cloud providers usually assign VMs leased by different customers upon the same physical server. Albeit maximizing resource efficiency, this cross-domain sharing poses a serious threat to customers' privacy concerns. A malicious VM could break or bypass the isolation mechanism and execute certain cross-VM attacks, such as side channel attacks or memory Dos attacks, etc. However, most of previous solutions are either attack-specific or unsuitable for immediate deployment, making the mitigation techniques for co-resident attacks still an important and worth-studying problem in cloud security. In this paper, we propose a novel grouping-based VM placement strategy to provide a secure optimization for existing VM placement policies. The theoretical analysis and simulation results show that our strategy decreases enormously the probability of co-residence while incurring only a slight loss on resource efficiency. The results also demonstrate that our strategy is significantly more effective in terms of both co-location resistance and resources efficiency, compared with the CLR policy.

Yuqin Qiu,Qingni Shen,Yang Luo,Cong Li,Zhonghai Wu

DOI: https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.257

2017-01-01

Abstract:Due to sharing physical resource, the co-residency of virtual machine (VM) in cloud is inevitable, which brings many security threats, such as side channel attacks and covert channel threats. Most of previous work focused on detecting and resisting a bewildering variety of co-resident attacks. Generally, improving the VM deployment strategy can also mitigate the security threats of co-resident attacks effectively by reducing the probability of VM co-residency. In this paper, we propose a co-residency-resistant VM deployment strategy and define four thresholds to adjust the strategy for security and load balancing. Moreover, two metrics(VM co-residency probability and user co-residency coverage probability) are introduced to evaluate the deployment strategy. Finally, we implement the strategy and run experiments on both OpenStack and CloudSim. The results show that our strategy can reduce VM co-residency by 50% to 66.7% and user co-residency by 50% to 66% compared with the existing strategies.

Yuchen Wong,Qingni Shen

DOI: https://doi.org/10.1109/bdcloud.2018.00095

2018-01-01

Abstract:With the fast development of cloud computing, cloud demand has exploded. In order to meet the primary performance needs of cloud users, cloud service providers need to carry out load balancing policy for virtual machines (VMs), which exacerbates the co -residence threats. In this paper, we try to solve the problem from the perspective of VM management, that is to say, we optimize the VM management policy to reduce the chances that ordinary VMs resident with the malicious VMs. In previous researches, the basic idea is to make the attack as difficult as possible during the placement, but there is little discussion about how to retrieve after the attacker successfully co -resident. Compared with them, for the first time we introduce the concept of Familiarity to mark cloud users and their VMs, and then design a secure VM placement algorithm and a secure load balancing algorithm. These algorithms not only make the co -residence difficult but can handle the security issue after it happens. After evaluation, our algorithms can well achieve the expectations.

Bernard Ousmane Sane,Mandicou Ba,Doudou Fall,Yuzo Taenaka,Ibrahima Niang,Youki Kadobayashi

DOI: https://doi.org/10.1109/access.2024.3404949

IF: 3.9

2024-05-31

IEEE Access

Abstract:Cloud computing has completely changed IT (information technology) by providing IT resources as services on the internet. However, certain types of attacks, such as interdependency attacks, impede its wide adoption. With the latter, an attacker who succeeds in compromising the VM of a user can traverse the hypervisor to launch an attack on the VM(s) of other users on the same hypervisor. Unfortunately, we note a lack of secure and performant allocation policies against this problem. Existing policies focus on security but ignore other factors, including workload balance and energy consumption, which are vital for commercial cloud platforms. In this context, we propose different allocation policies for choosing the datacenter server to which we allocate a new virtual machine. These policies aim to minimize the interdependence of different users' VMs while keeping the system performant regarding workload balance and/or power consumption. By default, our allocation policies treat all legitimate users as attackers and host their virtual machines according to their efficiency and coverage. We first design a secure and balanced solution that increases workload balance to prevent the servers from being overused. Afterward, we propose an algorithm that addresses security, power consumption, and workload balance objectives simultaneously. Based on our simulation results, our solutions perform better than existing algorithms regarding security, workload balance, and power consumption. The balanced solution reduces the chance of an attacker to zero and increases workload balance linearly. In other words, the workload balance is between , and it utilizes slightly more hosts than existing proposals, with gains between . Although our final proposal is less secure than previous algorithms, it performs better, so it has a good workload balance ( ) and consumes less energy.

computer science, information systems,telecommunications,engineering, electrical & electronic

Gregory Levitin,Liudong Xing,Yuanshun Dai

DOI: https://doi.org/10.1016/j.ress.2022.108415

2022-01-01

Abstract:In cloud computing, the task replication with cancellation (TRC) approach aims to reduce the expected task completion time while mitigating additional load and user expenses. However, its effectiveness may be hindered by co-residence attacks, where attackers may access users' data through co-residing their virtual machines (VMs) with users' VMs on the same server. Particularly, creating more task replicas has two-fold effects: a task has larger chances to complete in a shorter time but becomes more vulnerable to co-residence attacks (incurring higher data theft probability). The objective of this paper is to formulate and solve an optimization problem (a minmax game problem) that finds the optimal number of task replicas balancing the two conflicting effects. Resulting solutions to the proposed optimization problem can maximize the user's utility while considering the strategic attack behavior of maximizing the attacker's utility. The solution methodology encompasses a new probabilistic model of evaluating the user's and attacker's utilities. As demonstrated through examples, there exist complicated interactions of different model parameters impacting the utilities of users and attackers and thus the optimization solutions, justifying necessity and significance of the suggested model and methodology.