Multi-Objective Response to Co-Resident Attacks in Cloud Environment
Cloud computing is a dynamic environment that offers variety of on-demand services with low cost. However, customers face new security risks due to shared infrastructure in the cloud. Co-residency of virtual machines on the same physical machine, leads to several threats for cloud tenants. Cloud administrators are often encountered with a more challenging problem since they have to work within a fixed budget for cloud hardening. The problem is how to select a subset of countermeasures to be within the budget and yet minimize the residual damage to the cloud caused by malicious VMs. We address this problem by introducing a novel multi-objective attack response system. We consider response cost, co-residency threat, and virtual machines interactions to select optimal response in face of the attack. Optimal response selection as a multi-objective optimization problem calculates alternative responses, with minimum threat and cost. Our method estimates threat level based on the collaboration graph and suggests proper countermeasures based on threat type with minimum cost. Experimental result shows that our system can suggest optimal responses based on the current state of the cloud.
 Zahir Tari, Xun Yi, Uthpala S Premarathne, Peter Bertok, and Ibrahim Khalil, "Security and Privacy in Cloud Computing: Vision, Trends, and Challenges," Cloud Computing, IEEE, vol. 2, pp. 30-38, 2015.
 M. Ali, S. U. Khan, and A. V. Vasilakos, "Security in cloud computing: Opportunities and challenges," Information Sciences, vol. 305, pp. 357–383, 2015.
 Shahid Anwar et al., "Response option for attacks detected by intrusion detection system," in Software Engineering and Computer Systems (ICSECS), 2015 4th International Conference on, 2015, pp. 195-200.
 Paul and Mitrani, Isi Ezhilchelvan, "Evaluating the Probability of Malicious Co-residency in Public Clouds," Cloud Computing, IEEE Transactions on, 2015.
 Y. Han, J. Chan, T. Alpcan, and C. Leckie, "Using Virtual Machine Allocation Policies to Defend against Co-resident Attacks in Cloud Computing," Dependable and Secure Computing, IEEE Transactions on, 2015.
 J. Szefer, E. Keller, R. B. Lee, and J. Rexford, "Eliminating the hypervisor attack surface for a more secure cloud," , 2011, pp. 401–412.
 T. Kim, M. Peinado, and G. Mainar-Ruiz, "Stealthmem: system-level protection against cache-based side channel attacks in the," in Presented as part of the 21st USENIX Security Symposium (USENIX Security 12), 2012, pp. 189–204.
 Jakub and Jamkhedkar, Pramod and Perez-Botero, Diego and Lee, Ruby B Szefer, "Cyber defenses for physical attacks and insider threats in cloud computing," in Proceedings of the 9th ACM symposium on Information, computer and communications security, 2014, pp. 519--524.
 Kleber MM Vieira, Daniel SM Pascal Filho, Carlos B Westphall, Joao Bosco M Sobral, and Jorge Werner, "Providing response to security incidents in the cloud computing with autonomic systems and big data," in Telecommunications(AICT) , 2015 11th Advanced International Conference on, 2015.
 Bksp Kumar Raju and G Geethakumari, "A novel approach for incident response in cloud using forensics," in Proceedings of the 7th ACM India Computing Conference, 2014, p. 20.
 Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage, "Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds," in Proceedings of the 16th ACM conference on Computer and communications security, 2009, pp. 199--212.
 Si Yu, Gui Xiaolin, Lin Jiancai, Zhang Xuejun, and Wang Junfei, "Detecting vms co-residency in cloud: Using cache-based side channel attacks," Elektronika ir Elektrotechnika, vol. 19, no. 5, pp. pp. 73–78, 2013.
 Suaad Alarifi and Stephen Wolthusen, "Mitigation of cloud-internal denial of service attacks," in Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, 2014, pp. 478--483.
 Suaad Alarifi and Stephen D Wolthusen, "Robust coordination of cloud-internal denial of service attacks," in Cloud and Green Computing (CGC), 2013 Third International Conference on, 2013, pp. 135--142.
 Mine Altunay, Sven Leyffer, Jeffrey T Linderoth, and Zhen Xie, "Optimal response to attacks on the open science grid," Computer Networks, vol. 55, no. 1, pp. 61--73, 2011.
 Venkatanathan Varadarajan, Thawan Kooburat, Benjamin Farley, Thomas Ristenpart, and Michael M Swift, "Resource-freeing attacks: improve your cloud performance (at your neighbor's expense," in Proceedings of the 2012 ACM conference on Computer and communications security, 2012, pp. 281-292.
 Fangfei Zhou, Manish Goel, Peter Desnoyers, and Ravi Sundaram, "Scheduler vulnerabilities and coordinated attacks in cloud computing," Journal of Computer Security, vol. 21, pp. 533-559, 2013.
 Adam Bates et al., "On detecting co-resident cloud instances using network flow watermarking techniques," International Journal of Information Security, vol. 13, pp. 171-189, 2014.
 "CVE-2015-3456," Technical Report 2015.
 Farzaneh Abazari, Morteza Analoui, and Hassan Takabi, "Effect of anti-malware software on infectious nodes in cloud environment," Computers & Security, 2016.
 Candid Wueest, "Security for Virtualization: Finding the Right Balance," Kaspersky Lab, 2012.
 Candid Wueest, "Threats to virtual environments," Symantec, 2014.
 Marco Balduzzi, Jonas Zaddach, Davide Balzarotti, Engin Kirda, and Sergio Loureiro, "A security analysis of amazon's elastic compute cloud service," in Proceedings of the 27th Annual ACM Symposium on Applied Computing, 2012.
 Chun-Jen Chung, Pankaj Khatkar, Tiany Xing, Jeongkeun Lee, and Dijiang Huang, "NICE: Network intrusion detection and countermeasure selection in virtual network systems," Dependable and Secure Computing, IEEE Transactions on, 2013.
 Wanchun Dou, Qi Chen, and Jinjun Chen, "A confidence-based filtering method for DDoS attack defense in cloud environment," Future Generation Computer Systems, vol. 29, pp. 1838-1850, 2013.
 Ron C Chiang, Sundaresan Rajasekaran, Nan Zhang, and H Howie Huang, "Swiper: Exploiting virtual machine vulnerability in third-party clouds with competition for I/O resources," Parallel and Distributed Systems, IEEE Transactions on, vol. 26, pp. 1732-1742, 2015.
 Swaminathan Balasubramanian, Matthew M Lobbes, Brian M O'connell, and Brian J Snitzer, "Automated Response To Detection Of Threat To Cloud Virtual Machine," US Patent 20,160,094,568, March 2016.
 Farzaneh Abazari and Morteza Analoui, "Exploring the effects of virtual machine placement on the transmission of infections in cloud," in Telecommunications (IST), 2014 7th International Symposium on, 2014, pp. 278--282.
 Smitha and Squcciarini, Anna C Sundareswaran, "Detecting malicious co-resident virtual machines indulging in load-based attacks," Information and Communications Security, pp. 113--124, 2013.
 Ahmed Osama Fathy Atya et al., "Malicious Co-Residency on the Cloud: Attacks and Defense," in IEEE INFOCOM, 2017.
 Zhang et al., "A comprehensive study of co-residence threat in multi-tenant public PaaS clouds," in Information and Communications Security, 2016, pp. 361-375.
 Qian Sun, Qingni Shen, Cong Li, and Zhonghai Wu, "SeLance: Secure Load Balancing of Virtual Machines in Cloud," in Trustcom/BigDataSE/I SPA, 2016 IEEE, 2016, pp. 662-669.
 Richard Baskerville, Paolo Spagnoletti, and Jongwoo Kim, "Incident-centered information security: Managing a strategic balance between prevention and response," Information \& management, vol. 51, pp. 138--151, 2014.
 Jingzheng Wu, Liping Ding, Yuqi Lin, Nasro Min-Allah, and Yongji Wang, "Xenpump: a new method to mitigate timing channel in cloud computing," in Cloud Computing (CLOUD), 2012 IEEE 5th International Conference on, 2012, pp. 678--685.
 Kalyanmoy Deb, "Multi-objective optimization," in Search methodologies.: Springer, 2014, pp. 403--449.
 Beloglazov. (2017) Github. [Online]. https://github.com/beloglazov/planetlab-workload-traces
 Rodrigo N Calheiros, Rajiv Ranjan, Anton Beloglazov, C, and Rajkumar Buyya, "CloudSim: a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning algorithms," in Software: Practice and Experience, 2011, pp. 23--50.
 FW Gembicki, "Vector optimization for control with performance and parameter sensitivity indices," Case Western Reserve Univ., Cleveland, Ohio, Ph. D. Thesis 1974.
 Mazhar Ali, Samee U Khan, and Athanasios V Vasilakos, "Security in cloud computing: Opportunities and challenges," Information Sciences, pp. 357--383, 2015.
 Atya et al., "Malicious co-residency on the cloud: Attacks and defense," in INFOCOM 2017-IEEE Conference on Computer Communications, 2017, pp. 1-9.
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)