Title :
When Dynamic VM Migration Falls under the Control of VM Users
Author :
Lazri, Kahina ; Laniepce, Sylvie ; Ben-Othman, Jalel
Author_Institution :
Security Dept., Orange Labs., Caen, France
Abstract :
Security of multi-tenancy in cloud platforms raises a growing interest since research has revealed that the sharing of resources constitutes a vector of vulnerability. In this paper, we examine how one can leverage the sharing of resources, through the manipulation of the amount of resources consumed by VMs, to abusively enforce the dynamic resource management system to trigger VM migrations. This causes waste of resources for the hosting infrastructure and affects performances of VMs. To demonstrate this cross-VM attack, we use VMware´s Distributed Resource Scheduler (DRS) in charge of dynamic VM migration management. We perform a detailed analysis of the running of our experimentations by monitoring DRS details during the whole duration of the attack. We explore in various contexts the minimum amount of resources required for the attack to succeed. In our experimentation performed on small clusters, we observe higher vulnerability when the cluster gets larger and when DRS aggressiveness level gets higher. Finally, our experimentations show that the attack can be replayed several times to produce series of VM migrations.
Keywords :
cloud computing; resource allocation; security of data; virtual machines; DRS aggressiveness level; VM users; VMware; cloud platforms; cross-VM attack; distributed resource scheduler; dynamic VM migration; dynamic resource management system; multitenancy security; Decision making; Dynamic scheduling; Heuristic algorithms; Measurement; Memory management; Resource management; Security; Cloud Computing; Isolation; Multi-tenancy; Security; VM Migration; Vulnerability;
Conference_Titel :
Cloud Computing Technology and Science (CloudCom), 2013 IEEE 5th International Conference on
Conference_Location :
Bristol
DOI :
10.1109/CloudCom.2013.58
