A Security-Awareness Virtual Machine Placement Scheme in the Cloud

Recent work reveals that side channel attacks (SCA) can lead to leakage of user privacy in the cloud. Enhancing the isolation between users is an effective solution to eliminate the attacks. However, to achieve the stronger isolation, the existing schemes require the sophisticated decision making systems and specific monitoring systems, which may degrade the efficiency of the system. In this paper, to eliminate the SCA, we investigate the isolation enhancement from a novel perspective - VM placement. And the security-awareness VMs placement scheme (SVMPS) is proposed. In this scheme, we use the aggressive conflict of interest relation (ACIR) to describe the constraint relations for users, based on the Chinese wall policy, we put forward the isolation rules to formulate the VMs placement behavior, according to the isolation rules, we design the VMs placement solution calculated algorithm to enforce the VMs placement. The experimental results demonstrate that SVMPS is efficient in guaranteeing the isolation between conflict users, while the resource utilization rate decreases not too much.