Affiliations: [a] Department of Computer Science, University of Texas at San Antonio, TX, USA. E-mails: jin.han@utsa.edu, meng.yu@utsa.edu | [b] Department of Computer Science, Texas A&M University at San Antonio, TX, USA. E-mail: wanyu.zang@tamusa.edu | [c] Department of Computer Science, George Mason University, VA, USA. E-mails: lliu8@gmu.edu, sqchen@gmu.edu
Abstract: Cloud computing, while becoming more and more popular as a dominant computing platform, introduces new security challenges. When virtual machines are deployed in a cloud environment, virtual machine placement strategies can significantly affect the overall security risks of the entire cloud. In recent years, the attacks are specifically designed to co-locate with target virtual machines in the cloud. The virtual machine placement without considering the security risks may put the users, or even the entire cloud, in danger. In this paper, we present a comprehensive approach to quantify the security risk of cloud environments from network, host and VM. Accordingly, we propose a Security-aware Multi-Objective Optimization based virtual machine Placement scheme (SMOOP) to seek a Pareto-optimal solution that reduces the overall security risks of a cloud, while considering workload balance, resource utilization on CPU, memory, disk, and network traffic. New placement strategies are designed and our evaluation results demonstrate their effectiveness. The security of clouds could be improved with affordable overheads. The latest VM allocation policies are further studied and integrated into our designs to defeat the co-residence attacks.
