Skip to main content
Top
Published in: The Journal of Supercomputing 6/2021

09-11-2020

A security-aware virtual machine placement in the cloud using hesitant fuzzy decision-making processes

Authors: Sattar Feizollahibarough, Mehrdad Ashtiani

Published in: The Journal of Supercomputing | Issue 6/2021

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

The introduction of cloud computing systems brought with itself a solution for the dynamic scaling of computing resources leveraging various approaches for providing computing power, networking, and storage. On the other hand, it helped decrease the human resource cost by delegating the maintenance cost of infrastructures and platforms to the cloud providers. Nevertheless, the security risks of utilizing shared resources are recognized as one of the major concerns in using cloud computing environments. To be more specific, an intruder can attack a virtual machine and consequently extend his/her attack to other virtual machines that are co-located on the same physical machine. The worst situation is when the hypervisor is compromised in which all the virtual machines assigned to the physical node will be under security risk. To address these issues, we have proposed a security-aware virtual machine placement scheme to reduce the risk of co-location for vulnerable virtual machines. Four attributes are introduced to reduce the aforementioned risk including the vulnerability level of a virtual machine, the importance level of a virtual machine in the given context, the cumulative vulnerability level of a physical machine, and the capacity of a physical machine for the allocation of new virtual machines. Nevertheless, the evaluation of security risks, due to the various vulnerabilities’ nature as well as the different properties of deployment environments is not quite accurate. To manage the precision of security evaluations, it is vital to consider hesitancy factors regarding security evaluations. To consider hesitancy in the proposed method, hesitant fuzzy sets are used. In the proposed method, the priorities of the cloud provider for the allocation of virtual machines are also considered. This will allow the model to assign more weights to attributes that have higher importance for the cloud provider. Eventually, the simulation results for the devised scenarios demonstrate that the proposed method can reduce the overall security risk of the given cloud data center. The results show that the proposed approach can reduce the risk of attacks caused by the co-location of virtual machines up to 41% compared to the existing approaches.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Literature
3.
go back to reference Sehgal N, Bhatt P, Acken J (2019) Cloud computing with security: concepts and practices. Springer, Berlin Sehgal N, Bhatt P, Acken J (2019) Cloud computing with security: concepts and practices. Springer, Berlin
4.
go back to reference Yarygina T, Bagge A (2018) Overcoming security challenges in microservice architectures. In: IEEE symposium on service-oriented system engineering (SOSE), Bamberg, Germany, pp 37–42 Yarygina T, Bagge A (2018) Overcoming security challenges in microservice architectures. In: IEEE symposium on service-oriented system engineering (SOSE), Bamberg, Germany, pp 37–42
5.
go back to reference Zhang X, Wu T, Chen M, Wei T, Zhou J, Hu S, Buyya R (2019) Energy-aware virtual machine allocation for cloud with resource reservation. J Syst Softw 147:147–161CrossRef Zhang X, Wu T, Chen M, Wei T, Zhou J, Hu S, Buyya R (2019) Energy-aware virtual machine allocation for cloud with resource reservation. J Syst Softw 147:147–161CrossRef
6.
go back to reference Buyya R, Vecchila C, Thamarai S (2013) Mastering cloud computing: foundations and applications programming. Morgan Kaufmann Publication, San Francisco Buyya R, Vecchila C, Thamarai S (2013) Mastering cloud computing: foundations and applications programming. Morgan Kaufmann Publication, San Francisco
7.
go back to reference Modi C, Acha K (2016) Virtualization layer security challenges and intrusion detection/prevention systems in cloud computing: a comprehensive review. J Supercomput 73(3):1192–1234CrossRef Modi C, Acha K (2016) Virtualization layer security challenges and intrusion detection/prevention systems in cloud computing: a comprehensive review. J Supercomput 73(3):1192–1234CrossRef
9.
go back to reference Lita C, Cosovan D, Gavrilut D (2017) Anti-emulation trends in modern packers: a survey on the evolution of anti-emulation techniques in UPA packers. J Comput Virol Hack Tech 14:107–126CrossRef Lita C, Cosovan D, Gavrilut D (2017) Anti-emulation trends in modern packers: a survey on the evolution of anti-emulation techniques in UPA packers. J Comput Virol Hack Tech 14:107–126CrossRef
10.
go back to reference Kadam D, Patil R, Modi C (2018) An enhanced approach for intrusion detection in virtual network of cloud computing. In: Proceedings of the 10th International Conference on Advanced Computing (ICoAC), Chennai, India, pp 80–87 Kadam D, Patil R, Modi C (2018) An enhanced approach for intrusion detection in virtual network of cloud computing. In: Proceedings of the 10th International Conference on Advanced Computing (ICoAC), Chennai, India, pp 80–87
11.
go back to reference Bhunia S, Tehranipoor M (2019) Security and trust assessment, and design for security. Hardw Secur 13:347–372CrossRef Bhunia S, Tehranipoor M (2019) Security and trust assessment, and design for security. Hardw Secur 13:347–372CrossRef
12.
go back to reference Wu J, Lei Z, Chen S, Shen W (2017) An access control model for preventing virtual machine escape attack. Future Internet 9(2):20–37CrossRef Wu J, Lei Z, Chen S, Shen W (2017) An access control model for preventing virtual machine escape attack. Future Internet 9(2):20–37CrossRef
13.
go back to reference Rama Krishna S, Padmaja Rani B (2016) Virtualization security issues and mitigations in cloud computing. In: Proceedings of the 1st International Conference on Computational Intelligence and Informatics, HeydarAbad, India, pp 117–128 Rama Krishna S, Padmaja Rani B (2016) Virtualization security issues and mitigations in cloud computing. In: Proceedings of the 1st International Conference on Computational Intelligence and Informatics, HeydarAbad, India, pp 117–128
14.
go back to reference Dildar M, Khan N, Abdullah J, Khan A (2017) Effective way to defend the hypervisor attacks in cloud computing. In: Proceedings of the 2nd International Conference on Anti-Cyber Crimes (ICACC), Abha, Saudi Arabia, pp 154–159 Dildar M, Khan N, Abdullah J, Khan A (2017) Effective way to defend the hypervisor attacks in cloud computing. In: Proceedings of the 2nd International Conference on Anti-Cyber Crimes (ICACC), Abha, Saudi Arabia, pp 154–159
15.
go back to reference Li S, Koh J, Nieh J (2019) Protecting cloud virtual machines from hypervisor and host operating system exploits. In: Proceedings of the 28th USENIX security symposium, California, USA, pp 1357–1374 Li S, Koh J, Nieh J (2019) Protecting cloud virtual machines from hypervisor and host operating system exploits. In: Proceedings of the 28th USENIX security symposium, California, USA, pp 1357–1374
18.
go back to reference Yuchi X, Shetty S (2015) Enabling security-aware virtual machine placement in IaaS clouds. In: IEEE military Communications Conference, Tampa, FL, pp 1554–1559 Yuchi X, Shetty S (2015) Enabling security-aware virtual machine placement in IaaS clouds. In: IEEE military Communications Conference, Tampa, FL, pp 1554–1559
21.
go back to reference Liao H, Xu Z (2017) Hesitant fuzzy decision-making methodologies and applications. Springer, BerlinCrossRef Liao H, Xu Z (2017) Hesitant fuzzy decision-making methodologies and applications. Springer, BerlinCrossRef
22.
go back to reference Ashtiani M, Hakimi-Rad S, Azgomi M (2018) A model of trust based on uncertainty theory. Int J Uncertain Fuzziness Knowl Based Syst 26(02):269–298MathSciNetCrossRef Ashtiani M, Hakimi-Rad S, Azgomi M (2018) A model of trust based on uncertainty theory. Int J Uncertain Fuzziness Knowl Based Syst 26(02):269–298MathSciNetCrossRef
23.
go back to reference Liao H, Yang L, Xu Z (2018) Two new approaches based on ELECTRE II to solve the multiple criteria decision making problems with hesitant fuzzy linguistic term sets. Appl Soft Comput 63:223–234CrossRef Liao H, Yang L, Xu Z (2018) Two new approaches based on ELECTRE II to solve the multiple criteria decision making problems with hesitant fuzzy linguistic term sets. Appl Soft Comput 63:223–234CrossRef
24.
go back to reference Torra V (2010) Hesitant fuzzy sets. Int J Intell Syst 25(06):529–539MATH Torra V (2010) Hesitant fuzzy sets. Int J Intell Syst 25(06):529–539MATH
25.
go back to reference Ashtiani M, Azgomi M (2016) A hesitant fuzzy model of computational trust considering hesitancy, vagueness and uncertainty. Appl Soft Comput 42:18–37CrossRef Ashtiani M, Azgomi M (2016) A hesitant fuzzy model of computational trust considering hesitancy, vagueness and uncertainty. Appl Soft Comput 42:18–37CrossRef
26.
go back to reference Wei G (2012) Hesitant fuzzy prioritized operators and their application to multiple attribute decision making. Knowled Based Syst 31:176–182CrossRef Wei G (2012) Hesitant fuzzy prioritized operators and their application to multiple attribute decision making. Knowled Based Syst 31:176–182CrossRef
27.
go back to reference Lan J, Jin R, Zheng Z, Hu M (2017) Priority degrees for hesitant fuzzy sets: application to multiple attribute decision making. Oper Res Perspect 4:67–73MathSciNet Lan J, Jin R, Zheng Z, Hu M (2017) Priority degrees for hesitant fuzzy sets: application to multiple attribute decision making. Oper Res Perspect 4:67–73MathSciNet
28.
go back to reference Tan C, Yi W, Chen X (2015) Hesitant fuzzy Hamacher aggregation operators for multi-criteria decision making. Appl Soft Comput 26:325–349CrossRef Tan C, Yi W, Chen X (2015) Hesitant fuzzy Hamacher aggregation operators for multi-criteria decision making. Appl Soft Comput 26:325–349CrossRef
29.
go back to reference Mosa A, Paton N (2016) Optimizing virtual machine placement for energy and SLA in clouds using utility functions. J Cloud Comput 5(1):17CrossRef Mosa A, Paton N (2016) Optimizing virtual machine placement for energy and SLA in clouds using utility functions. J Cloud Comput 5(1):17CrossRef
30.
go back to reference López-Pires F, Barán B (2017) Many-objective virtual machine placement. J Grid Comput 15(2):161–176CrossRef López-Pires F, Barán B (2017) Many-objective virtual machine placement. J Grid Comput 15(2):161–176CrossRef
31.
go back to reference Luo J, Song W, Yin L (2018) Reliable virtual machine placement based on multi-objective optimization with traffic-aware algorithm in industrial cloud. IEEE Access 6:23043–23052CrossRef Luo J, Song W, Yin L (2018) Reliable virtual machine placement based on multi-objective optimization with traffic-aware algorithm in industrial cloud. IEEE Access 6:23043–23052CrossRef
32.
go back to reference Agarwal A, Duong T (2019) Secure virtual machine placement in cloud data centers. Future Gener Comput Syst 100:210–222CrossRef Agarwal A, Duong T (2019) Secure virtual machine placement in cloud data centers. Future Gener Comput Syst 100:210–222CrossRef
33.
go back to reference Han J, Zang W, Chen S, Yu M (2017) Reducing security risks of clouds through virtual machine placement. In: Proceedings of the data and applications security and privacy XXXI, Philadelphia, PA, USA, pp 275–292 Han J, Zang W, Chen S, Yu M (2017) Reducing security risks of clouds through virtual machine placement. In: Proceedings of the data and applications security and privacy XXXI, Philadelphia, PA, USA, pp 275–292
34.
go back to reference Azar Y, Kamara S, Menache I, Raykova M, Shepard B (2014) Co-location-resistant clouds. In: Proceedings of the 6th edition of the ACM workshop on cloud computing security, Arizona, USA, pp 9–20 Azar Y, Kamara S, Menache I, Raykova M, Shepard B (2014) Co-location-resistant clouds. In: Proceedings of the 6th edition of the ACM workshop on cloud computing security, Arizona, USA, pp 9–20
35.
go back to reference Liang X, Gui X, Jian A, Ren D (2017) Mitigating cloud co-resident attacks via grouping-based virtual machine placement strategy. In: Proceedings of the 2017 IEEE 36th International Performance Computing and Communications Conference (IPCCC), San Diego, CA, pp 1–8 Liang X, Gui X, Jian A, Ren D (2017) Mitigating cloud co-resident attacks via grouping-based virtual machine placement strategy. In: Proceedings of the 2017 IEEE 36th International Performance Computing and Communications Conference (IPCCC), San Diego, CA, pp 1–8
36.
go back to reference Caron E, Cornabas J (2014) Improving users' isolation in IaaS: virtual machine placement with security constraints. In: Proceedings of the 2014 IEEE 7th International Conference on Cloud Computing, AK, USA, pp 64–71 Caron E, Cornabas J (2014) Improving users' isolation in IaaS: virtual machine placement with security constraints. In: Proceedings of the 2014 IEEE 7th International Conference on Cloud Computing, AK, USA, pp 64–71
37.
go back to reference Jhawar R, Piuri V, Samarati P (2012) Supporting security requirements for resource management in cloud computing. In: Proceedings of the 2012 IEEE 15th International Conference on Computational Science and Engineering, Nicosia, Cyprus, pp 170–177. Jhawar R, Piuri V, Samarati P (2012) Supporting security requirements for resource management in cloud computing. In: Proceedings of the 2012 IEEE 15th International Conference on Computational Science and Engineering, Nicosia, Cyprus, pp 170–177.
38.
go back to reference Al-Haj S, Al-Shaer E, Ramasamy H (2013) Security-aware resource allocation in clouds. In: Proceedings of the 2013 IEEE International Conference on Services Computing, Santa Clara, CA, USA, pp 400–407 Al-Haj S, Al-Shaer E, Ramasamy H (2013) Security-aware resource allocation in clouds. In: Proceedings of the 2013 IEEE International Conference on Services Computing, Santa Clara, CA, USA, pp 400–407
39.
go back to reference Bulatov A, Guruswami V, Krokhin A, Marx D (2016) The constraint satisfaction problem: complexity and approximability. Dagstuhl Rep 5(7):22–41 Bulatov A, Guruswami V, Krokhin A, Marx D (2016) The constraint satisfaction problem: complexity and approximability. Dagstuhl Rep 5(7):22–41
41.
go back to reference Yu S, Gui X, Lin J, Tian F, Zhao J, Dai M (2014) A security-awareness virtual machine management scheme based on Chinese wall policy in cloud computing. Sci World J 2014:1–12 Yu S, Gui X, Lin J, Tian F, Zhao J, Dai M (2014) A security-awareness virtual machine management scheme based on Chinese wall policy in cloud computing. Sci World J 2014:1–12
42.
go back to reference Li P, Gao D, Reiter M (2013) Mitigating access-driven timing channels in clouds using StopWatch. In: Proceedings of the 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Budapest, Hungary, pp 1–12 Li P, Gao D, Reiter M (2013) Mitigating access-driven timing channels in clouds using StopWatch. In: Proceedings of the 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Budapest, Hungary, pp 1–12
43.
go back to reference Zhang Y, Reiter M (2013) Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security—CCS'13, Berlin, Germany, pp 827–838 Zhang Y, Reiter M (2013) Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security—CCS'13, Berlin, Germany, pp 827–838
44.
go back to reference Vattikonda B, Das S, Shacham H (2011) Eliminating fine grained timers in Xen. In: Proceedings of the 3rd ACM workshop on Cloud computing security workshop—CCSW'11, Chicago, Illinois, USA, pp 41–46 Vattikonda B, Das S, Shacham H (2011) Eliminating fine grained timers in Xen. In: Proceedings of the 3rd ACM workshop on Cloud computing security workshop—CCSW'11, Chicago, Illinois, USA, pp 41–46
45.
go back to reference Alam M, Bhattacharya S, Mukhopadhyay D (2017) Tackling the time-defence: an instruction count based micro-architectural side-channel attack on block ciphers. In: Security, Privacy, and Applied Cryptography Engineering, pp 30–52 Alam M, Bhattacharya S, Mukhopadhyay D (2017) Tackling the time-defence: an instruction count based micro-architectural side-channel attack on block ciphers. In: Security, Privacy, and Applied Cryptography Engineering, pp 30–52
46.
go back to reference Freeman L (1977) A set of measures of centrality based on betweenness. Sociometry 40(1):35CrossRef Freeman L (1977) A set of measures of centrality based on betweenness. Sociometry 40(1):35CrossRef
47.
go back to reference Borgatti S, Halgin D (2016) Analyzing affiliation networks. In: Scott J, Carrington PJ (eds) The SAGE handbook of social network analysis. SAGE Publications, London Borgatti S, Halgin D (2016) Analyzing affiliation networks. In: Scott J, Carrington PJ (eds) The SAGE handbook of social network analysis. SAGE Publications, London
48.
go back to reference Hieu N, Francesco M, Ylä Jääski A (2014) A virtual machine placement algorithm for balanced resource utilization in cloud data centers. In: Proceedings of the IEEE 7th International Conference on Cloud Computing, Anchorage, AK, USA, pp 474–481 Hieu N, Francesco M, Ylä Jääski A (2014) A virtual machine placement algorithm for balanced resource utilization in cloud data centers. In: Proceedings of the IEEE 7th International Conference on Cloud Computing, Anchorage, AK, USA, pp 474–481
49.
go back to reference Cheng S (2018) Autocratic decision making using group recommendations based on hesitant fuzzy sets for green hotels selection and bidders selection. Inf Sci 467:604–617MathSciNetMATHCrossRef Cheng S (2018) Autocratic decision making using group recommendations based on hesitant fuzzy sets for green hotels selection and bidders selection. Inf Sci 467:604–617MathSciNetMATHCrossRef
50.
go back to reference Dinçer H, Yüksel S, Martínez L (2019) Balanced scorecard-based analysis about European energy investment policies: a hybrid hesitant fuzzy decision-making approach with quality function deployment. Expert Syst Appl 115:152–171CrossRef Dinçer H, Yüksel S, Martínez L (2019) Balanced scorecard-based analysis about European energy investment policies: a hybrid hesitant fuzzy decision-making approach with quality function deployment. Expert Syst Appl 115:152–171CrossRef
51.
go back to reference Sun G, Guan X, Yi X, Zhou Z (2018) An innovative TOPSIS approach based on hesitant fuzzy correlation coefficient and its applications. Appl Soft Comput 68:249–267CrossRef Sun G, Guan X, Yi X, Zhou Z (2018) An innovative TOPSIS approach based on hesitant fuzzy correlation coefficient and its applications. Appl Soft Comput 68:249–267CrossRef
Metadata
Title
A security-aware virtual machine placement in the cloud using hesitant fuzzy decision-making processes
Authors
Sattar Feizollahibarough
Mehrdad Ashtiani
Publication date
09-11-2020
Publisher
Springer US
Published in
The Journal of Supercomputing / Issue 6/2021
Print ISSN: 0920-8542
Electronic ISSN: 1573-0484
DOI
https://doi.org/10.1007/s11227-020-03496-4

Other articles of this Issue 6/2021

The Journal of Supercomputing 6/2021 Go to the issue

Premium Partner