Migrant Attack: A Multi-Resource DoS Attack on Cloud Virtual Machine Migration Schemes
Date Issued
2015
Date
2015
Author(s)
Yeh, Jia-Rung
Abstract
Live virtual machine (VM) migration is the core technology in elastic cloud computing. With live VM migration, cloud providers can improve resource use and quality of service by adjusting the VM placement on demand. However, live migration is expensive because of high CPU usage and the negative effect on co-located VMs, and frequent live migration thus severely undermines the performance of the cloud. Although existing dynamic allocation schemes are designed to minimize the number of live migrations, this study demonstrated that a denial-of-service adversary can cause excessive live migrations by exploiting dynamic allocation. The attack, which we term migrant attack, deliberately varies the resource usages of a malicious VM to trigger live migration. A crucial feature of the migrant attack is that even if VMs on the same physical machine are perfectly isolated through virtualization, a malicious VM can affect the availability of the co-located VMs. As proof of concept, we investigated two common VM allocation schemes: load balancing and consolidation. We evaluated the effectiveness of the attack by using both simulations and testbed experiments. The evaluation results demonstrated that the downtime with two malicious VMs can make more than 250 s and nearly 50 s without any attack in three hours and the restriction of migration times can effectively mitigate the frequenty migration directly. We also discuss several potential countermeasures, such as enforcing another layer of isolation between malicious and harmless VMs in dynamic allocation schemes.
Subjects
Denial of Service
Cloud
Resource allocation
Virtualization
Virtual machine
Type
thesis
File(s)![Thumbnail Image]()
Loading...
Name
ntu-104-R02922107-1.pdf
Size
23.32 KB
Format
Adobe PDF
Checksum
(MD5):100cbcb40ddf7431f3622701d4c2ba99