Security aware virtual machine consolidation in cloud computing

Western Sydney University thesis: Master's thesis

Abstract

Cloud Computing is a heterogeneous architecture, expanding on a broad range of technologies which provide several IT services. Many organisations have moved towards Cloud Computing architecture and hosting their data and services into the cloud-based data centres to reduce functional and maintenance cost. The increasing numbers of data centres are consuming significant power with an upward surge. In 2011, the energy consumed by data centres worldwide contributed to the 1.3% of the total global electricity usage. Hence, to preserve such huge energy and operating cost of data centres, the Cloud service providers consolidate Virtual Machines (VMs) to minimise the number of active physical machines. However, lack of reliable security measurements and policy enforcement during the consolidation process of virtual machines, have increased the security risks to the clients. Moreover, the distributive and multi-tenancy nature of Cloud-based VMs have extended the risk and security vulnerabilities like resource monitoring, side-channel threats, denial of service attacks and so on. The cost of server downtime is increasing in the data centres according to the study in 2016 by Ponemon Institute. Thus, it is essential to evaluate the vulnerability, intrusion behaviour and trusted relationship within the virtual machines as well as utilise the VM introspection to minimise the security threats. Therefore, in this thesis, the security issues in the VM-based Cloud Computing environment have been identified. A methodical approach has been proposed to fill the gaps in relation to safety concerns in Cloud VM consolidation. This method is based on the compartment isolation mechanism that reduces the security risk in a shared computing environment in the event of spreading of malware or side-channel attacks. Eventually, contemplating on the security-related information of the each host, the security profiles of the VMs are constructed and ranked. These profiles contribute as one of the key metrics during the virtual machine consolidation that leads towards security-aware VM consolidation. Hence, this dissertation offers a novel approach to developing security measurements for virtual machines by amalgamating all the threat parameters, namely inner vulnerability, intrusion behaviour analysis and introspection for each virtual machine. Additionally, a security-aware energy efficient VM selection and placement algorithm are introduced to consolidate the VMs. The algorithm is implemented and tested in a reliable and widely used Cloud simulator. The Sample Cloud Computing workload is used to study the security-aware VM consolidation, including the impact of this approach on power consumption in data centres. The simulation results show that the security-aware Local Regression VM selection method with Minimum Migration Time VM placement algorithms outweighs other security-aware dynamic algorithms when applying the security-based VM isolation. The simulation results also demonstrate that the solution is scalable while increasing the number of hosts. Additionally, the solution also exhibits consistency when the workload was increased.
Date of Award2016
Original languageEnglish

Keywords

  • cloud computing
  • information technology
  • security measures
  • computer security
  • data protection

Cite this

'