A Virtual Node Migration Method for Sensing Side-channel Risk

Kaizhi HUANG; Qirun PAN; Quan YUAN; Wei YOU

doi:10.11999/JEIT180905

Volume 41 Issue 9

Sep. 2019

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2019 > 41(9): 2164-2171

Kaizhi HUANG, Qirun PAN, Quan YUAN, Wei YOU. A Virtual Node Migration Method for Sensing Side-channel Risk[J]. Journal of Electronics & Information Technology, 2019, 41(9): 2164-2171. doi: 10.11999/JEIT180905

Citation:

Kaizhi HUANG, Qirun PAN, Quan YUAN, Wei YOU. A Virtual Node Migration Method for Sensing Side-channel Risk[J]. Journal of Electronics & Information Technology, 2019, 41(9): 2164-2171. doi: 10.11999/JEIT180905

Citation:

PDF( 2012 KB)

A Virtual Node Migration Method for Sensing Side-channel Risk

doi: 10.11999/JEIT180905

National Digital Switching System Engineering and Technological R&D Center, Zhengzhou 450002, China

Funds: The National Key R & D Program Cyberspace Security Special (2016YFB0801605), The National Natural Science Foundation Innovative Groups Project of China (61521003)

Received Date: 2018-09-20
Rev Recd Date: 2019-02-26

Available Online: 2019-03-11

Publish Date: 2019-09-10

Abstract

Abstract

In order to defend against Side-Channel Attacks (SCA) in Network Slicing (NS), the existing defense methods based on dynamic migration have the problem that the conditions for sharing of physical resources between different virtual nodes are not strict enough, a virtual node migration method is proposed for sensing side-channel risk. According to the characteristics of SCA, the entropy method is used to evaluate the side-channel risks and migrate the virtual node from a server with large deviation from average risk. The Markov decision process is used to describe the migration of virtual nodes for network slicing, and the Sarsa learning algorithm is used to solve the optimal migration scheme. The simulation results show that this method can separates malicious network slice instances from other target network slice instances to achieve the purpose of defense side channel attacks.
- Network Slicing (NS),
- Security isolation,
- Side-Channel Attacks (SCA),
- Markov decision process,
- Sarsa algorithm

FullText(HTML)

References(19)

References

NGMN Alliance. 5G white paper[EB/OL]. https://www.ngmn.org/5g-white-paper/5g-white-paper.html, 2015.

WANG Zhiming, WU Jiangxing, GUO Zehua, et al. Secure virtual network embedding to mitigate the risk of covert channel attacks[C]. 2016 IEEE Conference on Computer Communications Workshops, San Francisco, USA, 2016: 144–145.

RISTENPART T, TROMER E, SHACHAM H, et al. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds[C]. The 16th ACM Conference on Computer and Communications Security, Chicago, USA, 2009: 199–212.

GULMEZOGLU B, İNCI M S, IRAZOQUI G, et al. Cross-VM cache attacks on AES[J]. IEEE Transactions on Multi-Scale Computing Systems, 2016, 2(3): 211–222. doi: 10.1109/tmscs.2016.2550438

OKAMURA K and OYAMA Y. Load-based covert channels between Xen virtual machines[C]. 2010 ACM Symposium on Applied Computing, Sierre, Switzerland, 2010: 173–180.

YU Si, GUI Xiaolin, and LIN Jiancai. An approach with two-stage mode to detect cache-based side channel attacks[C]. 2013 International Conference on Information Networking, Bangkok, Thailand, 2013: 186–191.

WANG Lina, LIU Weijie, KUMAR N, et al. A novel covert channel detection method in cloud based on XSRM and improved event association algorithm[J]. Security and Communication Networks, 2016, 9(16): 3543–3557. doi: 10.1002/sec.1560

WANG Zhenghong and LEE R B. A novel cache architecture with enhanced performance and security[C]. The 41st Annual IEEE/ACM International Symposium on Microarchitecture, Lake Como, Italy, 2008: 83–93.

PATTUK E, KANTARCIOGLU M, LIN Zhiqiang, et al. Preventing cryptographic key leakage in cloud virtual machines[C]. The 23rd Usenix Conference on Security Symposium, San Diego, USA, 2014: 703–718.

HAN Yi, CHAN J, ALPCAN T, et al. Using virtual machine allocation policies to defend against co-resident attacks in cloud computing[J]. IEEE Transactions on Dependable and Secure Computing, 2017, 14(1): 95–108. doi: 10.1109/tdsc.2015.2429132

ADILI M T, MOHAMMADI A, MANSHAEI M H, et al. A cost-effective security management for clouds: A game-theoretic deception mechanism[C]. 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), Lisbon, Portugal, 2017: 98–106.

赵硕, 季新生, 毛宇星, 等. 基于安全等级的虚拟机动态迁移方法[J]. 通信学报, 2017, 38(7): 165–174. doi: 10.11959/j.issn.1000-436x.2017091

ZHAO Shuo, JI Xinsheng, MAO Yuxing, et al. Research on dynamic migration of virtual machine based on security level[J]. Journal on Communications, 2017, 38(7): 165–174. doi: 10.11959/j.issn.1000-436x.2017091

YU Si, GUI Xiaolin, LIN Jiancai, et al. A security-awareness virtual machine management scheme based on Chinese wall policy in cloud computing[J]. The Scientific World Journal, 2014, 2014: 805923. doi: 10.1155/2014/805923

桂小林, 余思, 黄汝维, 等. 一种面向云计算环境侧通道攻击防御的虚拟机部署方法[P]. 中国, 102571746, 2012.

GUI Xiaolin, YU Si, HUANG Ruwei, et al. Virtual machine deployment method oriented to side channel attack defense of cloud computation environment[P]. CN, 102571746, 2012.

LIANG Xin, GUI Xiaolin, JIAN A N, et al. Mitigating cloud co-resident attacks via grouping-based virtual machine placement strategy[C]. The 36th IEEE International Performance Computing and Communications Conference, San Diego, USA, 2017: 1–8.

ANWAR A H, ATIA G, GUIRGUIS M. It’s time to migrate! A game-theoretic framework for protecting a multi-tenant cloud against collocation attacks[C]. The 11th IEEE International Conference on Cloud Computing, San Francisco, USA, 2018: 725–731.

ALJAZZAR H and LEUE S. K*: A heuristic search algorithm for finding the k shortest paths[J]. Artificial Intelligence, 2011, 175(18): 2129–2154. doi: 10.1016/j.artint.2011.07.003

GILLANI F, AL-SHAER E, LO S, et al. Agile virtualized infrastructure to proactively defend against cyber attacks[C]. 2015 IEEE Conference on Computer Communications, Hong Kong, China, 2015: 729–737.

GONG Long, WEN Yonggang, ZHU Zuqing, et al. Toward profit-seeking virtual network embedding algorithm via global resource capacity[C]. IEEE Conference on Computer Communications, Toronto, Canada, 2014: 1–9.

Relative Articles

Supplements(0)

Cited By

Proportional views