Advanced Search
Volume 41 Issue 9
Sep.  2019
Turn off MathJax
Article Contents
Kaizhi HUANG, Qirun PAN, Quan YUAN, Wei YOU. A Virtual Node Migration Method for Sensing Side-channel Risk[J]. Journal of Electronics & Information Technology, 2019, 41(9): 2164-2171. doi: 10.11999/JEIT180905
Citation: Kaizhi HUANG, Qirun PAN, Quan YUAN, Wei YOU. A Virtual Node Migration Method for Sensing Side-channel Risk[J]. Journal of Electronics & Information Technology, 2019, 41(9): 2164-2171. doi: 10.11999/JEIT180905

A Virtual Node Migration Method for Sensing Side-channel Risk

doi: 10.11999/JEIT180905
Funds:  The National Key R & D Program Cyberspace Security Special (2016YFB0801605), The National Natural Science Foundation Innovative Groups Project of China (61521003)
  • Received Date: 2018-09-20
  • Rev Recd Date: 2019-02-26
  • Available Online: 2019-03-11
  • Publish Date: 2019-09-10
  • In order to defend against Side-Channel Attacks (SCA) in Network Slicing (NS), the existing defense methods based on dynamic migration have the problem that the conditions for sharing of physical resources between different virtual nodes are not strict enough, a virtual node migration method is proposed for sensing side-channel risk. According to the characteristics of SCA, the entropy method is used to evaluate the side-channel risks and migrate the virtual node from a server with large deviation from average risk. The Markov decision process is used to describe the migration of virtual nodes for network slicing, and the Sarsa learning algorithm is used to solve the optimal migration scheme. The simulation results show that this method can separates malicious network slice instances from other target network slice instances to achieve the purpose of defense side channel attacks.
  • loading
  • NGMN Alliance. 5G white paper[EB/OL]. https://www.ngmn.org/5g-white-paper/5g-white-paper.html, 2015.
    WANG Zhiming, WU Jiangxing, GUO Zehua, et al. Secure virtual network embedding to mitigate the risk of covert channel attacks[C]. 2016 IEEE Conference on Computer Communications Workshops, San Francisco, USA, 2016: 144–145.
    RISTENPART T, TROMER E, SHACHAM H, et al. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds[C]. The 16th ACM Conference on Computer and Communications Security, Chicago, USA, 2009: 199–212.
    GULMEZOGLU B, İNCI M S, IRAZOQUI G, et al. Cross-VM cache attacks on AES[J]. IEEE Transactions on Multi-Scale Computing Systems, 2016, 2(3): 211–222. doi: 10.1109/tmscs.2016.2550438
    OKAMURA K and OYAMA Y. Load-based covert channels between Xen virtual machines[C]. 2010 ACM Symposium on Applied Computing, Sierre, Switzerland, 2010: 173–180.
    YU Si, GUI Xiaolin, and LIN Jiancai. An approach with two-stage mode to detect cache-based side channel attacks[C]. 2013 International Conference on Information Networking, Bangkok, Thailand, 2013: 186–191.
    WANG Lina, LIU Weijie, KUMAR N, et al. A novel covert channel detection method in cloud based on XSRM and improved event association algorithm[J]. Security and Communication Networks, 2016, 9(16): 3543–3557. doi: 10.1002/sec.1560
    WANG Zhenghong and LEE R B. A novel cache architecture with enhanced performance and security[C]. The 41st Annual IEEE/ACM International Symposium on Microarchitecture, Lake Como, Italy, 2008: 83–93.
    PATTUK E, KANTARCIOGLU M, LIN Zhiqiang, et al. Preventing cryptographic key leakage in cloud virtual machines[C]. The 23rd Usenix Conference on Security Symposium, San Diego, USA, 2014: 703–718.
    HAN Yi, CHAN J, ALPCAN T, et al. Using virtual machine allocation policies to defend against co-resident attacks in cloud computing[J]. IEEE Transactions on Dependable and Secure Computing, 2017, 14(1): 95–108. doi: 10.1109/tdsc.2015.2429132
    ADILI M T, MOHAMMADI A, MANSHAEI M H, et al. A cost-effective security management for clouds: A game-theoretic deception mechanism[C]. 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), Lisbon, Portugal, 2017: 98–106.
    赵硕, 季新生, 毛宇星, 等. 基于安全等级的虚拟机动态迁移方法[J]. 通信学报, 2017, 38(7): 165–174. doi: 10.11959/j.issn.1000-436x.2017091

    ZHAO Shuo, JI Xinsheng, MAO Yuxing, et al. Research on dynamic migration of virtual machine based on security level[J]. Journal on Communications, 2017, 38(7): 165–174. doi: 10.11959/j.issn.1000-436x.2017091
    YU Si, GUI Xiaolin, LIN Jiancai, et al. A security-awareness virtual machine management scheme based on Chinese wall policy in cloud computing[J]. The Scientific World Journal, 2014, 2014: 805923. doi: 10.1155/2014/805923
    桂小林, 余思, 黄汝维, 等. 一种面向云计算环境侧通道攻击防御的虚拟机部署方法[P]. 中国, 102571746, 2012.

    GUI Xiaolin, YU Si, HUANG Ruwei, et al. Virtual machine deployment method oriented to side channel attack defense of cloud computation environment[P]. CN, 102571746, 2012.
    LIANG Xin, GUI Xiaolin, JIAN A N, et al. Mitigating cloud co-resident attacks via grouping-based virtual machine placement strategy[C]. The 36th IEEE International Performance Computing and Communications Conference, San Diego, USA, 2017: 1–8.
    ANWAR A H, ATIA G, GUIRGUIS M. It’s time to migrate! A game-theoretic framework for protecting a multi-tenant cloud against collocation attacks[C]. The 11th IEEE International Conference on Cloud Computing, San Francisco, USA, 2018: 725–731.
    ALJAZZAR H and LEUE S. K*: A heuristic search algorithm for finding the k shortest paths[J]. Artificial Intelligence, 2011, 175(18): 2129–2154. doi: 10.1016/j.artint.2011.07.003
    GILLANI F, AL-SHAER E, LO S, et al. Agile virtualized infrastructure to proactively defend against cyber attacks[C]. 2015 IEEE Conference on Computer Communications, Hong Kong, China, 2015: 729–737.
    GONG Long, WEN Yonggang, ZHU Zuqing, et al. Toward profit-seeking virtual network embedding algorithm via global resource capacity[C]. IEEE Conference on Computer Communications, Toronto, Canada, 2014: 1–9.
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(8)  / Tables(5)

    Article Metrics

    Article views (2008) PDF downloads(80) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return