An algorithm assigns virtual machines to hypervisors in a way that minimizes the chances of rendering a highly secure client vulnerable to attack through a client with weaker security.
One of the biggest vulnerabilities of cloud platforms stems from one of their greatest strengths -- shared storage resources that can be quickly provisioned to users via the creation of virtual machines, software-only emulations of computers and networks. The problem, according to Army Research Laboratory Electronics Engineer Charles Kamhoua, is that if a bad actor gets into an insecure virtual machine being used by a cloud client, other clients that share the same hypervisor -- cloud software that manages virtual machines -- are also at risk.
"An attacker can target an unsecured VM, and once that VM is compromised, the attack can move on to compromise the hypervisor," Kamhoua said. "At that point, the utility of a shared resource of the hypervisor has tipped toward the attacker because once the hypervisor is compromised, all other virtual machines on that hypervisor are easy prey for the attacker."
Kamhoua and two colleagues -- Luke Kwiat and Kevin Kwiat -- developed an algorithm that employs game theory to allocate clients to hypervisors depending on their security requirements and the sensitivity of their data, which minimizes the chances of rendering a highly secure client vulnerable to attack through a client with weaker security.
“Those who have less to lose will be put into one hypervisor, while those who have more to lose will be put into another hypervisor,” Kamhoua said.
The algorithm is based on two insights: First, all users on a hypervisor are vulnerable when a single user is vulnerable. Second, an attacker must decide how many resources to apply to an attack based on the likelihood of success in breaching defenses.
“The attacker now has to choose between trying to compromise the more secure hypervisor or the less secure hypervisor,” Kamoua said. Clients like the Army may prefer to pay extra to secure their own VM by collocating it "with others that have high security concerns…. [T]hey are indirectly protecting you.”
“The algorithm,” Kamoua said, “sorts all virtual machines from low to high and then considers the number of hypervisors to which they can be allocated.”
In short, he said, when presented with a two-hypervisor cloud platform that employs Kamhoua's algorithm, the attacker must decide between going after the more secure hypervisor -- where everyone will be very secure though the impacts of a breach would be big -- or going after a less-secure hypervisor that is easier to compromise but where the payoff will be low.
"This research arms cloud service providers that contract with the DOD with a proven mathematical framework to minimize the impact of cyber attacks in the cloud," Kamhoua said.