Security of Separated Data in Cloud Systems with Competing Attack Detection and Data Theft Processes

Empowered by virtualization technology, service requests from cloud users can be honored through creating and running virtual machines. Virtual machines established for different users may be allocated to the same physical server, making the cloud vulnerable to co‐residence attacks where a malicious...

Full description

Saved in:
Bibliographic Details
Published inRisk analysis Vol. 39; no. 4; pp. 846 - 858
Main Authors Levitin, Gregory, Xing, Liudong, Huang, Hong‐Zhong
Format Journal Article
LanguageEnglish
Published United States Blackwell Publishing Ltd 01.04.2019
Subjects
Cloud system
cost
co‐residence attack
Cybersecurity
Data integrity
data partition
data security
early warning
Optimization
Parameters
Partition
Partitions (mathematics)
Probabilistic models
Residence
Risk assessment
Statistical analysis
Technology
Theft
Virtual environments
virtual machine
data partition
cost
virtual machine
co-residence attack
data security
early warning
Cloud system
Online AccessGet full text
ISSN0272-4332
1539-6924
1539-6924
DOI10.1111/risa.13219

Cover

More Information
Summary:Empowered by virtualization technology, service requests from cloud users can be honored through creating and running virtual machines. Virtual machines established for different users may be allocated to the same physical server, making the cloud vulnerable to co‐residence attacks where a malicious attacker can steal a user's data through co‐residing their virtual machines on the same server. For protecting data against the theft, the data partition technique is applied to divide the user's data into multiple blocks with each being handled by a separate virtual machine. Moreover, early warning agents (EWAs) are deployed to possibly detect and prevent co‐residence attacks at a nascent stage. This article models and analyzes the attack success probability (complement of data security) in cloud systems subject to competing attack detection process (by EWAs) and data theft process (by co‐residence attackers). Based on the suggested probabilistic model, the optimal data partition and protection policy is determined with the objective of minimizing the user's cost subject to providing a desired level of data security. Examples are presented to illustrate effects of different model parameters (attack rate, number of cloud servers, number of data blocks, attack detection time, and data theft time distribution parameters) on the attack success probability and optimization solutions.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
content type line 23
ISSN:0272-4332
1539-6924
1539-6924
DOI:10.1111/risa.13219