ISBN: 978-981-11-3671-9 DOI: 10.18178/wcse.2017.06.140
An Anti-Side-Channel Virtual CPU Scheduling Algorithm Based on Leakage Evaluation for Virtual Machine Security
Abstract— Infrastructure as a service (IaaS) which is one of the cloud computing's service modes provides
virtual machines to clients via shared physical machines. This Service provides convenience for many
enterprises, but also introduces new security threats. Many studies have shown that the co-residency sidechannel
can be used to extract sensitive information by malicious users. Remarkably, Soo-Jin has present a
migration-based system called Nomad to mitigating known and future side-channel which is more universal
than the traditional method. However, large scale migration will lead to huge network overheads. To solve
the above problems, the characteristics of co-residency side-channel on the single physical server is analyzed,
based on which two virtual machine schedule algorithms according the leakage model in Nomad were
proposed. The simulation results show that the algorithm can mitigate the threats effectively.
Index Terms— Side-channel, Scheduler, IaaS, Xen.
Yuanzhi Du, Xuehui Du, Zhi Yang
State Key Laboratory of Mathematical Engineering and Advanced Computing, CHINA
Cite: Yuanzhi Du, Xuehui Du, Zhi Yang, "An Anti-Side-Channel Virtual CPU Scheduling Algorithm Based on Leakage Evaluation for Virtual Machine Security," Proceedings of 2017 the 7th International Workshop on Computer Science and Engineering, pp. 800-807, Beijing, 25-27 June, 2017.