A Game-Theoretic Framework for the Virtual Machines Migration Timing Problem
This addresses security risks for cloud providers and users by modeling migration timing as a strategic interaction, though it is incremental as it applies game theory to a known bottleneck in cloud security.
The paper tackles the problem of timing virtual machine migrations in multi-tenant clouds to reduce side-channel attack risks, developing a game-theoretic framework that establishes Nash equilibria conditions and characterizes best responses for both cloud providers and adversaries, with theoretical findings supported by numerical results.
In a multi-tenant cloud, a number of Virtual Machines (VMs) are collocated on the same physical machine to optimize performance, power consumption and maximize profit. This, however, increases the risk of a malicious VM performing side-channel attacks and leaking sensitive information from neighboring VMs. To this end, this paper develops and analyzes a game-theoretic framework for the VM migration timing problem in which the cloud provider decides \emph{when} to migrate a VM to a different physical machine to reduce the risk of being compromised by a collocated malicious VM. The adversary decides the rate at which she launches new VMs to collocate with the victim VMs. Our formulation captures a data leakage model in which the cost incurred by the cloud provider depends on the duration of collocation with malicious VMs. It also captures costs incurred by the adversary in launching new VMs and by the defender in migrating VMs. We establish sufficient conditions for the existence of Nash equilibria for general cost functions, as well as for specific instantiations, and characterize the best response for both players. Furthermore, we extend our model to characterize its impact on the attacker's payoff when the cloud utilizes intrusion detection systems that detect side-channel attacks. Our theoretical findings are corroborated with extensive numerical results in various settings.