A new secure proxy-based distributed virtual machines management in mobile cloud computing

The mobile cloud computing as an excellent paradigm offers on-demand services, whereas users can be confident once using them. Nevertheless, the existing cloud virtualization systems are not secure enough regarding the mediocre degree of data protection, which avoids individuals and organizations to engage with this technology. Therefore, the security of sensitive data may be affected when mobile users move it out to the cloud exactly during the processing in virtual machines (VMs). Many studies show that sensitive data of legitimate users’ VMs may be the target of malicious users, which lead to violating VMs’ confidentiality and privacy. The current approaches offer various solutions for this security issue. However, they are suffering from many inconveniences such as unauthorized distributed VM access behavior and robust strategies that ensure strong protection of communication of sensitive data among distributed VMs. The purpose of this paper is to present a new security proxy-based approach that contains three policies based on secured hashed DiffieHellman keys for user access control and VM deployment and communication control management in order to defend against three well-known attacks on the mobile cloud environment (co-resident attacks, hypervisor attacks and distributed attacks). The related attacks lead to unauthorized access to sensitive data between different distributed mobile applications while using the cloud as a third party for sharing resources. The proposed approach is illustrated using a healthcare case study. Including the experimental results that show interesting high-efficiency protection and accurate attacks identification

Virtual machine allocation policies against co-resident attacks in cloud computing

While the services-based model of cloud computing makes more and more IT resources available to a wider range of customers, the massive amount of data in cloud platforms is becoming a target for malicious users. Previous studies show that attackers can co-locate their virtual machines (VMs) with target VMs on the same server, and obtain sensitive information from the victims using side channels. This paper investigates VM allocation policies and practical countermeasures against this novel kind of co-resident attack by developing a set of security metrics and a quantitative model. A security analysis of three VM allocation policies commonly used in existing cloud computing platforms reveals that the server's configuration, oversubscription and background traffic have a large impact on the ability to prevent attackers from co-locating with the targets. If the servers are properly configured, and oversubscription is enabled, the best policy is to allocate new VMs to the server with the most VMs. Based on these results, a new strategy is introduced that effectively decreases the probability of attackers achieving co-residence. The proposed solution only requires minor changes to current allocation policies, and hence can be easily integrated into existing cloud platforms to mitigate the threat of co-resident attacks