Proceedings of the Second International Conference on Inventive Systems and Control (ICISC 2018)

IEEE Xplore Compliant - Part Number:CFP18J06-ART, ISBN:978-1-5386-0807-4; DVD Part Number:CFP18J06DVD, ISBN:978-1-5386-0806-7

ANALYSIS OF VARIOUS VIRTUAL MACHINE

ATTACKS IN CLOUD COMPUTING

S. Annapoorani Dr. B. Srinivasan G. A. Mylavathi

Department of Computer Science Department of Computer Science Department of Computer Science
Gobi Arts & Science College Gobi Arts & Science College Gobi Arts & Science College
Gobichettipalayam, India Gobichettipalayam, India Gobichettipalayam
sannapooranisathy@gmail.com srinivasan_gasc@gmail.com mylavathiga@gmail.com

Abstract— Cloud Computing is advanced technology for Cloud computing products, also called cloud service
resource sharing through network with less cost as delivery models, as in Below Fig1 shows, which are often
compare to other technologies. Cloud infrastructure roughly classified into a hierarchy of a service terms,
supports various models IaaS, SaaS, PaaS. Today the most presented here in order of increasing specialization:
important technique used in cloud computing is the Fig 1. Cloud Service Models
concept of virtualization. By using virtualization, more
than one operating system is supported with all resources Software as a Service (SaaS)
on single hardware. In addition, the virtualization
technology has limit security capabilities in order to secure Platform as a Service (PaaS)
wide area cloud environment. Sharing of one database to
many tenants is known as Multi tenancy. Multi-tenancy is
achieved by utilizing virtualization and allowing resource Infrastructure as a Service (IaaS)
sharing where Multi-tenancy is seen differently from
different service models.To secure cloud infrastructure a
hypervisor based virtualization is used. This paper Cloud physical
describes the various virtual machine security attacks and Infrastructure
analysis the various attacks based on hypervisor security
in virtualization environment.

Keywords— Virtualisation components, VMs attacks,
Multi tenancy, Hypervisor, VMs attacks
INTRODUCTION
Cloud computing supports multiple resources,
including computing resources, to deliver an integrated service
to the end user. In Cloud Computing, the IT and business
resources such as servers, storage, network, applications, and
processes that can be dynamically stipulated to the user needs
and workload. Cloud computing means storing and accessing
data and programs over the internet from a remote location.
When we store data on or run a program from the local
computer’s hard drive, this is called local storage and
computing. The formal definition of Cloud Computing comes
from the NIST: “Cloud computing is a model of for enabling
ubiquitous, convenient, on-demand network access to a shared
pool of configurable computing resources that can be rapidly
provisioned and released with minimal management effort or
service provider interaction”. This is composed of five
essential characteristics, three service models, and four
deployment models.
Infrastructure-as-a-service (IaaS): where cloud providers
deliver computation resources, storage and network as an
internet-based services. This service model is based on the
virtualization technology. Amazon EC2 is the most IaaS
provider.
Platform-as-a-service (PaaS): where cloud providers deliver
platforms, tools and other business services that enable
customers to develop, deploy, and manage their own
applications, without installing any of these platforms or
support tools on their local be hosted on top of IaaS model or
on top of the cloud infrastructures directly. Google Apps and
Microsoft Windows Azure are the most known.
Software-as-a-service (SaaS) applications hosted on the
cloud infrastructure as internet based service for end users,
applications on the customers’ computers be hosted on top of
PaaS, IaaS or directly hosted on cloud infrastructure.
SalesForce CRM is an example of the provider.

978-1-5386-0807-4/18/$31.00 ©2018 IEEE 1016

Authorized licensed use limited to: VIT University. Downloaded on March 14,2022 at 16:09:48 UTC from IEEE Xplore. Restrictions apply.
 Proceedings of the Second International Conference on Inventive Systems and Control (ICISC 2018)
IEEE Xplore Compliant - Part Number:CFP18J06-ART, ISBN:978-1-5386-0807-4; DVD Part Number:CFP18J06DVD, ISBN:978-1-5386-0806-7
I. MULTI TENANCY
The requirements for cloud services such as multi
tenancy, service life cycle management, security,.. Multi
tenancy provides isolation of the different users of the cloud
system (tenants) while maximizing resource sharing. To
increase the resource utilization, the companies started using
the technology called virtualization where a single physical
infrastructure can be used to run multiple OS and applications.
II. VIRTUALISATION COMPONENTS
Virtualization is a technology that enables the single
physical infrastructure to function as a multiple logical
infrastructure or resources. The virtualization reduces the huge
amount invested in buying additional resources. [2]
Virtualization is a technique, which allows to share single
physical instance of an application or resource among multiple
organizations or tenants. Hardware virtualization is the
abstraction of computing resources from the software that uses
those resources. Hardware virtualization is also called server
virtualization. Hardware virtualization installs a hypervisor or
virtual machine manager (VMM), which creates an abstraction
layer between the software and the underlying hardware.
Virtual Machine Security becomes as important as physical
machine security. Virtualized environments are vulnerable to
all types of attacks for normal infrastructures. The virtual
machine is managed by a software or firmware, which is
known as hypervisor.
A. Hypervisor
A hypervisor or virtual machine monitor (VMM) is
computer software, firmware or hardware that creates and runs
virtual machines (Fig 2). A computer on which a hypervisor
runs one or more virtual machines is called a host machine,
and each virtual machine is called a guest machine.
Hypervisors are the software tool sits in between Virtual
Machines and physical infrastructure and provides the
required virtual infrastructure for VMs. After the hypervisor
gets compromised, the attacker can have the malicious
activities such as (i) get the not authorized access to the other
VMs which share the physical hardware. (ii) Attacker should
use the hardware resources completely to launch resource for
extreme attacks etc.
Fig 2. Hypervisor
Application Application
Virtual Machine1 Virtual Machine2
Hypervisor (VMM)
Host OS
Shared Hardware
978-1-5386-0807-4/18/$31.00 ©2018 IEEE
Authorized licensed use limited to: VIT University. Downloaded on March 14,2022 at 16:09:48 UTC from IEEE Xplore. Restrictions apply.
The goal of our work is to understand the concept of
multitenancy and the various types of virtual machine attacks
in cloud environment.
III. TYPES OF VIRTUAL MACHINE ATTACKS
Several Researchers has been find out that the Mutli-
tenancy as a security issue in Cloud computing such as [1]
who proposed a survey on security issues in service delivery
models in clouds and also stated that Multi-tenancy is an
important for Cloud Computing characteristics that leads to
confidentiality contravention. [3] states that the Multi-tenancy
is achieved by utilizing virtualization and allowing resource
sharing where Multi-tenancy is seen differently from different
service models. In Software-as-a-Service (SaaS), applications
are provided as s service by the Cloud Service Provider (CSP)
where the customer cannot monitor or control the underlying
infrastructure.
A. Denial of Service (DoS) Attacks
[4] introduces a secure hypervisor-based Technology
create a secure cloud environment. Basically, as the cloud
gives services to legal users. It can also services to users that
have malicious purposes. A hacker can use a cloud to host a
malicious application to achieve the object which may be a
DDoS attacks against the cloud itself, or targetting another
user in the cloud. For example, an attacker knew that his
victim is using a cloud vendor with name X, now attacker by
using similar cloud provider can sketch an attack against the
victims.
B. Co-Residential Attacks
The co-residential attack, where malicious users build
side channels and extract private information from virtual
machines co-located on the same server[5]. The attacker is
able to extract any private information from the victim, need
to co-locate the VMs with the target VMs. This paper
investigates VM allocation policies and practical counter
measures against by developing a set of security metrics and a
quantitative model. In this paper, discussed about all the
aspects of security, workload balance and power consumption
into consideration to make PSSF more applicable to existing
commercial cloud platforms. [6] A virtual cloud resource
allocation model is proposed. In this, the problem of virtual
cloud resources allocation is abstracted as a utility-
maximization problem, taking tradeoffs between the utility of
the data center and the performance of the applications into
account, and maximizing the utility on the premise of meet
user’s performance.
The co-resident attack that targets the virtualisation
level, the bottom of the software stack. In this type of attack,
the attacker has a clear set of target virtual machines (VMs),
and they intend to extract private information from these
victims, by co-locating their own attack VMs with the target
VMs on the same physical server and then building different
kinds of side channels
1017
 Proceedings of the Second International Conference on Inventive Systems and Control (ICISC 2018)
IEEE Xplore Compliant - Part Number:CFP18J06-ART, ISBN:978-1-5386-0807-4; DVD Part Number:CFP18J06DVD, ISBN:978-1-5386-0806-7

C. Cache-Based Side Channel Attacks servers on which malicious VMs are co-located with at least
one of the T targets, divided by the total number of VMs
[7] Resource sharing in cloud computing raises a threat of launched by the attacker, i.e., Efficiency
Cache-Based Side Channel Attack (CSCA). It is proposed to (|VM(A,t)|)=|Servers(SuccVM( A,t)|/T
detect and prevent guest virtual machines from CSCA. Cache Note that the focus based on preventing attackers from co-
miss patterns were analysed in this solution to detect side locating with their targets, and consider that once co-residence
channel attack. CSCA is divided into two types and those are is achieved, attackers are able to construct side channels.
time driven cache attacks, and trace driven cache attacks. It is Although a second co-resident VM can make it easier for
based on a cloud setting with two VMs installed on a same attackers to extract sensitive information from the victim
physical machine using bare-metal hypervisor sharing highest which is focus on preventing any co-residence.
level cache. x Coverage
IV. ANALYSIS OF EXISTING ALGORITHMS Another criterion to measure the success of an attack
is the percentage of the conquered targets, i.e., Coverage,
which equals the number of target VMs co-located with
Unlike most previous work that studies the malicious VMs started in the attack, divided by the number of
elimination of side channels, it provides a different perspective targets T, i.e., Coverage (|VM(A,t)|)=|SuccTarget( A,t)|/T
in this research, by exploring multiple ways to improve VM where L is a legal user, and the target of A, Target(A), is the
allocation policies, so that it would be difficult and expensive set of VMs started by L, i.e., Target(A) = ΣtVM(L,t),
for attackers to achieve co-location. Specifically, the main |Target(A)| = T; SuccTarget(A,t) is a subset of Target(A) that
contributions include a set of appropriate security metrics are co-locates with at least one VM from VM(A,t).
defined for assessing different VM allocation policies, in
x VMmin
terms of their abilities in defending against the co-resident This is defined as the minimum number of VMs that
attack. Based on these metrics, an underlying fundamental the attacker needs to start so that at least one of them co-
principle is identified towards designing more secure policies. locates with at least one target. It is an estimate of the
A new policy named PSSF (Previously Selected minimum effort an attacker has to take in order to achieve co-
Server First) is proposed that takes into consideration all three residence.
aspects of security, workload balance and power consumption
– it mitigates the threat of co-resident attacks, but also satisfies
Table 1: Definitions regarding the security metrics
the constraints in workload balance and low power
consumption. A defence mechanism is designed that further
Name Definition
improves the effectiveness of the PSSF policy, by including a
K The total number of servers
machine learning approach based on clustering analysis and
A The attacker
semi-supervised learning. Our experimental results suggest
that once the mechanism is deployed, the overall costs for the L A legal user. The target of A is the
attacker will be substantially increased. set of VMs started by L
A game theoretic approach is applied to defend VM(L,t) The set of VMs started by L at
against co-resident attacks for two purposes. First, it time t
demonstrates that in order to increase the unpredictability for VM(A,t) The set of VMs started by A
the attacker in the VM allocation process, and hence the during one attack at time t
difficulty to launch attacks, it is better for cloud providers to Target(A) The target set of VMs that A
have a policy pool, where each policy is chosen with a certain intends to co-locate with,
probability. Second, a security game model is used to help Target(A) = ΣtVM(L,t),
determine the parameters in the defence mechanism, and guide |Target(A)| = T
the defender (cloud provider) to adapt their strategy over time. SuccTarget(A,t) A subset of Target(A) that co-
locates with at least one VM from
VM(A,t)
A. DEFINIITION OF SECURITY METRICS SuccVM(A,t) A subset of VM(A,t) that co-
locates with at least one of the T
In order to quantitatively analyse different VM allocation targets
policies, in terms of their abilities in defending against the co- Servers({a set of Servers that host the set of VMs
resident attack, to define the following three security metrics VMs})
(the definitions of all notation are given in Table 1):
x Efficiency
For attackers, clearly it is desirable to co-locate with V.HYPERVISOR SECURITY
as many targets as possible by starting the minimum number In a virtualization environment, there are several
of VMs. Hence, we define Efficiency as the gains divided by Virtual Machines that may have independent security zones
the costs. More precisely speaking, it equals the number of which are not accessible from other virtual machines that have

978-1-5386-0807-4/18/$31.00 ©2018 IEEE 1018

Authorized licensed use limited to: VIT University. Downloaded on March 14,2022 at 16:09:48 UTC from IEEE Xplore. Restrictions apply.
 Proceedings of the Second International Conference on Inventive Systems and Control (ICISC 2018)
IEEE Xplore Compliant - Part Number:CFP18J06-ART, ISBN:978-1-5386-0807-4; DVD Part Number:CFP18J06DVD, ISBN:978-1-5386-0806-7

their own zones. A hypervisor has its own security zone, and it
is the controlling agent for everything within the virtualization [8] Omar Abdel Wahab, Jarnal Bentahar, Hadi Otrok, and Azzam
host. Hypervisor can touch and affect all acts of the virtual Mourad, “ Optimal Load Distribution of VM-based DDoS
machines running within the virtualization host. There are Attacks in the Cloud”, IEEE Transactions on Service
Computing, 2017.
multiple security zones exist within the same physical
infrastructure. This can cause a security issue when an attacker
[9] Manjinder Singh, Charanjit Singh, “ Multi Tenancy Security in
takes control over the hypervisor. [2] Another major Cloud Computing”, International Journal of Engineering
virtualization security concern is “escaping the virtual Sciences & Research Technology, Vol.6 Issue 3, 2017.
machine” ot the ability to reach the hypervisor from within the
virtual machine level. [10] Raghvendra Kumar, Arti Pandey, “ A Survey on Security Issues
in Cloud Computing”, IJSRSET, Vol. 2 Issue 3. 2016. Journal
V. CONCLUSION of Grid Distribution Computing Vol.8, No.2, 2015, pp.177-190.
This paper shows that security is the most significant
user’s concerns in cloud computing. In this paper, we focussed
on the various virtual machine security attacks and its analysis
in cloud environment. Attacks against the hypervisor
becoming more popular among the attackers realm. In this
paper, it is highlighted that Multi- tenancy as vulnerability
and provided in depth understanding related to different
dimensions and measures of security attacks in Multi tenancy.
And also discussed about the hypervisor security with in the
virtual machine environment.

REFERENCES
[1] S. Subashini, and V. Kavitha, “A Survey on security issues in
service delivery models of cloud computing,” Journal of
Network and Computer Applications, 2011.

[2] K. Sunitha, “ A Survey on Securing the Virtual Machines in

Cloud Computing “ International Journal of Innovative Science,
Engineering & Technology,Vol. 1 Issue 4, 2014.

[3] Hussian AlJahdali, Abdulaziz Albatli, Peter Garraghan, Paul

Townend, Lydia Lau, “Multi- tenancy in Cloud Computing”,
International Symposium on Service Oriented Engineering
(SOSE), 2014.

[4] Rajesh Bose, Debabrata Sarddar, “ A Secure Hypervisor-based

Technology Create a Secure Cloud Environment”, International
Journal of Emerging Research in Management & Technology,
Vol.4 Issue 2, 2015.

[5] Yi Han, Jeffrey Chan, Tansu Alpcan, Christopher Keckie,

“Using Virtual Machine Allocation Policies to defense against
Co-resident Attacks in Cloud Computing”, IEEE Transactions
on Dependable and Secure Computing, 2015.

[6] Zhu Jianrong , Li Jing and Zhuang Yi,“ Utility-based Virtual

Cloud Resource Allocation Model and Algorithm in Cloud
Computing” International Algorithm in Cloud Computing”
International Journal of Grid Distribution Computing Vol.8,
No.2, 2015, pp.177-190.

[7] Munish Chouhan and Halabi Hasbullah, “Defense against

Cache-Based Side Channel Attacks for secure Cloud
Computing” ARPN Journal of Engineering and Applied
Sciences Vol.11 No.22, (2016), ISSN 1819-6608.

978-1-5386-0807-4/18/$31.00 ©2018 IEEE 1019

Authorized licensed use limited to: VIT University. Downloaded on March 14,2022 at 16:09:48 UTC from IEEE Xplore. Restrictions apply.