Handling Co-Resident Attacks: A Case For Cost-Efficient Dedicated Resource Provisioning

Co-resident attacks on public clouds could extract sensitive information like encryption keys, memory content or workload patterns from cloud-based applications. Most existing defense mechanisms have been targeting cloud providers. They usually require substantial changes to the underlying hardware, cloud infrastructure or VM placement strategies, therefore making their deployment difficult. In this work, we investigate secure VM provisioning from the user perspective. Our approach leverages existing secure resource allocation methods provided by public cloud providers such as EC2 Dedicated Instances. We consider several different VM provisioning algorithms which are secure, cost-effective and at the same time immediately deployable for cloud users without any changes required from cloud providers' part. Extensive experiments using real workload traces and EC2 resource pricing confirm the effectiveness of our approach. To the best of our knowledge, this work is the first to consider secure and cost-effective VM provisioning from the user perspective.