Defending co‐resident attack using reputation‐based virtual machine deployment policy in cloud computing

Cloud computing enables users to utilize IT resources conveniently with low‐level cost, but it also brings some new threats. The co‐resident attack is one of the typical examples, where malicious users steal information from legal users by starting a virtual machine (VM) and building a side‐channel between VMs on the same server. Most of current studies focus mainly on defending the side‐channel attack, which requires modifications to the existing underlying architecture of cloud platforms. Some studies focus on security‐aware VMs deployment policies that can defeat co‐resident attacks through reduction of co‐residences. However, most of these studies ignore workload‐balance and energy‐efficiency. In addition, they neglect that data held in different VMs should have different security levels. Motivated by these issues, in this article, we first formalize the multi‐attackers co‐resident attack problem. The co‐located VMs rate (CVR) metric is proposed to evaluate the security level in cloud and a security‐aware policy named least‐danger‐based‐on‐reputation (LDBR) is presented to minimize the metric. Also, we propose extensional LDBR (E‐LDBR) policy to balance security, workload‐balance and energy consumption, and weighted‐LDBR (W‐LDBR) policy that considers users' different security levels. Experimental results indicate that LDBR outperforms PSSF (previous‐selected‐server‐first) by 15.02%‐22.07% in security, E‐LDBR is more balanced in workload and consumes less energy consumption, and W‐LDBR can reduce security threats by 13.3% compared with PSSF.