An SRN-Based Model for Assessing Co-Resident Attack Mitigation in Cloud with VM Migration and Allocation Policies.

Cloud computing provides users with cost-effective on-demand resource sharing, but the shared resources also creates additional security risks due to co-location with malicious tenants. In addition to static defensive technologies, Virtual Machine (VM) migration, a type of Moving Target Defense (MTD) technique, provides an alternative solution to mitigate co-resident attacks by dynamically migrating services/tasks among various servers. Although significant progress has been made in this area, critical gaps remain regarding the quantification of these techniques' synergistic effectiveness in cloud computing, as previous research focused on either evaluating the defensive capability of MTD or on examining the characteristics of static strategies. In this paper, we aim to use analytical modeling techniques to quantitatively evaluate the synergistic effectiveness of integrating MTD with VM allocation policies. We designed a synergistically defensive architecture and proposed a Stochastic Reward Net (SRN) model to describe the execution and attacking processes of tasks migrating among multiple servers under three commonly used allocation policies. Moreover, experiments were implemented using SimPy to verify the analytical results obtained from the SRN model and to broaden the evaluation scope. Our comprehensive assessment, using both SRN and experiments, evaluates the defensive capacity and corresponding features for different scenarios. The obtained simulation results were approximate, with an error rate of less than 3.40 %, reflecting the reliability of our methods. Several defensive suggestions were further summarized based on the evaluation.