Toward a Protected Cloud Against Side Channel Attacks - A Game-Theoretic Framework.

In a side-channel collocation attack on a multitenant public cloud, an adversary seeks to leak sensitive information through launching malicious virtual machines (VMs) that would collocate with the victim VM and bypass the isolation provided by the hypervisor. This paper presents a game-theoretic framework to study the interaction between a cloud provider (defender) and an adversary launching side-channel collocation attacks. The defender seeks to select a security level to adjust the operations of the intrusion detection system, while the adversary seeks to optimize the collocation duration to leak information while avoiding being detected. In our model, we consider time-dependent cost/reward metrics for the players that are driven by the duration of the collocation. We obtain a Nash equilibrium solution to the game under existence conditions. Our numerical results validate the theoretical findings and illustrate the tradeoffs inherent to the game players.