Defending Mission-Critical Virtual Machines in Clouds
Security is essential for the success of the infrastructure-as-a- service (IaaS) business model, a key component of the popular "cloud" concept. Mission-critical virtual machines (VM) running in clouds handle sensitive information that must be protected and run applications whose operation must not be compromised. These VMs often need to exchange information with peers outside the cloud in order to fulfill their tasks.To improve efficiency and cut costs, popular IaaS providers offer users a virtualized environment running on top of shared hardware. This is a sensible strategy in many respects, but it opens up the possibility of side-channel attacks. Moreover, exchanging data across the cloud boundaries requires the VMs to be reachable from the Internet. However, the traditional way of accomplishing this by using public IP addresses makes the VMs vulnerable to denial-of-service (DoS) attacks.