چكيده به لاتين
The introduction of cloud computing systems brought with itself a solution for dynamic scaling of computing resources leveraging various approaches for leasing computing power, networking, and storage. On the other hand, it helped decrease the human resource cost by delegating the maintenance cost of infrastructures and platforms to the cloud providers. Nevertheless, the security risks of utilizing shared resources is recognized as one of the major concerns in using cloud computing environments. One of the major security challenges that threatens these services is the attacks on the virtualization layer. In this layer, an intruder can use security vulnerabilities in the virtualization layer to exploit other co-located VMs or the hypervisor itself. The intruder can directly attack a VM and gain access to the given VM or even rent a VM on CP infrastructure to be placed on the victim setting. After that, the intruder has multiple possibilities, he/she is enabled to attack instantly to other VMs by applying some vulnerabilities or simply attack the hypervisor or using shared memory to apply side-channel attacks. If the attacker can compromise the hypervisor then all VMs are accessible and at this point, the high level of security risk is considered. Therefore, using a mechanism to decrease the co-location degree of vulnerable VMs on the same PM can be effective in reducing such security risks. The prevention of such co-locations that allows for the penetration of virtual machines through vulnerable ones is the primary aim of the current research.To address these issues, we have proposed a security-aware virtual machine placement scheme to reduce the risk of vulnerable virtual machines co-location. The security-aware term explicitly refers to the evaluation of security risks of co-allocated virtual machines, nevertheless, the evaluation of security risks, due to the nature of various vulnerabilities and also the deployment environments is not quite accurate. To manage the precision of security evaluation, it is vital to consider some hesitancy factors regarding security evaluations. Thus, to consider hesitancy in our proposed method, Hesitant Fuzzy Sets is applied and several experimental evaluations will demonstrate the benefits of this method. In the proposed method, the priorities of the cloud provider for the allocation of virtual machines are also considered. This will allow the model to assign more weight for attributes that have higher importance for the cloud provider. An illustrative example and the result of the evaluation, illustrate the effectiveness of this priority degree too.
