Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Risk-Aware Sensitive Property-Driven Resource Management in Cloud Datacenters

Muhamad Felemban, Abdulrahman Almutairi, Arif Ghafoor

TL;DR

This work tackles the risk of data leakage in cloud datacenters arising from multitenancy by introducing a Sensitive Property Profile (SPP) atop RBAC/CRBAC policies and modeling sensitive information using information-theoretic measures. The authors formalize the Risk-aware Sensitive Property-driven Assignment Problem (RSPAP), prove its NP-completeness, and propose two heuristics, Top-Down Heuristic (TDH) and Neighbor-Based Heuristic (NBH), to assign roles to virtual resources while minimizing disclosure risk. They framework uses a vulnerability matrix and two measures, KL-divergence and mutual information, to quantify information leakage, and validate the approach on Gowalla check-in data, showing how risk and risk-reduction change with datacenter sensitivity and resource counts. The study demonstrates that structured resource allocation guided by SPP and information-theoretic risk metrics can meaningfully reduce data leakage risk in cloud environments, with practical implications for secure, context-aware datacenter management.

Abstract

Organizations are increasingly moving towards the cloud computing paradigm, in which an on-demand access to a pool of shared configurable resources is provided. However, security challenges, which are particularly exacerbated by the multitenancy and virtualization features of cloud computing, present a major obstacle. In particular, sharing of resources among potentially untrusted tenants in access controlled cloud datacenters can result in increased risk of data leakage. To address such risk, we propose an efficient risk-aware sensitive property-driven virtual resource assignment mechanism for cloud datacenters. We have used two information-theoretic measures, i.e., KL-divergence and mutual information, to represent sensitive properties in the dataset. Based on the vulnerabilities of cloud architecture and the sensitive property profile, we have formulated the problem as a cost-drive optimization problem. The problem is shown to be NP-complete. Accordingly, we have proposed two heuristics and presented simulation based performance results for cloud datacenters with multiple sensitivity.

Risk-Aware Sensitive Property-Driven Resource Management in Cloud Datacenters

TL;DR

This work tackles the risk of data leakage in cloud datacenters arising from multitenancy by introducing a Sensitive Property Profile (SPP) atop RBAC/CRBAC policies and modeling sensitive information using information-theoretic measures. The authors formalize the Risk-aware Sensitive Property-driven Assignment Problem (RSPAP), prove its NP-completeness, and propose two heuristics, Top-Down Heuristic (TDH) and Neighbor-Based Heuristic (NBH), to assign roles to virtual resources while minimizing disclosure risk. They framework uses a vulnerability matrix and two measures, KL-divergence and mutual information, to quantify information leakage, and validate the approach on Gowalla check-in data, showing how risk and risk-reduction change with datacenter sensitivity and resource counts. The study demonstrates that structured resource allocation guided by SPP and information-theoretic risk metrics can meaningfully reduce data leakage risk in cloud environments, with practical implications for secure, context-aware datacenter management.

Abstract

Organizations are increasingly moving towards the cloud computing paradigm, in which an on-demand access to a pool of shared configurable resources is provided. However, security challenges, which are particularly exacerbated by the multitenancy and virtualization features of cloud computing, present a major obstacle. In particular, sharing of resources among potentially untrusted tenants in access controlled cloud datacenters can result in increased risk of data leakage. To address such risk, we propose an efficient risk-aware sensitive property-driven virtual resource assignment mechanism for cloud datacenters. We have used two information-theoretic measures, i.e., KL-divergence and mutual information, to represent sensitive properties in the dataset. Based on the vulnerabilities of cloud architecture and the sensitive property profile, we have formulated the problem as a cost-drive optimization problem. The problem is shown to be NP-complete. Accordingly, we have proposed two heuristics and presented simulation based performance results for cloud datacenters with multiple sensitivity.

Paper Structure

This paper contains 27 sections, 3 theorems, 18 equations, 19 figures, 2 tables, 3 algorithms.

Table of Contents

  1. Introduction
  2. Cloud Vulnerability and Authorization Policy for Datacenters
  3. Cloud Vulnerability and Data Leakage Risk Model
  4. Context-aware Role-Based Access Control
  5. Sensitive Property Profile (SPP) of RBAC
  6. Statistical Model for Cardinality Estimation of Roles
  7. Modeling Sensitivity of Cloud Datacenter
  8. Information-Theoretic Modeling of Sensitive Properties
  9. $KLD$-based Representation of Sensitive Property
  10. $MI$-based Representation of Sensitive Property
  11. Problem Definition and Formulation
  12. Proposed Heuristics for RSPAP
  13. Top-Down Heuristic (TDH)
  14. Neighbor-Based Heuristic (NBH)
  15. Performance Evaluation
  16. ...and 12 more sections

Key Result

Theorem 3.1

RSPAP problem is NP-complete.

Figures (19)

  • Figure 1: Example of check-in data controlled by a CRBAC policy
  • Figure 2: Virtual resource management architecture.
  • Figure 3: RBAC policy representation.
  • Figure 4: A statistical characterization of sensitivity of cloud datacenters
  • Figure 5: Global and local p.m.f.
  • ...and 14 more figures

Theorems & Definitions (11)

  • Definition 2.1
  • Definition 2.2
  • Example 2.1
  • Example 2.2
  • Definition 3.1
  • Theorem 3.1
  • proof
  • Lemma 4.1
  • proof
  • Lemma 4.2
  • ...and 1 more