Optimal data partitioning in cloud computing system with random server assignment

Cloud computing provides a paradigm where users can utilize various configurable IT resources in an on-demand and cost-effective manner. However, new security risks such as co-resident attacks have arisen. This paper models a situation when a user partitions and distributes sensitive data among several virtual machines to make unauthorized access to the entire data difficult in a cloud environment subject to the co-resident attacks. The attacker creates virtual machines in the same environment aiming to get access to users' data. The cloud resource management system distributes all virtual machines among servers at random. The unauthorized access to data associated with user's virtual machine is possible only if this machine co-resides in the same server with the attacker's virtual machines. It is assumed that creating a side channel and getting access to the data is a common event for all the servers in which user's and attacker's virtual machines co-reside. Based on the suggested probabilistic model, an optimal number of user's virtual machines (i.e., number of different data blocks partitioned) is obtained for a fixed or an uncertain number of attacker's virtual machines, and for the case where the attacker knows the number of user's virtual machines and responds optimally on any number of these machines. Examples demonstrate that the proposed optimal data partitioning policy can effectively mitigate effects of the co-resident attacks through minimizing user's losses.