SWAP: Security aware provisioning and migration of phone clones over mobile clouds

Mobile cloud provides smart phone users with unprecedented opportunities to enjoy the abundant computing and storage resources of cloud computing. One viable scheme is to offload computational intensive applications to a mobile phone´s agent in the cloud, which could be implemented as a thin virtual machine (VM), also termed as phone clone, in the cloud. Due to shared hardware components (e.g. memory bus and CPU cache) among co-resident VMs, a VM is subject to covert channel attacks and may potentially leak information to other VMs located in the same physical host. Due to the large number of phone clones, it is not practical to guarantee absolute physical isolation of phone clones, and as such a phone clone may have to “dance with strangers” on the same host. In this paper, we address two critical problems in such a computing platform: how to allocate phone clones to minimize the risk of information leakage and how to migrate phone clones whenever the risk becomes higher than a given threshold. We design SWAP: a security aware provisioning and migration scheme for phone clones. Our solution utilizes the spatial and temporal features of phone clones, and by considering the online social connection of mobile users, we greatly simplify the search space of the optimal solution. Experimental results indicate that our algorithms are nearly optimal for phone clone allocation and are effective to maintain low risk with a small number of phone clone migrations.