Reconsidering Intrusion Monitoring Requirements in Shared Cloud Platforms

Multi-tenancy is the core feature that enables efficiency and cost effectiveness of cloud computing. However, it brings several new security concerns. Ensuring ´strong isolation´ between co-localized tenants remains the most critical issue. This work aims at highlighting new attack strategies brought by the resource sharing paradigm in multi-tenant elastic IaaS Clouds in order to understand impacts of these attacks on the design of Intrusion Detection Systems in Cloud. The first part of this paper surveys the literature related to accepted vulnerabilities. Several Proofs of Concept are described and classified according to the results of the exploitation of these vulnerabilities. In the second part, we argue the existence of new attack strategies able to take advantage of the mechanisms which enable autonomic elasticity. These mechanisms are by nature sensitive to VMs resource consumption which can be easily manipulated by attacks. Finally, we give a representation of the presented vulnerabilities to engage a discussion on the limitations of pure user-centric security monitoring approaches for guaranteeing VM security.