Optimized security-aware VM placement for enhanced intrusion tolerance and resilience in IaaS clouds using MILP

Infrastructure-as-a-Service (IaaS) clouds offer unparalleled flexibility but introduce complex security challenges, particularly concerning Virtual Machine (VM) placement. Security-oblivious VM allocation can lead to catastrophic failures if a physical server is compromised, as all co-resident VMs become vulnerable, diminishing service resilience and escalating the potential damage (blast radius). This research proposes a novel, user-driven framework for security-aware VM placement that leverages Mixed Integer Linear Programming (MILP) to enhance intrusion tolerance and service resilience while managing operational costs. The framework allows administrators to define granular security policies, including VM criticality, service compositions, mandatory VM separation, service diversity requirements, and anti-affinity rules. These policies are integrated into the MILP model alongside traditional objectives like energy, latency, and provisioning cost minimization, governed by user-configurable weights. Through comprehensive simulations based on 60 VMs and 20 servers for weight analysis, and scaling up to 120 VMs for performance evaluation, we demonstrate the framework’s ability to significantly reduce security risks, such as minimizing the potential blast radius and ensuring service component dispersion. For instance, increasing criticality weight (Wcrit) from 0 to 2.0 reduced the maximum blast radius from 20-22 to 13-15, though with an increase in the security-focused objective value. Ten comparative analyses illustrate the impact of various security postures on overall system performance and cost.