Ratsoma , MSDlamini, MTEloff, JHPVenter, HS2025-03-032025-03-032015-03978-1-910309-96-4https://dl.acm.org/doi/10.5555/2800378http://hdl.handle.net/10204/14115The usage and adoption of cloud computing as a public deployment model is continuously improving, regardless of the security issues involved. This can be attributed to the huge benefits that the cloud provides such as pay-per-use model, quick deployment, turn-around times, huge cost saving, flexible and on-demand self-service provision to cloud users. Since public cloud makes use of virtualisation technology, VMs belonging to clients who are in competition may be placed within the same physical infrastructure. This raises the issue around hosting VMs from clients who might be in direct conflict on the same physical infrastructure. Malicious clients could exploit and launch inter-VM attacks to leak confidential information with a competitive advantage. A lot could happen once confidential data is illegally disclosed to unauthorized users. This work makes an attempt to eliminate the confidential data leakage threat posed by inter-VM attacks within the cloud. Hence, it sets itself up to investigate and determine an approach to physically separate potentially conflicting client VMs within the cloud in order to mitigate the confidential data leakage threat posed by inter-VM attacks. In this paper, we propose a conflict-aware VM allocation and placement architecture that is implemented with an algorithm modelled using a Chinese Wall Security Policy for physical separation of VMs. The solution is abstracted and applied to different levels of conflict and different levels of the cloud; the data centres, clusters and physical nodes, hence optimizing allocation in terms of conflict of interest. This solution focuses on optimally allocating compute space to client VMs depending on their conflict of interest which then determines the separation distances between conflicting clients’ VM. This guarantees that clients who are in direct conflict will have their VMs placed very far from each other and VMs belonging to clients that are not in conflict may be placed within the same physical node.AbstractenCloud computingVirtualisation technologyConflict of interestInter-VM attackChinese Wall PolicyConference Presentation15689