In multi-tenant cloud data centers, resource sharing poses significant data leakage risks due to cross-tenant interference. Method: This paper proposes a sensitivity-aware virtual resource allocation mechanism driven by sensitive attributes. It innovatively introduces KL divergence and mutual information to quantify data sensitivity—marking the first application of such information-theoretic measures in this context—and formulates a cost-driven optimization model jointly minimizing security risk and resource cost. We prove the problem is NP-complete and design two efficient heuristic algorithms. Results: Experiments on a multi-sensitivity-level cloud simulation environment demonstrate that our approach substantially reduces data leakage risk while maintaining a balanced trade-off between resource utilization and allocation efficiency. Core contributions include: (1) establishing a novel information-theoretic paradigm for sensitivity quantification; (2) proposing the first risk–cost co-optimization framework for virtual resource allocation; and (3) delivering scalable, practical scheduling algorithms.

Organizations are increasingly moving towards the cloud computing paradigm, in which an on-demand access to a pool of shared configurable resources is provided. However, security challenges, which are particularly exacerbated by the multitenancy and virtualization features of cloud computing, present a major obstacle. In particular, sharing of resources among potentially untrusted tenants in access controlled cloud datacenters can result in increased risk of data leakage. To address such risk, we propose an efficient risk-aware sensitive property-driven virtual resource assignment mechanism for cloud datacenters. We have used two information-theoretic measures, i.e., KL-divergence and mutual information, to represent sensitive properties in the dataset. Based on the vulnerabilities of cloud architecture and the sensitive property profile, we have formulated the problem as a cost-drive optimization problem. The problem is shown to be NP-complete. Accordingly, we have proposed two heuristics and presented simulation based performance results for cloud datacenters with multiple sensitivity.