CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization

Fengzhe Zhang, Jin Chen, Haibo Chen, B. Zang
{"title":"CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization","authors":"Fengzhe Zhang, Jin Chen, Haibo Chen, B. Zang","doi":"10.1145/2043556.2043576","DOIUrl":null,"url":null,"abstract":"Multi-tenant cloud, which usually leases resources in the form of virtual machines, has been commercially available for years. Unfortunately, with the adoption of commodity virtualized infrastructures, software stacks in typical multi-tenant clouds are non-trivially large and complex, and thus are prone to compromise or abuse from adversaries including the cloud operators, which may lead to leakage of security-sensitive data. In this paper, we propose a transparent, backward-compatible approach that protects the privacy and integrity of customers' virtual machines on commodity virtualized infrastructures, even facing a total compromise of the virtual machine monitor (VMM) and the management VM. The key of our approach is the separation of the resource management from security protection in the virtualization layer. A tiny security monitor is introduced underneath the commodity VMM using nested virtualization and provides protection to the hosted VMs. As a result, our approach allows virtualization software (e.g., VMM, management VM and tools) to handle complex tasks of managing leased VMs for the cloud, without breaking security of users' data inside the VMs. We have implemented a prototype by leveraging commercially-available hardware support for virtualization. The prototype system, called CloudVisor, comprises only 5.5K LOCs and supports the Xen VMM with multiple Linux and Windows as the guest OSes. Performance evaluation shows that CloudVisor incurs moderate slow-down for I/O intensive applications and very small slowdown for other applications.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"6 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2011-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"412","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2043556.2043576","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 412

Abstract

Multi-tenant cloud, which usually leases resources in the form of virtual machines, has been commercially available for years. Unfortunately, with the adoption of commodity virtualized infrastructures, software stacks in typical multi-tenant clouds are non-trivially large and complex, and thus are prone to compromise or abuse from adversaries including the cloud operators, which may lead to leakage of security-sensitive data. In this paper, we propose a transparent, backward-compatible approach that protects the privacy and integrity of customers' virtual machines on commodity virtualized infrastructures, even facing a total compromise of the virtual machine monitor (VMM) and the management VM. The key of our approach is the separation of the resource management from security protection in the virtualization layer. A tiny security monitor is introduced underneath the commodity VMM using nested virtualization and provides protection to the hosted VMs. As a result, our approach allows virtualization software (e.g., VMM, management VM and tools) to handle complex tasks of managing leased VMs for the cloud, without breaking security of users' data inside the VMs. We have implemented a prototype by leveraging commercially-available hardware support for virtualization. The prototype system, called CloudVisor, comprises only 5.5K LOCs and supports the Xen VMM with multiple Linux and Windows as the guest OSes. Performance evaluation shows that CloudVisor incurs moderate slow-down for I/O intensive applications and very small slowdown for other applications.
CloudVisor:通过嵌套虚拟化改进多租户云中虚拟机的保护
多租户云,通常以虚拟机的形式租赁资源,已经在商业上可用多年了。不幸的是,随着商品虚拟化基础设施的采用,典型的多租户云中的软件堆栈非常庞大和复杂,因此容易受到包括云运营商在内的对手的破坏或滥用,这可能导致安全敏感数据的泄漏。在本文中,我们提出了一种透明的、向后兼容的方法,即使面临虚拟机监视器(VMM)和管理虚拟机的完全妥协,也可以保护商品虚拟化基础设施上客户虚拟机的隐私和完整性。我们的方法的关键是将虚拟化层中的资源管理与安全保护分离开来。在商品VMM下面引入了一个使用嵌套虚拟化的小型安全监视器,并为托管的虚拟机提供保护。因此,我们的方法允许虚拟化软件(例如,VMM,管理虚拟机和工具)处理管理云租用虚拟机的复杂任务,而不会破坏虚拟机内用户数据的安全性。我们已经通过利用商业上可用的虚拟化硬件支持实现了一个原型。原型系统名为CloudVisor,仅包含5.5K loc,支持Xen VMM,并将多个Linux和Windows作为客户机操作系统。性能评估表明,CloudVisor对于I/O密集型应用程序会导致适度的减速,而对于其他应用程序则会导致非常小的减速。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信