Authors (if Research)
Fengzhe Zhang, Jin Chen and Binyu Zang
Proceedings of Symposium on Operating Systems Principles (SOSP-2011), Cascais, Portugal, October 2011
Abstract: Multi-tenant cloud, which usually leases resources in the form of virtual machines, has been commercially available for year
s. Unfortunately, with the adoption of commodity virtualized in frastructures, software stacks in typical multi-tenant clouds are non-trivially large and complex, and thus are prone to compromise or abuse from adversaries including the cloud operators, which may lead to leakage of security-sensitive data.
In this paper, we propose a transparent, backward-compatible approach that protects the privacy and integrity of customers’ virtual machines on commodity virtualized infrastructures, even f
acing a total compromise of the virtual machine monitor (VMM) and the management VM. The key of our approach is the separation of the resource management from security protection in the virtua
lization layer. A tiny security monitor is introduced underneath the commodity VMM using nested virtualization and provides protection
to the hosted VMs. As a result, our approach allows virtualization software (e.g., VMM, management VM and tools) to handle complex tasks of managing leased VMs for the cloud, without brea
king security of users’ data inside the VMs.
We have implemented a prototype by leveraging commercially-available hardware support for virtualization. The prototype system, called CloudVisor, comprises only 5.5K LOCs and suppor
ts the Xen VMM with multiple Linux and Windows as the guest OSes. Performance evaluation shows that CloudVisor incurs moderate slowdown for I/O intensive applications and very small slowdown
for other applications.