Architectural support of multiple hypervisors over single platform for enhancing cloud computing security

Weidong Shi, JongHyuk Lee, Taeweon Suh, Dong Hyuk Woo, Xinwen Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

This paper presents MultiHype, a novel architecture that supports multiple hypervisors (or virtual machine monitors) on a single physical platform by leveraging many-core based cloud-on-chip architecture. A MultiHype platform consists of a control plane and multiple hypervisors created on-demand, each can further create multiple guest virtual machines. Supported at architectural level, a single platform using MultiHype can behave as a distributed system with each hypervisor and its virtual machines running independently and concurrently. As a direct consequence, vulnerabilities of one hypervisor or its guest virtual machine can be confined within its own domain, which makes the platform more resilient to malicious attacks and failures in a cloud environment. Towards defending against resource exhaustion attacks, MultiHype further implements a new cache eviction policy and memory management scheme for preventing resource monopolization on shared cache, and defending against denial of resource exploits on physical memory resource launched from malicious virtual machines on shared platform. We use Bochs emulator and cycle based x86 simulation to evaluate the effectiveness and performance of MultiHype.

Original languageEnglish
Title of host publicationCF '12 - Proceedings of the ACM Computing Frontiers Conference
Pages75-84
Number of pages10
DOIs
Publication statusPublished - 2012 Jun 28
EventACM Computing Frontiers Conference, CF '12 - Cagliari, Italy
Duration: 2012 May 152012 May 17

Other

OtherACM Computing Frontiers Conference, CF '12
CountryItaly
CityCagliari
Period12/5/1512/5/17

Fingerprint

Cloud computing
Data storage equipment
Virtual machine

Keywords

  • architecture
  • scalability
  • security
  • virtualization

ASJC Scopus subject areas

  • Software

Cite this

Shi, W., Lee, J., Suh, T., Woo, D. H., & Zhang, X. (2012). Architectural support of multiple hypervisors over single platform for enhancing cloud computing security. In CF '12 - Proceedings of the ACM Computing Frontiers Conference (pp. 75-84) https://doi.org/10.1145/2212908.2212920

Architectural support of multiple hypervisors over single platform for enhancing cloud computing security. / Shi, Weidong; Lee, JongHyuk; Suh, Taeweon; Woo, Dong Hyuk; Zhang, Xinwen.

CF '12 - Proceedings of the ACM Computing Frontiers Conference. 2012. p. 75-84.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Shi, W, Lee, J, Suh, T, Woo, DH & Zhang, X 2012, Architectural support of multiple hypervisors over single platform for enhancing cloud computing security. in CF '12 - Proceedings of the ACM Computing Frontiers Conference. pp. 75-84, ACM Computing Frontiers Conference, CF '12, Cagliari, Italy, 12/5/15. https://doi.org/10.1145/2212908.2212920
Shi W, Lee J, Suh T, Woo DH, Zhang X. Architectural support of multiple hypervisors over single platform for enhancing cloud computing security. In CF '12 - Proceedings of the ACM Computing Frontiers Conference. 2012. p. 75-84 https://doi.org/10.1145/2212908.2212920
Shi, Weidong ; Lee, JongHyuk ; Suh, Taeweon ; Woo, Dong Hyuk ; Zhang, Xinwen. / Architectural support of multiple hypervisors over single platform for enhancing cloud computing security. CF '12 - Proceedings of the ACM Computing Frontiers Conference. 2012. pp. 75-84
@inproceedings{56e98faac9d540099586a1ff00b29f70,
title = "Architectural support of multiple hypervisors over single platform for enhancing cloud computing security",
abstract = "This paper presents MultiHype, a novel architecture that supports multiple hypervisors (or virtual machine monitors) on a single physical platform by leveraging many-core based cloud-on-chip architecture. A MultiHype platform consists of a control plane and multiple hypervisors created on-demand, each can further create multiple guest virtual machines. Supported at architectural level, a single platform using MultiHype can behave as a distributed system with each hypervisor and its virtual machines running independently and concurrently. As a direct consequence, vulnerabilities of one hypervisor or its guest virtual machine can be confined within its own domain, which makes the platform more resilient to malicious attacks and failures in a cloud environment. Towards defending against resource exhaustion attacks, MultiHype further implements a new cache eviction policy and memory management scheme for preventing resource monopolization on shared cache, and defending against denial of resource exploits on physical memory resource launched from malicious virtual machines on shared platform. We use Bochs emulator and cycle based x86 simulation to evaluate the effectiveness and performance of MultiHype.",
keywords = "architecture, scalability, security, virtualization",
author = "Weidong Shi and JongHyuk Lee and Taeweon Suh and Woo, {Dong Hyuk} and Xinwen Zhang",
year = "2012",
month = "6",
day = "28",
doi = "10.1145/2212908.2212920",
language = "English",
isbn = "9781450312158",
pages = "75--84",
booktitle = "CF '12 - Proceedings of the ACM Computing Frontiers Conference",

}

TY - GEN

T1 - Architectural support of multiple hypervisors over single platform for enhancing cloud computing security

AU - Shi, Weidong

AU - Lee, JongHyuk

AU - Suh, Taeweon

AU - Woo, Dong Hyuk

AU - Zhang, Xinwen

PY - 2012/6/28

Y1 - 2012/6/28

N2 - This paper presents MultiHype, a novel architecture that supports multiple hypervisors (or virtual machine monitors) on a single physical platform by leveraging many-core based cloud-on-chip architecture. A MultiHype platform consists of a control plane and multiple hypervisors created on-demand, each can further create multiple guest virtual machines. Supported at architectural level, a single platform using MultiHype can behave as a distributed system with each hypervisor and its virtual machines running independently and concurrently. As a direct consequence, vulnerabilities of one hypervisor or its guest virtual machine can be confined within its own domain, which makes the platform more resilient to malicious attacks and failures in a cloud environment. Towards defending against resource exhaustion attacks, MultiHype further implements a new cache eviction policy and memory management scheme for preventing resource monopolization on shared cache, and defending against denial of resource exploits on physical memory resource launched from malicious virtual machines on shared platform. We use Bochs emulator and cycle based x86 simulation to evaluate the effectiveness and performance of MultiHype.

AB - This paper presents MultiHype, a novel architecture that supports multiple hypervisors (or virtual machine monitors) on a single physical platform by leveraging many-core based cloud-on-chip architecture. A MultiHype platform consists of a control plane and multiple hypervisors created on-demand, each can further create multiple guest virtual machines. Supported at architectural level, a single platform using MultiHype can behave as a distributed system with each hypervisor and its virtual machines running independently and concurrently. As a direct consequence, vulnerabilities of one hypervisor or its guest virtual machine can be confined within its own domain, which makes the platform more resilient to malicious attacks and failures in a cloud environment. Towards defending against resource exhaustion attacks, MultiHype further implements a new cache eviction policy and memory management scheme for preventing resource monopolization on shared cache, and defending against denial of resource exploits on physical memory resource launched from malicious virtual machines on shared platform. We use Bochs emulator and cycle based x86 simulation to evaluate the effectiveness and performance of MultiHype.

KW - architecture

KW - scalability

KW - security

KW - virtualization

UR - http://www.scopus.com/inward/record.url?scp=84862660324&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84862660324&partnerID=8YFLogxK

U2 - 10.1145/2212908.2212920

DO - 10.1145/2212908.2212920

M3 - Conference contribution

SN - 9781450312158

SP - 75

EP - 84

BT - CF '12 - Proceedings of the ACM Computing Frontiers Conference

ER -