Multi-processor architectural support for protecting virtual machine privacy in untrusted cloud environment

Yuanfeng Wen, Jong Hyuk Lee, Ziyi Liu, Qingji Zheng, Weidong Shi, Shouhuai Xu, Taeweon Suh

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

Virtualization is fundamental to cloud computing because it allows multiple operating systems to run simultaneously on a physical machine. However, it also brings a range of security/ privacy problems. One particularly challenging and important problem is: how can we protect the Virtual Machines (VMs) from being attacked by Virtual Machine Monitors (VMMs) and/or by the cloud vendors when they are not trusted? In this paper, we propose an architectural solution to the above problem in multi-processor cloud environments. Our key idea is to exploit hardware mechanisms to enforce access control over the shared resources (e.g., memory spaces), while protecting VM memory integrity as well as inter-processor communications and data sharing. We evaluate the solution using full-system emulation and cycle-based architecture models. Experiments based on 20 benchmark applications show that the performance overhead is 1.5%- 10% when access control is enforced, and 9%-19% when VM memory is encrypted.

Original languageEnglish
Title of host publicationProceedings of the ACM International Conference on Computing Frontiers, CF 2013
DOIs
Publication statusPublished - 2013 Jul 4
Event2013 ACM International Conference on Computing Frontiers, CF 2013 - Ischia, Italy
Duration: 2013 May 142013 May 16

Other

Other2013 ACM International Conference on Computing Frontiers, CF 2013
CountryItaly
CityIschia
Period13/5/1413/5/16

Fingerprint

Access control
Data storage equipment
Cloud computing
Hardware
Virtual machine
Communication
Experiments
Virtualization

Keywords

  • Cloud
  • Multi-processor architectural support
  • VM privacy

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Software

Cite this

Wen, Y., Lee, J. H., Liu, Z., Zheng, Q., Shi, W., Xu, S., & Suh, T. (2013). Multi-processor architectural support for protecting virtual machine privacy in untrusted cloud environment. In Proceedings of the ACM International Conference on Computing Frontiers, CF 2013 https://doi.org/10.1145/2482767.2482799

Multi-processor architectural support for protecting virtual machine privacy in untrusted cloud environment. / Wen, Yuanfeng; Lee, Jong Hyuk; Liu, Ziyi; Zheng, Qingji; Shi, Weidong; Xu, Shouhuai; Suh, Taeweon.

Proceedings of the ACM International Conference on Computing Frontiers, CF 2013. 2013.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Wen, Y, Lee, JH, Liu, Z, Zheng, Q, Shi, W, Xu, S & Suh, T 2013, Multi-processor architectural support for protecting virtual machine privacy in untrusted cloud environment. in Proceedings of the ACM International Conference on Computing Frontiers, CF 2013. 2013 ACM International Conference on Computing Frontiers, CF 2013, Ischia, Italy, 13/5/14. https://doi.org/10.1145/2482767.2482799
Wen Y, Lee JH, Liu Z, Zheng Q, Shi W, Xu S et al. Multi-processor architectural support for protecting virtual machine privacy in untrusted cloud environment. In Proceedings of the ACM International Conference on Computing Frontiers, CF 2013. 2013 https://doi.org/10.1145/2482767.2482799
Wen, Yuanfeng ; Lee, Jong Hyuk ; Liu, Ziyi ; Zheng, Qingji ; Shi, Weidong ; Xu, Shouhuai ; Suh, Taeweon. / Multi-processor architectural support for protecting virtual machine privacy in untrusted cloud environment. Proceedings of the ACM International Conference on Computing Frontiers, CF 2013. 2013.
@inproceedings{492052cd78fe43d48508d067ce8083f8,
title = "Multi-processor architectural support for protecting virtual machine privacy in untrusted cloud environment",
abstract = "Virtualization is fundamental to cloud computing because it allows multiple operating systems to run simultaneously on a physical machine. However, it also brings a range of security/ privacy problems. One particularly challenging and important problem is: how can we protect the Virtual Machines (VMs) from being attacked by Virtual Machine Monitors (VMMs) and/or by the cloud vendors when they are not trusted? In this paper, we propose an architectural solution to the above problem in multi-processor cloud environments. Our key idea is to exploit hardware mechanisms to enforce access control over the shared resources (e.g., memory spaces), while protecting VM memory integrity as well as inter-processor communications and data sharing. We evaluate the solution using full-system emulation and cycle-based architecture models. Experiments based on 20 benchmark applications show that the performance overhead is 1.5{\%}- 10{\%} when access control is enforced, and 9{\%}-19{\%} when VM memory is encrypted.",
keywords = "Cloud, Multi-processor architectural support, VM privacy",
author = "Yuanfeng Wen and Lee, {Jong Hyuk} and Ziyi Liu and Qingji Zheng and Weidong Shi and Shouhuai Xu and Taeweon Suh",
year = "2013",
month = "7",
day = "4",
doi = "10.1145/2482767.2482799",
language = "English",
isbn = "9781450320535",
booktitle = "Proceedings of the ACM International Conference on Computing Frontiers, CF 2013",

}

TY - GEN

T1 - Multi-processor architectural support for protecting virtual machine privacy in untrusted cloud environment

AU - Wen, Yuanfeng

AU - Lee, Jong Hyuk

AU - Liu, Ziyi

AU - Zheng, Qingji

AU - Shi, Weidong

AU - Xu, Shouhuai

AU - Suh, Taeweon

PY - 2013/7/4

Y1 - 2013/7/4

N2 - Virtualization is fundamental to cloud computing because it allows multiple operating systems to run simultaneously on a physical machine. However, it also brings a range of security/ privacy problems. One particularly challenging and important problem is: how can we protect the Virtual Machines (VMs) from being attacked by Virtual Machine Monitors (VMMs) and/or by the cloud vendors when they are not trusted? In this paper, we propose an architectural solution to the above problem in multi-processor cloud environments. Our key idea is to exploit hardware mechanisms to enforce access control over the shared resources (e.g., memory spaces), while protecting VM memory integrity as well as inter-processor communications and data sharing. We evaluate the solution using full-system emulation and cycle-based architecture models. Experiments based on 20 benchmark applications show that the performance overhead is 1.5%- 10% when access control is enforced, and 9%-19% when VM memory is encrypted.

AB - Virtualization is fundamental to cloud computing because it allows multiple operating systems to run simultaneously on a physical machine. However, it also brings a range of security/ privacy problems. One particularly challenging and important problem is: how can we protect the Virtual Machines (VMs) from being attacked by Virtual Machine Monitors (VMMs) and/or by the cloud vendors when they are not trusted? In this paper, we propose an architectural solution to the above problem in multi-processor cloud environments. Our key idea is to exploit hardware mechanisms to enforce access control over the shared resources (e.g., memory spaces), while protecting VM memory integrity as well as inter-processor communications and data sharing. We evaluate the solution using full-system emulation and cycle-based architecture models. Experiments based on 20 benchmark applications show that the performance overhead is 1.5%- 10% when access control is enforced, and 9%-19% when VM memory is encrypted.

KW - Cloud

KW - Multi-processor architectural support

KW - VM privacy

UR - http://www.scopus.com/inward/record.url?scp=84879547290&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84879547290&partnerID=8YFLogxK

U2 - 10.1145/2482767.2482799

DO - 10.1145/2482767.2482799

M3 - Conference contribution

AN - SCOPUS:84879547290

SN - 9781450320535

BT - Proceedings of the ACM International Conference on Computing Frontiers, CF 2013

ER -