DocumentCode
2275793
Title
Isolate secure executing environment for a safe cloud
Author
Dai, Yuehua ; Wang, Xiaoguang ; Shi, Yi ; Ren, Jianbao ; Qi, Yong
Author_Institution
Dept. of Comput. Sci., Xi´´an Jiaotong Univ., Xi´´an, China
fYear
2012
fDate
15-17 Aug. 2012
Firstpage
79
Lastpage
84
Abstract
The use of virtualization in cloud computing is becoming more and more popular. Cloud service providers leverage virtualization technology to multiplex hardware resource, consolidate servers, and provide a rounded executing environment to remote cloud users. However, the current executing environment the cloud provides is not trustable. For a user´s computing environment faces threats from other malicious cloud users who aim at attacking the whole underlying virtualization software (virtual machine monitor, VMM, or hypervisor). In this paper, we make an analysis of the potential threat to a commodity hyper-visor, and propose architecture for safe executing environment on hardware-sharing platform. The main ideas of our architecture are: removal of interaction between hypervisor and executing environment; attestation of the initial environment state to remote user. To prove the effectiveness of our architecture, we build a prototype system which can create multiple secure isolated executing environment on current multi-core x86 hardware. The final evaluation shows that with current commodity virtualization techniques, we can provide a safe executing environment for remote cloud users with no performance overhead.
Keywords
cloud computing; safety; software architecture; trusted computing; virtual machines; virtualisation; VMM; architecture; cloud computing safety; cloud service provider; commodity hypervisor; commodity virtualization technique; hardware resource multiplexing; hardware-sharing platform; interaction removal; isolate secure executing environment; malicious cloud user; multicore x86 hardware; rounded executing environment; server consolidation; virtual machine monitor; virtualization software; virtualization technology; Computer architecture; Hardware; Kernel; Security; Servers; Virtual machine monitors;
fLanguage
English
Publisher
ieee
Conference_Titel
Communications in China (ICCC), 2012 1st IEEE International Conference on
Conference_Location
Beijing
Print_ISBN
978-1-4673-2814-2
Electronic_ISBN
978-1-4673-2813-5
Type
conf
DOI
10.1109/ICCChina.2012.6356995
Filename
6356995
Link To Document