A cloud architecture for protecting guest's information from malicious operators with memory management
Authors: 
Koki Murakami, Tsuyoshi Yamada, Rie Shigetomi Yamaguchi, Masahiro Goshima, Shuichi SakaiAuthors Info & Claims
Pages 155 - 158
Abstract
We introduce a novel cloud computing architecture that ensures privacy for guest's information and computation. In conventional cloud architecture, a security policy proposed by a provider only ensured the protection of guest's information. This enabled malicious operators to steal or modify guest's information. Our architecture protects guest's information with novel memory management function of hypervisor from malicious operators. Cloud computing generally relies on virtualization, and VMM or hypervisor maintains page table for interfering VM's memory accesses, which is called shadow page table. Our hypervisor regulates memory accesses by management VM by adding a authority bit to shadow page table entry. Our architecture also prohibits a theft of guest's information when it is stored in storage by encrypting data when they leave memory.
References
[1]
A. M. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. C. Skalsky. Hypersentry: enabling stealthy in-context measurement of hypervisor integrity. In Proceedings of the 17th ACM conference on Computer and communications security, CCS '10, pages 38--49, New York, NY, USA, 2010. ACM.
[2]
P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. In Proceedings of the nineteenth ACM symposium on Operating systems principles, SOSP '03, pages 164--177, New York, NY, USA, 2003. ACM.
[3]
L. Gu, A. Vaynberg, B. Ford, Z. Shao, and D. Costanzo. Certikos: a certified kernel for secure cloud computing. In Proceedings of the Second Asia-Pacific Workshop on Systems, APSys '11, pages 3:1--3:5, New York, NY, USA, 2011. ACM.
[4]
Intel. What's holding back the cloud? http://www.intel.com/content/dam/www/public/us/en/documents/reports/whats-holding-back-the-cloud-peer-research-report2.pdf.
[5]
E. Keller, J. Szefer, J. Rexford, and R. B. Lee. Nohype: virtualized cloud infrastructure without the virtualization. In Proceedings of the 37th annual international symposium on Computer architecture, ISCA '10, pages 350--361, New York, NY, USA, 2010. ACM.
[6]
P. Mell and T. Grance. The NIST definition of cloud computing (draft). NIST special publication, 800(145):7, 2011.
[7]
R. Sailer, T. Jaeger, E. Valdez, R. Caceres, R. Perez, S. Berger, J. L. Griffin, and L. van Doorn. Building a MAC-based security architecture for the Xen open-source hypervisor. In Proceedings of the 2005 Annual Computer Security Applications Conference, ACS '05, pages 276--285, 2005.
[8]
Z. Wang and X. Jiang. Hypersafe: A lightweight approach to provide lifetime hypervisor control-flow integrity. In Security and Privacy (SP), 2010 IEEE Symposium on, SP, '10, pages 380--395, 2010.
Index Terms
- A cloud architecture for protecting guest's information from malicious operators with memory management
Recommendations
Adaptive Virtual Machine Management in the Cloud: A Performance-Counter-Driven Approach
The success of cloud computing technologies heavily depends on both the underlying hardware and system software support for virtualization. In this study, we propose to elevate the capability of the hypervisor to monitor and manage co-running virtual ...
Transparently bridging semantic gap in CPU management for virtualized environments
Consolidated environments are progressively accommodating diverse and unpredictable workloads in conjunction with virtual desktop infrastructure and cloud computing. Unpredictable workloads, however, aggravate the semantic gap between the virtual ...
Cloud in cloud: approaches and implementations
SIGITE '10: Proceedings of the 2010 ACM conference on Information technology educationFacilitated by the development of virtual machine (VM) technology, distributed computing and high-speed internet, cloud computing has been gradually adopted in industry and in education to deliver on-demand services and applications remotely. In this ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
March 2014
368 pages
ISBN:9781450322782
DOI:10.1145/2557547
- General Chairs:
- Elisa Bertino,
- Ravi Sandhu,
- Program Chair:
- Jaehong Park
Copyright © 2014 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 03 March 2014
Check for updates
Author Tags
Qualifiers
- Poster
Conference
CODASPY'14
Sponsor:
CODASPY'14: Fourth ACM Conference on Data and Application Security and Privacy
March 3 - 5, 2014
Texas, San Antonio, USA
Acceptance Rates
CODASPY '14 Paper Acceptance Rate 19 of 119 submissions, 16%;
Overall Acceptance Rate 149 of 789 submissions, 19%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 254Total Downloads
- Downloads (Last 12 months)4
- Downloads (Last 6 weeks)1
Reflects downloads up to 16 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in