research-article

NoHype: virtualized cloud infrastructure without the virtualization

Authors:

Jennifer Rexford,

Ruby B. LeeAuthors Info & Claims

ISCA '10: Proceedings of the 37th annual international symposium on Computer architecture

Pages 350 - 361

https://doi.org/10.1145/1815961.1816010

Published: 19 June 2010 Publication History

Abstract

Cloud computing is a disruptive trend that is changing the way we use computers. The key underlying technology in cloud infrastructures is virtualization -- so much so that many consider virtualization to be one of the key features rather than simply an implementation detail. Unfortunately, the use of virtualization is the source of a significant security concern. Because multiple virtual machines run on the same server and since the virtualization layer plays a considerable role in the operation of a virtual machine, a malicious party has the opportunity to attack the virtualization layer. A successful attack would give the malicious party control over the all-powerful virtualization layer, potentially compromising the confidentiality and integrity of the software and data of any virtual machine. In this paper we propose removing the virtualization layer, while retaining the key features enabled by virtualization. Our NoHype architecture, named to indicate the removal of the hypervisor, addresses each of the key roles of the virtualization layer: arbitrating access to CPU, memory, and I/O devices, acting as a network device (e.g., Ethernet switch), and managing the starting and stopping of guest virtual machines. Additionally, we show that our NoHype architecture may indeed be "no hype" since nearly all of the needed features to realize the NoHype architecture are currently available as hardware extensions to processors and I/O devices.

References

[1]

K. Kortchinsky, "Hacking 3D (and Breaking out of VMWare)," BlackHat USA, 2009.

[2]

Anonymous, "Xbox 360 hypervisor privilege escalation vulnerability," 2007. http://www.h-online.com/security/news/item/Xbox-360-hack-was-the-real-deal-732391.html.

[3]

"CVE-2007-4993: Xen guest root can escape to domain 0 through pygrub," 2007. http://cve.mitre.org/cgibin/cvename.cgi?name=CVE-2007-4993.

[4]

"CVE-2007-5497: Vulnerability in XenServer could result in privilege escalation and arbitrary code executionr," 2007. http://support.citrix.com/article/CTX118766.

[5]

R. Wojtczuk, "Subverting the Xen hypervisor," BlackHat USA, 2008.

[6]

"CVE-2008-2100: VMware Buffer Overflows in VIX API Let Local Users Execute Arbitrary Code in Host OS." http://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2008-2100.

[7]

T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, "Hey, you, get off of my cloud! Exploring information leakage in third-party compute clouds," in Computer and Communications Security(CCS), 2009.

Digital Library

[8]

F. Gens, "IT Cloud Services User Survey, pt.2: Top Benefits & Challenges," Oct. 2008. http://blogs.idc.com/ie/?p=210.

[9]

A. Greenberg, J. Hamilton, D. A. Maltz, and P. Patel, "The cost of a cloud: Research problems in data center networks," SIGCOMM Comput. Commun. Rev., vol. 39, no. 1, pp. 68--73, 2009.

Digital Library

[10]

D. Champagne and R. B. Lee, "Scalable architectural support for trusted software," in IEEE International Symposium on High-Performance Computer Architecture (HPCA), pp. 31--42, January 2010.

[11]

C. A. Waldspurger, "Memory resource management in VMware ESX server," in 5th Symposium on Operating Systems Design and Implementation (OSDI), 2002.

Digital Library

[12]

D. G. Murray, G. Milos, and S. Hand, "Improving Xen security through disaggregation," in VEE '08: Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments, 2008.

Digital Library

[13]

"Cisco Nexus 1000V Series Switches," 2009. http://www.cisco.com/en/US/products/ps9902/index.html.

[14]

Z. Wang and R. B. Lee, "New cache designs for thwarting software cache-based side channel attacks," in 34th International Symposium on Computer Architecture (ISCA), pp. 494--505, 2007.

Digital Library

[15]

Z. Wang and R. B. Lee, "A novel cache architecture with enhanced performance and security," in Proceedings of the 41st. Annual IEEE/ACM International Symposium on Microarchitecture (Micro-41), pp. 88--93, December 2008.

Digital Library

[16]

"Intel Previews Intel Xeon Nehalem-EX Processor," 2009. http://www.intel.com/pressroom/archive/releases/20090526comp.htm.

[17]

A. Shah, "AMD plans 16-core server chip: The Interlagos chip will be released in 2011," Infoworld, April 2009.

[18]

"Dell PowerEdge R905 server product details," 2009. http://www.dell.com/us/en/enterprise/servers/pedge_r905/pd.aspx?refid=pedge_r905.

[19]

C. Clark, K. Fraser, S. Hand, J. G. Hansen, E. Jul, C. Limpach, I. Pratt, and A. Warfield, "Live migration of virtual machines," in 2nd Symposium on Networked Systems Design and Implementation (NSDI), 2005.

Digital Library

[20]

M. A. Kozuch, M. Kaminsky, and M. P. Ryan, "Migration without virtualization," in 12th Workshop on Hot Topics in Operating Systems (HotOS), 2009.

Digital Library

[21]

O. Mutlu and T. Moscibroda, "Stall-time fair memory access scheduling for chip multiprocessors," in MICRO 2007, 2007.

Digital Library

[22]

D. J. Bernstein, "Cache-timing attacks on AES," in University of Illinois at Chicago Tech Report, 2005. http://cr.yp.to/antiforgery/ cachetiming-20050414.pdf.

[23]

"PCI Local Bus Specification, 3.0 edition," 2004.

[24]

"Intel 82599 10 gigabit ethernet controller," 2009. http://download.intel.com/design/network/prodbrf/321731.pdf.

[25]

"LSI to Demonstrate Industry's First Single-Root I/O Virtualization Solution at Intel Developer Forum," 2009. http://www.lsi.com/news/product_news/2009/2009_09_22.html.

[26]

"Cisco VN-Link: Virtualization-Aware Networking," 2010. http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns224/ns892/ns894/white_paper_c11-525307_ps9902_Products_White_Paper.html.

[27]

"Edge Virtual Bridging with VEB and VEPA," May 2009. http://www.ieee802.org/1/files/public/docs2009/new-hudson-vepa_seminar-20090514d.pdf.

[28]

"Net/bridge: add basic VEPA support," June 2009. http://lwn.net/Articles/337547/.

[29]

N. Santos, K. P. Gummadi, and R. Rodrigues, "Towards trusted cloud computing," in Workshop On Hot Topics in Cloud Computing (HotCloud), 2009.

Digital Library

[30]

IBM, "sHype - Secure Hypervisor." http://www.research.ibm.com/secure_systems_ department/projects/hypervisor/.

[31]

T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh, "Terra: A virtual machine-based platform for trusted computing," SIGOPS Oper. Syst. Rev., vol. 37, no. 5, pp. 193--206, 2003.

Digital Library

[32]

J. M. McCune, B. Parno, A. Perrig, M. K. Reiter, and H. Isozaki, "Flicker: An Execution Infrastructure for TCB Minimization," in ACM European Conference in Computer Systems (EuroSys), 2008.

Digital Library

[33]

G. E. Suh, C. W. O'Donnell, I. Sachdev, and S. Devadas, "Design and implementation of the AEGIS single-chip secure processor using physical random functions," in Proc. ISCA, June 2005.

Digital Library

[34]

R. B. Lee, P. C. S. Kwan, J. P. McGregor, J. Dwoskin, and Z. Wang, "Architecture for protecting critical secrets in microprocessors," in Proc. ISCA, June 2005.

Digital Library

[35]

D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz, "Architectural support for copy and tamper resistant software," in Proc. ASPLOS, November 2000.

Digital Library

[36]

J. Dwoskin and R. B. Lee, "Hardware-rooted trust for secure key management and transient trust," in ACM Conference on Computer and Communications Security (CCS), October 2007.

Digital Library

Cited By

Salih BJasim Mohammad O(2024)Cloud Data Leakage, Security, Privacy Issues and Challenges: ReviewProcedia Computer Science10.1016/j.procs.2024.08.113242(592-601)Online publication date: 2024
https://doi.org/10.1016/j.procs.2024.08.113
Crocetti LNannipieri PDi Matteo SSaponara S(2023)Design Methodology and Metrics for Robust and Highly Qualified Security Modules in Trusted EnvironmentsElectronics10.3390/electronics1223484312:23(4843)Online publication date: 30-Nov-2023
https://doi.org/10.3390/electronics12234843
Hertogh MWiesinger MÖsterlund SMuench MAmit NBos HGiuffrida C(2023)Quarantine: Mitigating Transient Execution Attacks with Physical Domain IsolationProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607248(207-221)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607248
Show More Cited By

Index Terms

NoHype: virtualized cloud infrastructure without the virtualization
1. Computer systems organization
  1. Architectures
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
  2. Systems security
    1. Operating systems security

Recommendations

Architectural support for hypervisor-secure virtualization
ASPLOS '12

Virtualization has become a standard part of many computer systems. A key part of virtualization is the all-powerful hypervisor which manages the physical platform and can access all of its resources, including memory assigned to the guest virtual ...
NoHype: virtualized cloud infrastructure without the virtualization
ISCA '10

Cloud computing is a disruptive trend that is changing the way we use computers. The key underlying technology in cloud infrastructures is virtualization -- so much so that many consider virtualization to be one of the key features rather than simply an ...
Architectural support for hypervisor-secure virtualization
ASPLOS '12

Virtualization has become a standard part of many computer systems. A key part of virtualization is the all-powerful hypervisor which manages the physical platform and can access all of its resources, including memory assigned to the guest virtual ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ISCA '10: Proceedings of the 37th annual international symposium on Computer architecture

June 2010

520 pages

ISBN:9781450300537

DOI:10.1145/1815961

General Chair:
André Seznec
INRIA Rennes
,
Program Chairs:
Uri Weiser
Technion
,
Ronny Ronen
Intel

ACM SIGARCH Computer Architecture News Volume 38, Issue 3
ISCA '10
June 2010
508 pages
ISSN:0163-5964
DOI:10.1145/1816038
Issue’s Table of Contents

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGARCH: ACM Special Interest Group on Computer Architecture

In-Cooperation

IEEE CS

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 June 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ISCA '10

Sponsor:

SIGARCH

ISCA '10: The 37th Annual International Symposium on Computer Architecture

June 19 - 23, 2010

Saint-Malo, France

Acceptance Rates

Overall Acceptance Rate 543 of 3,203 submissions, 17%

Upcoming Conference

ISCA '25

Sponsor:
sigarch

The 52nd Annual International Symposium on Computer Architecture

June 21 - 25, 2025

Tokyo , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

211
Total Citations
View Citations
2,611
Total Downloads

Downloads (Last 12 months)63
Downloads (Last 6 weeks)7

Reflects downloads up to 12 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Salih BJasim Mohammad O(2024)Cloud Data Leakage, Security, Privacy Issues and Challenges: ReviewProcedia Computer Science10.1016/j.procs.2024.08.113242(592-601)Online publication date: 2024
https://doi.org/10.1016/j.procs.2024.08.113
Crocetti LNannipieri PDi Matteo SSaponara S(2023)Design Methodology and Metrics for Robust and Highly Qualified Security Modules in Trusted EnvironmentsElectronics10.3390/electronics1223484312:23(4843)Online publication date: 30-Nov-2023
https://doi.org/10.3390/electronics12234843
Hertogh MWiesinger MÖsterlund SMuench MAmit NBos HGiuffrida C(2023)Quarantine: Mitigating Transient Execution Attacks with Physical Domain IsolationProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607248(207-221)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607248
Castes CGhosn AKalani NQian YKogias MPayer MBugnion EBaumann ACrooks NSchwarzkopf M(2023)Creating Trust by Abolishing HierarchiesProceedings of the 19th Workshop on Hot Topics in Operating Systems10.1145/3593856.3595900(231-238)Online publication date: 22-Jun-2023
https://dl.acm.org/doi/10.1145/3593856.3595900
Chen ZWang TXue JShao Z(2023)MSA: A Novel App Development Framework for Transparent Multiscreen Support on Android AppsIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2023.324388242:10(3171-3184)Online publication date: Oct-2023
https://doi.org/10.1109/TCAD.2023.3243882
Li CGuo RTian XWang H(2022)KHV: KVM-Based Heterogeneous VirtualizationElectronics10.3390/electronics1116263111:16(2631)Online publication date: 22-Aug-2022
https://doi.org/10.3390/electronics11162631
Sun LWang SWu HGong YXu FLiu YHan HZhong S(2022)LEAP: TrustZone Based Developer-Friendly TEE for Intelligent Mobile AppsIEEE Transactions on Mobile Computing10.1109/TMC.2022.3207745(1-18)Online publication date: 2022
https://doi.org/10.1109/TMC.2022.3207745
Gu JMa YZheng BWeng C(2022)Outlier: Enabling Effective Measurement of Hypervisor Code Integrity With Group DetectionIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.310490019:6(3686-3698)Online publication date: 1-Nov-2022
https://doi.org/10.1109/TDSC.2021.3104900
Gunturu VPadma Priya VAbishek B EShetty SBuddhi DShukla S(2022)Role of Cloud Management in Mitigating Vulnerabilities in Wireless Data Exchange Provider2022 11th International Conference on System Modeling & Advancement in Research Trends (SMART)10.1109/SMART55829.2022.10047349(460-465)Online publication date: 16-Dec-2022
https://doi.org/10.1109/SMART55829.2022.10047349
Zhou QJia XZhang SJiang NChen JZhang W(2022)SecFortress: Securing Hypervisor using Cross-layer Isolation2022 IEEE International Parallel and Distributed Processing Symposium (IPDPS)10.1109/IPDPS53621.2022.00029(212-222)Online publication date: May-2022
https://doi.org/10.1109/IPDPS53621.2022.00029
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents