NoHype Virtualized Cloud Infrastructure Without Virtualization Paper Summary
Explore a groundbreaking paper presenting a new approach to cloud infrastructure, focusing on security threats, virtualization layers, and the NoHype architecture. Learn about the challenges of securing virtual machines and the proposed CPU architecture for enhanced security in cloud environments.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
NoHype : Virtualized Cloud Infrastructure without the Virtualization Paper by : Eric Keller, Jakub Szefer, Jennifer Rexford, Ruby B.Lee Presented by : Razie Roostaei 1
NoHype : Virtualized Cloud Infrastructure without the Virtualization : Sections 1. Introduction 2. Security Threats 3. Virtualization Layer s Role 4. NoHype Architecture 5. Security Benefit 6. Hardware Support 7. Related Work 8. Conclusion 2
Introduction : Basic Cloud Functionality 3
Security Threats In the new implementation the Vms should not be able to : Inspect each other s data or software Affect the availability of each other 4
How the attacks can be done? To exploit one of these vulnerabilities, an attacker needs: to gain access to a guest OS run software that can attack the hypervisor or root context since the guest OS interacts with both for many functions, there is a large attack surface. Getting access to a guest OS is simple as the malicious party can lease a VM directly from the cloud provider. Further, if the attacker is targeting a specific party, it can check whether its VM is located on the same physical server as the targeted victim s VM using network-based co-residence checks such as matching Dom0 IP and numerically close IP addresses 5
Virtualization Layers Role Generic Virtualization of one server 6
Virtualization Layers Role Scheduling Virtual Machines Memory Management Emulating I/O devices Network Packet processing Starting/Stopping/Migrating VMs 7
NoHype Architecture Proposed Architecture of NoHype 8
NoHype Architecture CPU : One VM per core Each core can run only one VM No over-subscribing is possible Already 8-core devices are available Over-subscribing is possible along with the proposed architecture, but will reduce security 9
NoHype Architecture Memory : Hardware Support for partitioning Each OS has a dedicated and guaranteed fraction of memory Memory access is not possible in restricted range This is done by Multi-core Memory Controller MMC can provide fairness to each core, as one core is assigned to each VM 10
NoHype Architecture Devices : per VM virtualized devices and rate- limited I/O The device itself realizes multiple view of single device Guest OS handles its own interrupts rate-limited access to each I/O bus is achieved via a flow-control mechanism I/O devices controls the rate of transmission 11
NoHype Architecture Networking : is done in the network Ethernet switches in the data center performs the switching and security functions No software is needed to switch the packets in the system Vms have direct access to the network interfaces It simplifies the management as it removes extra type of switch It frees up the processor from extra work It allows to use all the functions of Ethernet switch 12
NoHype Architecture Starting/Stopping/Migrating Virtual Machines : System Manager Management code is active before a VM is started and after it is stopped It first starts in hyper-privileged mode It is responsible for accepting commands from the cloud manager software and issue commands to the individual cores Commands are issued via Inter Processor Interrupts (IPI) 13
NoHype Architecture Proposed Architecture of NoHype 14
NoHype Architecture Live Migration of VM : Memory management unit track which pages have been modified. System manager uses an IPI to get the difference in the pages. The changes are sent to the target server The target core manager make same updates After the last difference, the VM on the source server shuts down and the VM on target server starts execution by migrate IPI. 18
NoHype Architecture Proposed Architecture of NoHype 19
Security Benefits of NoHype Availability attacks are possible by : altering the hypervisor s scheduling of VMs interrupting a core running a VM, or performing extraordinary amounts of memory or I/O reads/writes to gain a disproportionate share of the bus and therefore affect the performance of another VM 20
Security Benefits of NoHype Availability attacks are prevented by: By dedicating a single core to a VM Hardware masking is used for interrupt Rate-limit access to the I/O devices 21
Security Benefits of NoHype Confidentiality / integrity of data and software is preserved by : No cores are shared No Hypervisor runs during the entire lifetime of the Virtual Machine No possible way to access the registers 22
Security Benefits of NoHype Side channels occur whenever resources are shared among multiple pieces of software Side channels are prevented by : No resource is shared among multiple piece of software. Every resource is accessed directly/through hardware support or under supervision. 23
Conclusion With NoHype architecture, virtualization gets more secured, With the cost of single core per VM. Networking gets faster. Accessing resources are easier. Flexibility of scalable resources gets lost. Each VM gets more privacy. Over-subscription is not possible. 24
The End 25
