TY - GEN
T1 - Architectural support of multiple hypervisors over single platform for enhancing cloud computing security
AU - Shi, Weidong
AU - Lee, Jong Hyuk
AU - Suh, Taeweon
AU - Woo, Dong Hyuk
AU - Zhang, Xinwen
PY - 2012
Y1 - 2012
N2 - This paper presents MultiHype, a novel architecture that supports multiple hypervisors (or virtual machine monitors) on a single physical platform by leveraging many-core based cloud-on-chip architecture. A MultiHype platform consists of a control plane and multiple hypervisors created on-demand, each can further create multiple guest virtual machines. Supported at architectural level, a single platform using MultiHype can behave as a distributed system with each hypervisor and its virtual machines running independently and concurrently. As a direct consequence, vulnerabilities of one hypervisor or its guest virtual machine can be confined within its own domain, which makes the platform more resilient to malicious attacks and failures in a cloud environment. Towards defending against resource exhaustion attacks, MultiHype further implements a new cache eviction policy and memory management scheme for preventing resource monopolization on shared cache, and defending against denial of resource exploits on physical memory resource launched from malicious virtual machines on shared platform. We use Bochs emulator and cycle based x86 simulation to evaluate the effectiveness and performance of MultiHype.
AB - This paper presents MultiHype, a novel architecture that supports multiple hypervisors (or virtual machine monitors) on a single physical platform by leveraging many-core based cloud-on-chip architecture. A MultiHype platform consists of a control plane and multiple hypervisors created on-demand, each can further create multiple guest virtual machines. Supported at architectural level, a single platform using MultiHype can behave as a distributed system with each hypervisor and its virtual machines running independently and concurrently. As a direct consequence, vulnerabilities of one hypervisor or its guest virtual machine can be confined within its own domain, which makes the platform more resilient to malicious attacks and failures in a cloud environment. Towards defending against resource exhaustion attacks, MultiHype further implements a new cache eviction policy and memory management scheme for preventing resource monopolization on shared cache, and defending against denial of resource exploits on physical memory resource launched from malicious virtual machines on shared platform. We use Bochs emulator and cycle based x86 simulation to evaluate the effectiveness and performance of MultiHype.
KW - architecture
KW - scalability
KW - security
KW - virtualization
UR - http://www.scopus.com/inward/record.url?scp=84862660324&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84862660324&partnerID=8YFLogxK
U2 - 10.1145/2212908.2212920
DO - 10.1145/2212908.2212920
M3 - Conference contribution
AN - SCOPUS:84862660324
SN - 9781450312158
T3 - CF '12 - Proceedings of the ACM Computing Frontiers Conference
SP - 75
EP - 84
BT - CF '12 - Proceedings of the ACM Computing Frontiers Conference
T2 - ACM Computing Frontiers Conference, CF '12
Y2 - 15 May 2012 through 17 May 2012
ER -