research-article

Self-service cloud computing

Authors:

H. Andrés Lagar-Cavilla,

Abhinav Srivastava,

Vinod GanapathyAuthors Info & Claims

CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

Pages 253 - 264

https://doi.org/10.1145/2382196.2382226

Published: 16 October 2012 Publication History

Abstract

Modern cloud computing infrastructures use virtual machine monitors (VMMs) that often include a large and complex administrative domain with privileges to inspect client VM state. Attacks against or misuse of the administrative domain can compromise client security and privacy. Moreover, these VMMs provide clients inflexible control over their own VMs, as a result of which clients have to rely on the cloud provider to deploy useful services, such as VM introspection-based security tools.

We introduce a new self-service cloud (SSC) computing model that addresses these two shortcomings. SSC splits administrative privileges between a system-wide domain and per-client administrative domains. Each client can manage and perform privileged system tasks on its own VMs, thereby providing flexibility. The system-wide administrative domain cannot inspect the code, data or computation of client VMs, thereby ensuring security and privacy. SSC also allows providers and clients to establish mutually trusted services that can check regulatory compliance while respecting client privacy. We have implemented SSC by modifying the Xen hypervisor. We demonstrate its utility by building user domains to perform privileged tasks such as memory introspection, storage intrusion detection, and anomaly detection.

References

[1]

byte-unixbench: A Unix benchmark suite. http://code.google.com/p/byte-unixbench.

[2]

A. Baliga, V. Ganapathy, and L. Iftode. Detecting kernel-level rootkits using data structure invariants. IEEE TDSC, 8(5), 2011.

Digital Library

[3]

P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the Art of Virtualization. In ACM SOSP, 2003.

Digital Library

[4]

M. Ben-Yahuda, M. D. Day, Z. Dubitsky, M. Factor, N. Har'El, A. Gordon, A. Liguori, O. Wasserman, and B. Yassour. The Turtles project: Design and implementation of nested virtualization. In USENIX/ACM OSDI, 2010.

Digital Library

[5]

S. Berger, R. Caceres, K. Goldman, R. Perez, R. Sailer, and L. van Door. vTPM: Virtualizing the Trusted Platform Module. In USENIX Security, 2006.

Digital Library

[6]

P. M. Chen and B. Noble. When virtual is better than real. In HotOS, 2001.

Digital Library

[7]

M. Christodorescu, R. Sailer, D. Schales, D. Sgandurra, and D. Zamboni. Cloud Security Is Not (Just) Virtualization Security. In ACM Cloud Computing Security Workshop, 2009.

Digital Library

[8]

C. Clark, K. Fraser, S. Hand, J. G. Hansen, E. Jul, C. Limpach, I. Pratt, and A. Warfield. Live Migration of Virtual Machines. In USENIX NSDI, 2005.

Digital Library

[9]

P. Colp, M. Nanavati, J. Zhu, W. Aiello, G. Coker, T. Deegan, P. Loscocco, and A. Warfield. Breaking Up is Hard to Do: Security and Functionality in a Commodity Hypervisor . In ACM SOSP, 2011.

Digital Library

[10]

CVE-2007-4993. Xen guest root escapes to dom0 via pygrub.

[11]

CVE-2007-5497. Integer overflows in libext2fs in e2fsprogs.

[12]

CVE-2008-0923. Directory traversal vulnerability in the shared folders feature for VMWare.

[13]

CVE-2008-1943. Buffer overflow in the backend of XenSource Xen paravirtualized frame buffer.

[14]

CVE-2008-2100. VMWare buffer overflows in VIX API let local users execute arbitrary code in host OS.

[15]

B. Danev, R. Masti, G. Karame, and S. Capkun. Enabling secure VM-vTPM migration in private clouds. In ACSAC, 2011.

Digital Library

[16]

G. Dunlap, S. T. King, S. Cinar, M. Basrai, and P. Chen. ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay. In USENIX/ACM OSDI, 2002.

Digital Library

[17]

T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: A virtual machine-based platform for trusted computing. In ACM SOSP, 2003.

Digital Library

[18]

T. Garfinkel and M. Rosenblum. A virtual machine introspection based architecture for intrusion detection. In NDSS, 2003.

[19]

Gartner. Assesing the Security Risks of Cloud Computing. http://www.gartner.com/DisplayDocument?id=685308.

[20]

J. T. Giffin. Model Based Intrusion Detection System Design and Evaluation. PhD thesis, University of Wisconsin-Madison, 2006.

Digital Library

[21]

Trusted Computing Group. TPM main spec., l2 v1.2 r116. http://www.trustedcomputinggroup.org/resources/tpm_main_specification.

[22]

S. Hand, A. Warfield, K. Fraser, E. Kotsovinos, and D. Magenheimer. Are VMMs Microkernels Done Right? In HotOS, 2005.

[23]

K. Kortchinsky. Hacking 3D (and breaking out of VMWare). In BlackHat USA, 2009.

[24]

B. Kauer. OSLO: Improving the Security of Trusted Computing. In USENIX Security, 2007.

Digital Library

[25]

B. Kauer, P. Verissimo, and A. Bessani. Recursive virtual machines for advanced security mechanisms. In 1st International Workshop on Dependability of Clouds, Data Centers and Virtual Computing Environments, 2011.

Digital Library

[26]

E. Keller, J. Szefer, J. Rexford, and R. Lee. Eliminating the hypervisor attack surface for a more secure cloud. In ACM CCS, 2011.

Digital Library

[27]

G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: Formal Verification of an OS Kernel. In ACM SOSP, 2009.

Digital Library

[28]

J. LeVasseur, V. Uhlig, J. Stoess, and S. Gotz. Unmodified Device Driver Reuse and Improved System Dependability via Virtual Machines. In ACM/USENIX OSDI, 2004.

Digital Library

[29]

L. Litty, H. A. Lagar-Cavilla, and D. Lie. Hypervisor Support for Identifying Covertly Executing Binaries. In USENIX Security, 2008.

Digital Library

[30]

L. Litty, H. A. Lagar-Cavilla, and D. Lie. Computer Meteorology: Monitoring Compute Clouds. In HotOS, 2009.

Digital Library

[31]

J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig. TrustVisor: Efficient TCB reduction and attestation. In IEEE Symposium on Security & Privacy, 2010.

Digital Library

[32]

Microsoft. Hyper-V Architecture. http://msdn.microsoft.com/en-us/library/cc768520(BTS.10).aspx.

[33]

D. Murray, G. Milos, and S. Hand. Improving Xen Security Through Disaggregation. In ACM VEE, 2008.

Digital Library

[34]

A. Nagarajan, V. Varadarajan, M. Hitchens, and E. Gallery. Property-based attestion and trusted computing: Analysis and challenges. In Intl. Conf. on Network and System Security, 2009.

Digital Library

[35]

B. Payne, M. Carbone, and W. Lee. Secure and Flexible Monitoring of Virtual Machines. In ACSAC, 2007.

[36]

B. Payne, M. Carbone, M. Sharif, and W. Lee. Lares: An architecture for secure active monitoring using virtualization. In IEEE Symposium on Security & Privacy, 2008.

Digital Library

[37]

A-R. Sadeghi, C. Stuble, and M. Winandy. Property-based TPM virtualization. In Information Security Conference, 2008.

Digital Library

[38]

R. Sailer, T. Jaeger, E. Valdez, R. Caceres, R. Perez, S. Berger, J. Griffin, and L. van Doorn. Building a MAC-based Security Architecture for the Xen Hypervisor. In ACSAC, 2005.

Digital Library

[39]

R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement architecture. In USENIX Security, 2004.

Digital Library

[40]

N. Santos, R. Rodrigues, K. Gummadi, and S. Saroiu. Policy-sealed data: A new abstraction for building trusted cloud services. In USENIX Security, 2012.

Digital Library

[41]

J. Schiffman, T. Moyer, H. Vijayakumar, T. Jaeger, and P. McDaniel. Seeding clouds with trust anchors. In ACM Cloud Computing Security Workshop, 2010.

Digital Library

[42]

J. Schiffman, H. Vijayakumar, and T. Jaeger. Verifying system integrity by proxy. In TRUST, 2012.

Digital Library

[43]

A. Seshadri, M. Luk, N. Qu, and A. Perrig. SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. In ACM SOSP, 2007.

Digital Library

[44]

E. Gun Sirer, W. de Bruijn, P. Reynolds, A. Shieh, K. Walsh, D. Walsh, and F. B Schneider. Logical Attestation: An authorization architecture for trustworthy computing. In ACM SOSP, 2011.

Digital Library

[45]

A. Srivastava and J. Giffin. Tamper-resistant, application-aware blocking of malicious network connections. In RAID, 2008.

Digital Library

[46]

A. Srivastava, H. Raj, J. Giffin, and P. England. Trusted VM snapshots in untrusted cloud infrastructures. In RAID, 2012.

Digital Library

[47]

U. Steinberg and B. Kauer. NOVA: A Microhypervisor-Based Secure Virtualization Architecture. In ACM Eurosys, 2010.

Digital Library

[48]

C. A. Waldspurger. Memory Resource Management in VMWare ESX Server. In USENIX/ACM OSDI, 2002.

Digital Library

[49]

Z. Wang and X. Jang. Hypersafe: A lightweight approach to provide lifetime hypervisor control-flow integrity. In IEEE Symposium on Security & Privacy, 2010.

Digital Library

[50]

D. Williams, E. Elnikety, M. Eldehiry, H. Jamjoom, H. Huang, and H. Weatherspoon. Unshackle the Cloud! In HotCloud, 2011.

Digital Library

[51]

D. Williams, H. Jamjoom, and H. Weatherspoon. The Xen-Blanket: Virtualize Once, Run Everywhere. In ACM EuroSys, 2012.

Digital Library

[52]

F. Zhang, J. Chen, H. Chen, and B. Zang. CloudVisor: Retrofitting Protection of Virtual Machines in Multi-tenant Cloud with Nested Virtualization. In ACM SOSP, 2011.

Digital Library

Cited By

Unoki TKourai K(2023)VM Migration Support for Secure Out-of-Band VNC with Shadow Devices2023 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)10.1109/DASC/PiCom/CBDCom/Cy59711.2023.10361346(0298-0305)Online publication date: 14-Nov-2023
https://doi.org/10.1109/DASC/PiCom/CBDCom/Cy59711.2023.10361346
Tiwari AGarg R(2022)A Optimized Taxonomy on Spot Sale Services Using Mathematical MethodologyInternational Journal of Security and Privacy in Pervasive Computing10.4018/IJSPPC.31304814:1(1-21)Online publication date: 1-Jan-2022
https://doi.org/10.4018/IJSPPC.313048
Gu JHua ZLi MChen H(2022)Innovations and applications of operating system security with a hardware-software co-designChinese Science Bulletin10.1360/TB-2022-055767:32(3862-3871)Online publication date: 30-Jun-2022
https://doi.org/10.1360/TB-2022-0557
Show More Cited By

Index Terms

Self-service cloud computing
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security

Recommendations

On the Control Plane of a Self-service Cloud Platform
SOCC '14: Proceedings of the ACM Symposium on Cloud Computing

Self-service Cloud Computing (SSC) [7] is a recently-proposed model to improve the security and privacy of client data on public cloud platforms. It prevents cloud operators from snooping on or modifying client VMs and provides clients the flexibility ...
Energy Conserving Secure VM Allocation in Untrusted Cloud Computing Environment
Compute '17: Proceedings of the 10th Annual ACM India Compute Conference

Cloud computing is the latest buzz in most of the IT organizations which are witnessing a a trend of migration from traditional computing to cloud computing, thereby reducing their infrastructure cost and improving efficiency and performance. Cloud ...
Policing as a Service in the Cloud
EIDWT '13: Proceedings of the 2013 Fourth International Conference on Emerging Intelligent Data and Web Technologies

Security and Privacy are fundamental concerns in cloud computing both in terms of legal complications and user trust. Cloud computing is a new computing paradigm, aiming to provide reliable, customized, and guaranteed computing dynamic environment for ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

October 2012

1088 pages

ISBN:9781450316514

DOI:10.1145/2382196

General Chair:
Ting Yu
North Carolina State University, USA
,
Program Chairs:
George Danezis
Microsoft Research Cambridge, UK
,
Virgil Gligor
Carnegie Mellon University, USA

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 October 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'12

Sponsor:

SIGSAC

CCS'12: the ACM Conference on Computer and Communications Security

October 16 - 18, 2012

North Carolina, Raleigh, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

89
Total Citations
View Citations
1,751
Total Downloads

Downloads (Last 12 months)38
Downloads (Last 6 weeks)0

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Unoki TKourai K(2023)VM Migration Support for Secure Out-of-Band VNC with Shadow Devices2023 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)10.1109/DASC/PiCom/CBDCom/Cy59711.2023.10361346(0298-0305)Online publication date: 14-Nov-2023
https://doi.org/10.1109/DASC/PiCom/CBDCom/Cy59711.2023.10361346
Tiwari AGarg R(2022)A Optimized Taxonomy on Spot Sale Services Using Mathematical MethodologyInternational Journal of Security and Privacy in Pervasive Computing10.4018/IJSPPC.31304814:1(1-21)Online publication date: 1-Jan-2022
https://doi.org/10.4018/IJSPPC.313048
Gu JHua ZLi MChen H(2022)Innovations and applications of operating system security with a hardware-software co-designChinese Science Bulletin10.1360/TB-2022-055767:32(3862-3871)Online publication date: 30-Jun-2022
https://doi.org/10.1360/TB-2022-0557
Mehrab ANikolaev RRavindran BBromberg YKermarrec AKozyrakis C(2022)KiteProceedings of the Seventeenth European Conference on Computer Systems10.1145/3492321.3519586(384-401)Online publication date: 28-Mar-2022
https://dl.acm.org/doi/10.1145/3492321.3519586
Kawamura TKourai K(2022)Secure Offloading of User-level IDS with VM-compatible OS Emulation Layers for Intel SGX2022 IEEE 15th International Conference on Cloud Computing (CLOUD)10.1109/CLOUD55607.2022.00035(157-166)Online publication date: Jul-2022
https://doi.org/10.1109/CLOUD55607.2022.00035
Li MZha ZZang WYu MLiu PBai K(2022)Detangling Resource Management Functions from the TCB in Privacy-Preserving VirtualizationComputer Security - ESORICS 201410.1007/978-3-319-11203-9_18(310-325)Online publication date: 10-Mar-2022
https://dl.acm.org/doi/10.1007/978-3-319-11203-9_18
VELLIANGIRI S(2021)DEFENDING AGAINST SIDE CHANNEL ATTACKS IN CLOUD RESOURCE MANAGEMENTi-manager’s Journal on Cloud Computing10.26634/jcc.8.1.184548:1(1)Online publication date: 2021
https://doi.org/10.26634/jcc.8.1.18454
Oqaily MJarraya YMohammady MMajumdar SPourzandi MWang LDebbabi M(2021)SegGuard: Segmentation-based Anonymization of Network Data in Clouds for Privacy-Preserving Security AuditingIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2019.2957488(1-1)Online publication date: 2021
https://doi.org/10.1109/TDSC.2019.2957488
Nakano TKourai K(2021)Secure Offloading of Intrusion Detection Systems from VMs with Intel SGX2021 IEEE 14th International Conference on Cloud Computing (CLOUD)10.1109/CLOUD53861.2021.00043(297-303)Online publication date: Sep-2021
https://doi.org/10.1109/CLOUD53861.2021.00043
Inokuchi KKourai K(2020)Secure VM management with strong user binding in semi-trusted cloudsJournal of Cloud Computing10.1186/s13677-020-0152-99:1Online publication date: 17-Jan-2020
https://doi.org/10.1186/s13677-020-0152-9
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents