Protection mechanisms for application service hosting platforms

The application service hosting platform (ASHP) has recently received tremendous attention from both industry and academia. An ASHP provides a shared high-performance infrastructure to host different application services (AS), outsourced by application service providers (ASP). In this paper, we focus on the protection of ASHP which has inherent requirement of sharing, openness, and mutual isolation. In contrast to a dedicated server platform, which is analogous with a private house, an ASHP is like an apartment building, involving the 'host' - the ASHP infrastructure, and the 'tenants' - the AS. Strong protection and isolation must be provided between the host and the tenants, as well as between different tenants. Unfortunately, traditional OS architecture and mechanisms are not adequate to provide strong ASHP protection. In this paper we first make the case for a new OS architecture based on the virtual OS technology. We then present three protection mechanisms we have developed in SODA, our ASHP architecture. The mechanisms include: (1) resource isolation between AS; (2) virtual switching and firewalling between AS; and (3) kernelized intrusion detection and logging for each AS. For (3), we have developed a system called Kernort inside the virtual OS kernel. Kernort detects network intrusions in real-time and logs AS activities even when the AS has been compromised. Moreover for the privacy of AS, logs are encrypted by Kernort so that the 'landlord' (namely ASHP owner) cannot view them without authorization. We are applying SODA to iShare, an Internet-based distributed resource sharing platform.