Virtualization and

Cloud Computing
 • Virtualization is the ability to run
multiple operating systems on a
single physical system and share
the underlying hardware
resources
• It is the process by which one
computer hosts the appearance
Definition of many computers.
• Virtualization is used to improve
IT throughput and costs by using
physical resources as a pool from
which virtual resources can be
allocated.
 • A Virtual machine (VM) is an
Virtualization isolated runtime environment
Architecture (guest OS and applications)
• Multiple virtual systems (VMs) can
run on a single physical system
 • A hypervisor, a virtual machine
manager/monitor (VMM), or
virtualization manager, is a program
that allows multiple operating systems
to share a single hardware host.
• A virtual machine monitor (VMM) is a
computer software, firmware or
hardware that creates and runs virtual
Hypervisor machines.
• Each guest operating system appears to
have the host's processor, memory, and
other resources all to itself. However,
the hypervisor is actually controlling
the host processor and resources,
allocating what is needed to each
operating system in turn and making
sure that the guest operating systems
(called virtual machines) cannot
disrupt each other.
 Sharing of resources helps cost
reduction

Isolation: Virtual machines are

isolated from each other as if they are
physically separated

Benefits of Encapsulation: Virtual machines

encapsulate a complete computing
Virtualization environment

Hardware Independence: Virtual

machines run independently of
underlying hardware

Portability: Virtual machines can be

migrated between different hosts.
 Cloud computing takes
virtualization one step further:
• You don’t need to own the hardware
• Resources are rented as needed from
a cloud
Virtualization • Various providers allow creating
virtual servers:
in Cloud • Choose the OS and software each
Computing instance
• The chosen OS will run on a large
server farm
• Can instantiate more virtual servers
or shut down existing ones within
minutes
• You get billed only for what you used
 • The trusted computing base (TCB)
of a virtual machine is too large.

• TCB: The trusted computing base

(TCB) of a computer system is the
Virtualization
set of all hardware, firmware,
Security
and/or software components that
Challenges
are critical to its security.

• If bugs occurring inside the TCB

might endanger the security
properties of the entire system.

• Smaller TCB  more security

Xen Virtualization
The Xen Project hypervisor runs directly on the hardware and is responsible
for handling CPU, Memory, timers and interrupts.
• Guest Domains/Virtual Machines are virtualized environments, each
running their own operating system and applications.
• Guest VMs are totally isolated from the hardware: in other words, they
have no privilege to access hardware or I/O functionality. Thus, they are
also called unprivileged domain (or DomU).
• The Control Domain (or Domain 0) is a specialized Virtual Machine that
has special privileges like the capability to access the hardware directly,
handles all access to the system’s I/O functions and interacts with the other
Virtual Machines.
 • Management VM – Dom0
• Dom0 may be malicious
• Weaknesses
• Device drivers
• Careless/malicious
administration
• Dom0 is in the TCB of DomU
because it can access the
memory of DomU, which may
cause information
Xen Virtualization leakage/modification

Architecture and the

Threat Model
 • Scenario: A client uses the
service of a cloud computing
company to build a remote VM
– A secure network interface
Virtualization – A secure secondary storage
Security – A secure run-time
Requirements environment
• Build, save, restore,
destroy
 A secure run-time environment
is the most fundamental
• The first two problems already have
solutions:
• Network interface: Transport layer
Virtualization security (TLS)
Security • Secondary storage: Network file
Requirements system (NFS)
• The security mechanism in the first
two rely on a secure run-time
environment
• All the cryptographic algorithms
and security protocols reside in the
run-time environment
 Smaller TCB Solution

Smaller TCB
Actual TCB

*Secure Virtual Machine Execution under an Untrusted Management OS. C. Li, A.

Raghunathan, N.K. Jha. IEEE CLOUD, 2010.
 Domain building
• Building process
Domain save/restore
 Hypervisor Vulnerabilities
Malicious software can run on the same server:
– Attack hypervisor
– Access/Obstruct other VMs

Guest VM1 Guest VM2

Apps Apps

OS OS

Hypervisor
servers
Physical Hardware
18
 NoHype*
• NoHype removes the hypervisor
– There’s nothing to attack
– Complete systems solution
– Still retains the needs of a virtualized cloud
infrastructure Guest VM1 Guest VM2

Apps Apps

OS OS

No hypervisor
Physical Hardware
19

*NoHype: Virtualized Cloud Infrastructure without the Virtualization. E. Keller, J. Szefer, J.

Rexford, R. Lee. ISCA 2010.
 Roles of the Hypervisor
• Isolating/Emulating resources
– CPU: Scheduling virtual machines Push to HW /
Pre-allocation
– Memory: Managing memory
– I/O: Emulating I/O devices Remove
• Networking
Push to side
• Managing virtual machines
 Scheduling virtual machines
• One VM per core

Managing memory
• Pre-allocate memory with processor
Removing support

Emulating I/O devices

the • Direct access to virtualized devices
Hypervisor Networking
• Utilize hardware Ethernet switches

Managing virtual machines

• Decouple the management from
operation
 References
• http://www.vmware.com/pdf/virtualization.pdf
• NoHype: Virtualized Cloud Infrastructure
without the Virtualization. E. Keller, J. Szefer, J.
Rexford, R. Lee. ISCA 2010.
• Secure Virtual Machine Execution under an
Untrusted Management OS. C. Li, A.
Raghunathan, N.K. Jha. IEEE CLOUD, 2010.
• An Introduction to Virtualization and Cloud
Technologies to Support Grid Computing. I.M.
Lorente. EGEE08.