|
|
|
TRainbow: a new trusted virtual machine based
platform |
| Yuzhong SUN1,Ying SONG1,Yunwei GAO1,Haifeng FANG2,Kai ZHANG2,Hongyong ZANG2,Yaqiong LI2,Yajun YANG2,Ran AO2,Yongbing HUANG2,Lei DU3, |
| 1.Key Laboratory of Computer
System and Architecture, Institute of Computing Technology, Chinese
Academy of Sciences, Beijing 100190, China; 2.Key Laboratory of Computer
System and Architecture, Institute of Computing Technology, Chinese
Academy of Sciences, Beijing 100190, China;Graduate University
of Chinese Academy of Sciences, Beijing 100190, China; 3.Department of Computer
Science and Technology, Xi’an Jiaotong University, Xi’an
710049, China; |
|
|
|
|
Abstract Currently, with the evolution of virtualization technology, cloud computing mode has become more and more popular. However, people still concern the issues of the runtime integrity and data security of cloud computing platform, as well as the service efficiency on such computing platform. At the same time, according to our knowledge, the design theory of the trusted virtual computing environment and its core system software for such network-based computing platform is at the exploratory stage. In this paper, we believe that efficiency and isolation are the two key proprieties of the trusted virtual computing environment. To guarantee these two proprieties, based on the design principle of splitting, customizing, reconstructing, and isolation-based enhancing to the platform, we introduce TRainbow, a novel trusted virtual computing platform developing by our research group. With the two creative mechanisms, that is, capacity flowing amongst VMs and VM-based kernel reconstructing, TRainbow provides great improvements (up to 42%) in service performance and isolated reliable computing environment for Internet-oriented, large-scale, concurrent services.
|
| Keywords
computing platform
virtual machine
capacity service computing
trust chain
isolation
|
|
Issue Date: 05 March 2010
|
|
|
Smith J, Nair R. Virtual Machine: versatileplatform for systems and processes. MorganKaufmann,2005,11―12
|
|
Song Y, Wang H, Li Y Q, Feng B Q, Sun Y Z. Multi-Tiered On-Demand Resource Schedulingfor VM-Based Data Center. In: Proceedingsof the 9th IEEE/ACM International Symposium on Cluster Computing andthe Grid (CCGrid), 2009: 148―155
|
|
Armbrust M, Fox A, Griffith R, et al. Above the Clouds: A Berkeley View of Cloud. Technical Report No. UCB/EECS-2009-28, 2009
|
|
www.linux-magazine.com/Online/News/Richard-Stallman-Cloud-Computing-a-Trap
|
|
Wood T, Shenoy P, Gerber A, et al. The case for enterprise-ready virtual privateclouds. In: Workshop on Hot Topics in CloudComputing (HotCloud), 2009, San Diego, CA.
|
|
www.grid.org.il/Uploads/dbsAttachedFiles/IDC_Cloud_Computing_IGT_final.ppt
|
|
www.linuxvirtualserver.org/
|
|
Lagar-Cavilla H A, Whitney J, Scannell A, et al. Impromptu Clusters for Near-Interactive Cloud-BasedServices. Technical Report CSRG-TR578,Department of Computer Science, University of Toronto, 2008
|
|
Lutterkort D, McLoughlin M. Manageable virtual appliances. In: Proceedings of Linux Symposium2007, Ottawa, Canada, 293―302
|
|
Kumar s, Schwan k. Netchannel: a VMM-level mechanismfor continuous, transparentdevice access during VM migration. In: Proceedings of the 4th ACM SIGPLAN/SIGOPS internationalconference on Virtual execution environments (VEE), 2008, Seattle, WA, USA, 31―40
|
|
Barham P, Dragovic B, Fraser K, et al. Xen and the Art of Virtualization. In: Proceedings of the 19th ACM Symp. on OperatingSystems Principles (SOSP). 2003, 164―177
|
|
Nickolai R C, Chandra R, Zeldovich N, et al. The collective: a cache-based system managementarchitecture. In: Proceedings of the 2ndconference on Symposium on Networked Systems Design and Implementation(NSDI), 2005, 2: 259―272
|
|
Berger S, Cáceres R, Goldman K A, et al. vTPM: Virtualizing the Trusted Platform Module. In: Proceedings of the 15th conference on USENIXSecurity Symposium, 2006, 15(21): 305―320
|
|
Sailer R, Valdez E, Jaeger T, et al. sHype: Secure Hypervisor Approach to TrustedVirtualized Systems. Techn. Rep. RC23511, Feb.2005. IBM Research Division
|
|
Song Y, Li Y Q, Wang H, et al. A service-oriented priority-Based resource schedulingscheme for virtualized utility computing. In: Proceedings of the International Conference on High Performance Computing(HiPC), 2008, LNCS5374, 220―231
|
|
Garfinkel T, Rosenblum M. When virtual is harder thanreal: security challenges in virtual machine based computing environments. In: Proceedings of the 10th conference on Hot Topicsin Operating Systems (HotOS)2005, 133―138
|
|
Engler R D, Kaashoek F M, Jr J. Exokernel: an operating system architecture for application-levelresource management. ACM SIGOPS OperatingSystems Review, 1995, 29(5): 251―266
|
|
Buyya R, Cortes T, Jin H. Single system image (SSI). The International Journal of High Performance Computing Applications, 2001, 15(2): 124―135
|
|
Walker B, Steel D. Implementing a full singlesystem image UnixWare cluster: Middleware vs. underware. In: Proceedings of the International Conferenceon Parallel and Distributed Processing Techniques and Applications(PDPTA), Las Vegas, NV, 1999, 2767―2773
|
|
Renaud L, Pascal G, Geoffroy V, Christine M. Openmosix,OpenSSI and kerrighed: a comparative study. In: IEEE International Symp. on Cluster Computing. and the Grid (CCGrid),Cardiff, UK, 2005,1016―1023
|
|
Wood T, Tarasuk-Levin G, Shenoy P, et al. Memory Buddies: Exploiting Page Sharing forSmart Colocation in Virtualized Data Centers. In: Proceedings of the 4th ACM SIGPLAN/SIGOPS international conferenceon Virtual execution environments (VEE), 2009, 31―40
|
|
Tanenbaum A, Herder J, Bos H. Can we make operating systems reliable and secure? IEEE Computer, 2006, 39(5): 44―51
|
|
Karger P A, Safford D R. I/O for virtual machine monitors:security and performance issues. IEEE Securityand Privacy, 2008, 6(5): 16―23
|
|
Wei J P, Jackson J, Wiegert J. Towards scalable and high performance I/O virtualization –a case study. Lecture Notes in ComputerScience (LNCS)2007, 4782: 586―598
|
|
Trusted Computing Group. TPM main specification, main specification version 1.2 revision 94, 2006
|
|
AMD. Secure VirtualMachine Architecture Reference Manual, May2005
|
|
Sailer R, Zhang X L, Jaeger T, et al. Design and implementation of a TCG-based integritymeasurement architecture. In: Proceedingsof the 13th conference on USENIX Security Symposium, 2004, 223―238
|
|
Dean J, Ghemawat S. MapReduce: Simplified dataprocessing on large clusters. In: Proceedingsof the 6th Symp. on Operating System Design and Implementation (OSDI). Berkeley: USENIX Association, 2004, 137―150
|
|
www.websiteoptimization.com/speed/tw-eak/average-web-page/
|
|
Zang H Y, Gu K Y, Li Y Q, et al. A highly efficient inter-domain communicationchannel. In: IEEE 9th International Conferenceon Computer and Information Technology (CIT). 2009, 369―374
|
|
Wang J, Wright K L, Gopalan K. XenLoop: a transparent high performance Inter-VM networkloopback. In: Proceedings of InternationalSymposium on High Performance Distributed Computing (HPDC), 2008, 109―118
|
|
Viewed |
|
|
|
Full text
|
|
|
|
|
Abstract
|
|
|
|
|
Cited |
|
|
|
|
| |
Shared |
|
|
|
|
| |
Discussed |
|
|
|
|
