Skip to main content
SpringerLink
Log in

TRainbow: a new trusted virtual machine based platform

  • Research Article
  • Published:
Frontiers of Computer Science in China Aims and scope Submit manuscript

Abstract

Currently, with the evolution of virtualization technology, cloud computing mode has become more and more popular. However, people still concern the issues of the runtime integrity and data security of cloud computing platform, as well as the service efficiency on such computing platform. At the same time, according to our knowledge, the design theory of the trusted virtual computing environment and its core system software for such network-based computing platform is at the exploratory stage. In this paper, we believe that efficiency and isolation are the two key proprieties of the trusted virtual computing environment. To guarantee these two proprieties, based on the design principle of splitting, customizing, reconstructing, and isolation-based enhancing to the platform, we introduce TRainbow, a novel trusted virtual computing platform developing by our research group.With the two creative mechanisms, that is, capacity flowing amongst VMs and VM-based kernel reconstructing, TRainbow provides great improvements (up to 42%) in service performance and isolated reliable computing environment for Internet-oriented, large-scale, concurrent services.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Smith J, Nair R. Virtual machine: versatile platform for systems and processes. Morgan Kaufmann, 2005, 11–12

  2. Song Y, Wang H, Li Y Q, Feng B Q, Sun Y Z. Multi-tiered ondemand resource scheduling for VM-based data center. In: Proceedings of the 9th IEEE/ACM International Symposium on Cluster Computing and the Grid (CCGrid). 2009, 148–155

  3. Armbrust M, Fox A, Griffith R, et al. Above the Clouds: A Berkeley View of Cloud. Technical Report No. UCB/EECS-2009-28, 2009

  4. Stallman R. Cloud Computing a Trap. http://www.linux-magazine.com/Online/News/Richard-Stallman-Cloud-Computing-a-Trap

  5. Wood T, Shenoy P, Gerber A, et al. The case for enterprise-ready virtual private clouds. In: Workshop on Hot Topics in Cloud Computing (HotCloud), San Diego, CA. 2009

  6. http://www.grid.org.il/Uploads/dbsAttachedFiles/IDC_Cloud_Computing_IGT_final.ppt

  7. http://www.linuxvirtualserver.org/

  8. Lagar-Cavilla H A, Whitney J, Scannell A, et al. Impromptu Clusters for Near-Interactive Cloud-Based Services. Technical Report CSRG-TR578, Department of Computer Science, University of Toronto, 2008

  9. Lutterkort D, McLoughlin M. Manageable virtual appliances. In: Proceedings of Linux Symposium, Ottawa, Canada. 2007, 293–302

  10. Kumar S, Schwan K. Netchannel: a VMM-level mechanism for continuous, transparentdevice access during VM migration. In: Proceedings of the 4th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE), Seattle, WA, USA. 2008, 31–40

  11. Barham P, Dragovic B, Fraser K, et al. Xen and the art of virtualization. In: Proceedings of the 19th ACM Symp. on Operating Systems Principles (SOSP). 2003, 164–177

  12. Nickolai R C, Chandra R, Zeldovich N, et al. The collective: a cache-based system management architecture. In: Proceedings of the 2nd conference on Symposium on Networked Systems Design and Implementation (NSDI). 2005, 2: 259–272

    Google Scholar 

  13. Berger S, Cáceres R, Goldman K A, et al. vTPM: virtualizing the trusted platform module. In: Proceedings of the 15th Conference on USENIX Security Symposium. 2006, 15(21): 305–320

    Google Scholar 

  14. Sailer R, Valdez E, Jaeger T, et al. sHype: Secure Hypervisor Approach to Trusted Virtualized Systems. Techn. Rep. RC23511, Feb. 2005. IBM Research Division

  15. Song Y, Li Y Q, Wang H, et al. A service-oriented priority-based resource scheduling scheme for virtualized utility computing. In: Proceedings of the International Conference on High Performance Computing (HiPC), 2008, LNCS 5374, 220–231

  16. Garfinkel T, Rosenblum M. When virtual is harder than real: security challenges in virtual machine based computing environments. In: Proceedings of the 10th Conference on Hot Topics in Operating Systems (HotOS). 2005, 133–138

  17. Engler D R, Kaashoek M F, O’Toole Jr J. Exokernel: an operating system architecture for application-level resource management. ACM SIGOPS Operating Systems Review, 1995, 29(5): 251–266

    Article  Google Scholar 

  18. Buyya R, Cortes T, Jin H. Single system image (SSI). The International Journal of High Performance Computing Applications, 2001, 15(2): 124–135

    Article  Google Scholar 

  19. Walker B, Steel D. Implementing a full single system image Unix Ware cluster: middleware vs. underware. In: Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications (PDPTA), Las Vegas, NV. 1999, 2767–2773

  20. Renaud L, Pascal G, Geoffroy V, Christine M. Openmosix, OpenSSI and kerrighed: a comparative study. In: IEEE International Symp. on Cluster Computing. and the Grid (CCGrid), Cardiff, UK. 2005, 1016–1023

  21. Wood T, Tarasuk-Levin G, Shenoy P, et al. Memory buddies: exploiting page sharing for smart colocation in virtualized data centers. In: Proceedings of the 4th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE). 2009, 31–40

  22. Tanenbaum A, Herder J, Bos H. Can we make operating systems reliable and secure? IEEE Computer, 2006, 39(5): 44–51

    Google Scholar 

  23. Karger P A, Safford D R. I/O for virtual machine monitors: security and performance issues. IEEE Security and Privacy, 2008, 6(5): 16–23

    Article  Google Scholar 

  24. Wei J P, Jackson J, Wiegert J. Towards scalable and high performance I/O virtualization - a case study. Lecture Notes in Computer Science (LNCS), 2007, 4782: 586–598

    Article  Google Scholar 

  25. Trusted Computing Group. TPM main specification, main specification version 1.2 revision 94, 2006

  26. AMD. Secure Virtual Machine Architecture Reference Manual, May 2005

  27. Sailer R, Zhang X L, Jaeger T, et al. Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th Conference on USENIX Security Symposium. 2004, 223–238

  28. Dean J, Ghemawat S. MapReduce: simplified data processing on large clusters. In: Proceedings of the 6th Symp. on Operating System Design and Implementation (OSDI). Berkeley: USENIX Association, 2004, 137–150

    Google Scholar 

  29. Average Web Page Size Triples Since 2003. Apr 28, 2008, http://www.websiteoptimization.com/speed/tw-eak/average-web-page/

  30. Zang H Y, Gu K Y, Li Y Q, et al. A highly efficient inter-domain communication channel. In: IEEE 9th International Conference on Computer and Information Technology (CIT). 2009, 369–374

  31. Wang J, Wright K L, Gopalan K. XenLoop: a transparent high performance Inter-VM network loopback. In: Proceedings of International Symposium on High Performance Distributed Computing (HPDC). 2008, 109–118

Download references

Author information

Authors and Affiliations

  1. Key Laboratory of Computer System and Architecture, Institute of Computing Technology, Chinese Academy of Sciences, Beijing, 100190, China

    Yuzhong Sun, Haifeng Fang, Ying Song, Kai Zhang, Hongyong Zang, Yaqiong Li, Yajun Yang, Ran Ao, Yongbing Huang & Yunwei Gao

  2. Graduate University of Chinese Academy of Sciences, Beijing, 100190, China

    Haifeng Fang, Kai Zhang, Hongyong Zang, Yaqiong Li, Yajun Yang, Ran Ao & Yongbing Huang

  3. Department of Computer Science and Technology, Xi’an Jiaotong University, Xi’an, 710049, China

    Lei Du

Authors
  1. Yuzhong Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Haifeng Fang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ying Song
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Lei Du
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Kai Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Hongyong Zang
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Yaqiong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Yajun Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Ran Ao
    View author publications

    You can also search for this author in PubMed Google Scholar

  10. Yongbing Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  11. Yunwei Gao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yuzhong Sun.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Sun, Y., Fang, H., Song, Y. et al. TRainbow: a new trusted virtual machine based platform. Front. Comput. Sci. China 4, 47–64 (2010). https://doi.org/10.1007/s11704-009-0076-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11704-009-0076-5

Keywords

Search

Navigation