Himanshu Raj
ABSTRACT
The cloud infrastructure provider (CIP) in a cloud computing platform must provide security and isolation guarantees to a service provider (SP), who builds the service(s) for such a platform. We identify last level cache (LLC) sharing as one of the impediments to finer grain isolation required by a service, and advocate two resource management approaches to provide performance and security isolation in the shared cloud infrastructure - cache hierarchy aware core assignment and page coloring based cache partitioning. Experimental results demonstrate that these approaches are effective in isolating cache interference impacts a VM may have on another VM. We also incorporate these approaches in the resource management (RM) framework of our example cloud infrastructure, which enables the deployment of VMs with isolation enhanced SLAs.
- Amazon elastic compute cloud (ec2). http://aws.amazon.com/ec2/.Google Scholar
- Microsoft azure services platform. http://www.microsoft.com/azure/default.mspx.Google Scholar
- Microsoft Live Mesh. www.mesh.com.Google Scholar
- Microsoft solver foundation. http://code.msdn.microsoft.com/solverfoundation.Google Scholar
- Virtualization with Hyper-V. http://www.microsoft.com/windowsserver2008/en/us/hypervmain.aspx.Google Scholar
- D. J. Bernstein. Cache-timing attacks on AES. http://cr.yp.to/antiforgery/cachetiming-20050414.pdf.Google Scholar
- D. Chandra, F. Guo, S. Kim, and Y. Solihin. Predicting inter-thread cache contention on a chip multi-processor architecture. In HPCA '05: Proceedings of the 11th International Symposium on High-Performance Computer Architecture, pages 340--351, Washington, DC, USA, 2005. IEEE Computer Society. Google ScholarDigital Library
- A. Fedorova and M. Seltzer.Improving performance isolation on chip multiprocessors via an operating system scheduler.In Parallel Architecture and Compilation Techniques, 2007. PACT 2007. 16th International Conference on, pages 25--38, Sept. 2007. Google ScholarDigital Library
- S. Kim, D. Chandra, and Y. Solihin. Fair cache sharing and partitioning in a chip multiprocessor architecture. In PACT '04: Proceedings of the 13th International Conference on Parallel Architectures and Compilation Techniques, pages 111--122, Washington, DC, USA, 2004.IEEE Computer Society. Google ScholarDigital Library
- B. Monahan and M. Yearworth. Meaningful security slas. Technical report, HP Labs, 2008.Google Scholar
- T. Moscibroda and O. Mutlu. Memory performance attacks: denial of memory service in multi-core systems. In SS'07: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pages 1--18, 2007. Google ScholarDigital Library
- D. G. Murray, G. Milos, and S. Hand. Improving xen security through disaggregation. In VEE '08: Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments, pages 151--160, 2008. Google ScholarDigital Library
- D. A. Osvik, A. Shamir, and E. Tromer. Cache attacks and countermeasures: the case of aes. In Topics in Cryptology - CT-RSA 2006, The CryptographersŠ Track at the RSA Conference 2006, pages 1--20. Springer-Verlag, 2005. Google ScholarDigital Library
- C. Percival. Cache missing for fun and profit. http://www.daemonology.net/papers/htt.pdf.Google Scholar
- D. Tam, R. Azimi, L. Soares, and M. Stumm. Managing shared l2 caches on multicore systems in software. In Workshop on the Interaction between Operating Systems and Computer Architecture, 2007.Google Scholar
- Z. W ang and R. B. Lee. New cache designs for thwarting software cache-based side channel attacks. In ISCA '07: Proceedings of the 34th annual international symposium on Computer architecture, pages 494--505, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
Index Terms
- Resource management for isolation enhanced cloud services
Recommendations
Dynamic performance isolation management for cloud computing services
Unmanaged resource contention in cloud computing environments can cause problems such as performance interference, service quality degradation, and consequently service agreements violation. Performance isolation is an indispensable remedy solution for ...
Resource management in cloud computing
Cloud computing has emerged as a popular computing paradigm for hosting large computing systems and services. Recently, significant research is carried out on Resource Management (RM) techniques that focus on the efficient sharing of cloud resources ...
Adaptive Virtual Machine Management in the Cloud: A Performance-Counter-Driven Approach
The success of cloud computing technologies heavily depends on both the underlying hardware and system software support for virtualization. In this study, we propose to elevate the capability of the hypervisor to monitor and manage co-running virtual ...
Comments