Source:
in Proceedings of the International Symposium on Computer Architecture, ISCA (2010)
Abstract:
Cloud computing is a disruptive trend that is changing the way we use
computers. The key underlying technology in cloud infrastructures is
virtualization – so much so that many consider virtualization to be one
of the key features rather than simply an implementation detail.
Unfortunately, the use of virtualization is the source of a significant
security concern. Because multiple virtual machines run on the same
server and since the virtualization layer plays a considerable role in
the operation of a virtual machine, a malicious party has the
opportunity to attack the virtualization layer. A successful attack
would give the malicious party control over the all-powerful
virtualization layer, potentially compromising the confidentiality and
integrity of the software and data of any virtual machine. In this paper
we propose removing the virtualization layer, while retaining the key
features enabled by virtualization. Our NoHype architecture, named to
indicate the removal of the hypervisor, addresses each of the key roles
of the virtualization layer: arbitrating access to CPU, memory, and I/O
devices, acting as a network device (e.g., Ethernet switch), and
managing the starting and stopping of guest virtual machines.
Additionally, we show that our NoHype architecture may indeed be “no
hype” since nearly all of the needed features to realize the NoHype architecture are currently available as hardware extensions to processors
and I/O devices.