DOCSLIB.ORG

Cloud Computing: a Review of Paas, Iaas, Saas Services and Providers

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Lámpsakos | No. 7 | PP. 47-57 | enero-junio | 2012 | ISSN: 2145-4086 | Medellín - Colombia CLOUD COMPUTING: A REVIEW OF PAAS, IAAS, SAAS SERVICES AND PROVIDERS CLOUD COMPUTING: UNA REVISIÓN DE LOS SERVICIOS Y PROVEEDORES PAAS, IAAS, SAAS Mg. María Salas-Zárate Mg. Luis Colombo-Mendoza Instituto Tecnológico de Orizaba, México Instituto Tecnológico de Orizaba, México [email protected] [email protected] (Review Article. Received el 17/10/2011. Accepted el 19/12/2011) Abstract. Cloud computing has become an Resumen. La computación en la nube se ha convertido important factor for businesses, developers, workers, en uno de los factores relevantes para las empresas, because it provides tools and Web applications that desarrolladores y trabajadores, porque proporciona allows storing information on external servers. Also, herramientas y aplicaciones web que permite almacenar Cloud computing offers advantages such as: cost información en servidores externos. Además, la reduction, information access from anywhere, to computación en la nube ofrece ventajas tales como: mention but a few. Nowadays, there are several reducción de costos, acceso a la información desde Cloud computing providers such as: Google Apps, cualquier lugar, por mencionar sólo algunos. Hoy en Zoho, AppEngine, Amazon E2C, among others. día hay varios proveedores de computación en la nube These providers offer Software, Infrastructure or como: Google Apps, Zoho, AppEngine, E2C Amazon, Platform as a Service. Taking this into account, this entre otros. Estos proveedores ofrecen software, paper presents a general review of Cloud computing infraestructura o plataforma como un servicio. En providers in order to allow users, enterprises, and este trabajo se presenta una revisión general de los developers select the one that meets their needs. proveedores de computación en la nube, con el fin de permitir a los usuarios, empresas y desarrolladores Keywords: Cloud computing, IaaS, PaaS, SaaS. seleccionar el que se ajuste a sus necesidades.. Palabras clave: Computación en la nube; IaaS, PaaS, SaaS. 48 María Salas-Zárate y Luis Colombo-Mendoza 1. INTRODUCTION improve the usability, maintainability and efficiency of services targeting Clouds with strict QoS constraints. Cloud computing is a new style of computing in which In [5] propose a taxonomy which identifies and dynamically scalable and often virtualized resources classifies eight important elements that characterize are provided as a services over the Internet [1]. Cloud computing infrastructures: 1) service type, According to who owns and manages the Cloud 2) resource deployment, 3) hardware, 4) runtime services, these can be classified in: Public, Private tuning, 5) security, 6) business model, 7) middle- and Hybrid Clouds. Public Cloud offers services to ware, and 8) performance. The taxonomy is based general public, unlike Private Cloud that are used by on a survey conducted on an important set of seven a single organization. Also, there are Hybrid Clouds IaaS providers, six Web hosting companies, and two which offer a combination of private and public mixed PaaS and Web hosting providers. In [6] present Clouds. Furthermore, there are three Cloud services a Cloud services comparison based on aspects such models: 1) SaaS (Software as a Service), 2) PaaS as architecture, features, and application. In [7] (Platform as a Service) and 3) IaaS (Infrastructure as present a survey of Cloud computing, highlighting its a Service). IaaS offers an infrastructure of resources key concepts, architectural principles, state-of-the- (storage, databases, among others), usually in terms art, implementation as well as research challenges. of Virtual machine as a service. PaaS offers an Also, they provide a better understanding of the environment oriented to the development, testing, design challenges of Cloud computing and they deployment and hosting of applications. SaaS offers identify important research directions in this area. In a set of applications installed and running over [8] examine the available Cloud computing services Internet. This paper presents a review of PaaS, SaaS and propose a tree-structured taxonomy which offers and IaaS providers, with the aim of helping users to a common terminology and baseline information for select the provider that best suits their needs and easy communication. In [9] analyze public quality budget. information of Cloud services in terms of service types, also they show that IaaS quality information This work is structured as follows. In section 2 related is more detailed and balanced than those of PaaS works of Cloud computing are discussed. Section and SaaS. In [10] present a detailed comparison 3 presents the architecture and features of Cloud of Cloud services according to the Cloud types, computing. Section 4 presents the public, private and interfaces, compatibility, implementation, deployment hybrid Cloud services. In section 5 a comparison of requirement and development support. IaaS, SaaS and PaaS providers is presented. Finally, we present our conclusions and emphasize our contribution. 3. CLOUD COMPUTING According to NIST(National Institute of standards and 2. RELATED WORK Technology) Cloud computing is defined as a model for enabling convenient, on-demand network access In [2] discuss both features and benefits of Cloud to a shared pool of configurable computing resources computing, and the Infrastructure as a Service (IaaS). (e.g., networks, servers, storage, applications, Also, they provide a means of understanding and and services) that can be rapidly provisioned and investigating IaaS. They outline the responsibilities of released with minimal management effort or service IaaS providers and the facilities to IaaS consumers. provider interaction [11]. In [3] present the design of a trusted Cloud computing The aforementioned definition has been adopted by platform (TCCP) that enables IaaS services such a great number of authors. Next, a Cloud computing as Amazon EC2 to provide a closed box execution general architecture is presented. environment. TCCP guarantees confidential execution of guest Virtual Machines, and allows 3.1 Cloud Computing Architecture users attesting the IaaS provider and determining if the service is secure before they launch their Virtual A Cloud computing architecture consists of four Machines In [4] describe a PaaS architecture for layers: Hardware, Infrastructure, Platforms and provisioning of real-time service-oriented application Application. This general architecture is shown in in Clouds. Also, they show how the combination Fig. 1. of methods, tools and services can be used to Lámpsakos | No. 7 | enero-junio 2012 Cloud Computing: A review of PaaS, IaaS, SaaS Service and Providers 49 The layers of this Cloud computing architecture are standard mechanisms by heterogeneous thin or described below. thick client platforms such as mobile phones, tablets, laptops, and workstations. Resource pooling: The provider’s computing resources are pooled in order to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to the consumer demand. There is a sense of location independence in that the customer has not control or knowledge over the exact location of the provided resources but he may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of Fig. 1 Cloud computing architecture resources are storage, processing, memory, and network bandwidth. Hardware layer: It manages the physical resources of the Cloud, including physical servers, routers, Rapid elasticity: Capabilities can be elastically switches, power and cooling systems. provisioned and released, in some cases, to scale rapidly outward and inward commensurate with Infrastructure or Virtualization layer: It creates demand. To the consumer, the capabilities available a pool of storing and computing resources by for provisioning often appear to be unlimited and can partitioning the physical resources using virtualization be appropriated in any quantity at any time. technologies such as VMware [12], Xen [13], and KVM [14]. Measured service: Cloud systems automatically control and optimize resource use by leveraging Platform layer: It is composed of operating systems a metering capability at some level of abstraction and application frameworks. Its aim is to minimize appropriate to the type of service (e.g., storage, the burden of deploying applications directly in VM processing, bandwidth, and active user accounts). containers. Resource usage can be monitored, controlled, and reported, providing transparency for both the Application layer: It consists of the actual Cloud provider and consumer of the utilized service [11]. applications. In contrast to traditional applications, Cloud applications can leverage the automatic- 4. CLOUD TYPES scaling feature to achieve better performance, availability and lower operating cost [7]. There are three kinds of Cloud computing services, which vary according to who owns and manages Next, the main features of Cloud computing are them. Next, these are described. described. Private Clouds or internal Clouds: It exclusively 3.4 Cloud computing features offers Cloud services for business or organizations that prefer to keep their data in a more controlled and : A consumer can be On-demand self-service secure environment. unilaterally provided of computing capabilities Public Clouds or external Clouds: It is the most information such
Recommended publications
  • Cloud Computing: a Taxonomy of Platform and Infrastructure-Level Offerings David Hilley College of Computing Georgia Institute of Technology

    Cloud Computing: a Taxonomy of Platform and Infrastructure-Level Offerings David Hilley College of Computing Georgia Institute of Technology

    Cloud Computing: A Taxonomy of Platform and Infrastructure-level Offerings David Hilley College of Computing Georgia Institute of Technology April 2009 Cloud Computing: A Taxonomy of Platform and Infrastructure-level Offerings David Hilley 1 Introduction Cloud computing is a buzzword and umbrella term applied to several nascent trends in the turbulent landscape of information technology. Computing in the “cloud” alludes to ubiquitous and inexhaustible on-demand IT resources accessible through the Internet. Practically every new Internet-based service from Gmail [1] to Amazon Web Services [2] to Microsoft Online Services [3] to even Facebook [4] have been labeled “cloud” offerings, either officially or externally. Although cloud computing has garnered significant interest, factors such as unclear terminology, non-existent product “paper launches”, and opportunistic marketing have led to a significant lack of clarity surrounding discussions of cloud computing technology and products. The need for clarity is well-recognized within the industry [5] and by industry observers [6]. Perhaps more importantly, due to the relative infancy of the industry, currently-available product offerings are not standardized. Neither providers nor potential consumers really know what a “good” cloud computing product offering should look like and what classes of products are appropriate. Consequently, products are not easily comparable. The scope of various product offerings differ and overlap in complicated ways – for example, Ama- zon’s EC2 service [7] and Google’s App Engine [8] partially overlap in scope and applicability. EC2 is more flexible but also lower-level, while App Engine subsumes some functionality in Amazon Web Services suite of offerings [2] external to EC2.
  • Secure Service Provisioning in a Public Cloud

    Secure Service Provisioning in a Public Cloud

    Mälardalen University Press Licentiate Theses No. 157 SECURE SERVICE PROVISIONING IN A PUBLIC CLOUD Mudassar Aslam 2012 School of Innovation, Design and Engineering Copyright © Mudassar Aslam, 2012 ISBN 978-91-7485-081-9 ISSN 1651-9256 Printed by Mälardalen University, Västerås, Sweden Populärvetenskaplig sammanfattning Utvecklingen av molntekniker möjliggör utnyttjande av IT-resurser över Internet, och kan innebära många fördelar för såväl företag som privat- personer. Dock innebär denna nya modell för användandet av resurser att säkerhetsfrågor uppstår, frågor som inte existerat i traditionell resur- shantering på datorer. I avhandlingen fokuserar vi på säkerhetsfrågor som rör en användare av molntjänster (t.ex. en organisation, myndighet etc.), när användaren vill leasa molntjänster i form av Virtuella maskiner (VM) från en publik leverantör av Infrastructure-as-a-Service (IaaS). Det finns många säkerhetsområden i molnsystem: att hålla data hemliga, att resurserna är korrekta, att servicen är den utlovade, att säkerheten kan kontrolleras, etc. I denna avhandling fokuserar vi på säkerhetsproblem som resulterar i att tillit saknas mellan aktörerna i molnsystem, och som därmed hindrar säkerhetskänsliga användare från att använda molntjänster. Från en behovsanalys ur säkerhetsperspektiv föreslår vi lösningar som möjliggör tillit i publika IaaS-moln. Våra lösningar rör i huvudsak säker livscykelhantering av virtuella maskiner, inklusive mekanismer för säker start och säker migrering av virtuella maskiner. Lösningarna säkerställer att användarens VM alltid är skyddad i molnet genom att den endast tillåts exekveras på pål- itliga (trusted) plattformar. Detta sker genom att använda tekniker för s.k. trusted computing (pålitlig datoranvändning), vilket innebär att användaren på distans kan kontrollera om plattformen är tillförlitlig eller inte.
  • Delivery Services Model of Cloud Computing: a Perspective Overview

    Delivery Services Model of Cloud Computing: a Perspective Overview

    International Journal of Innovative Computing, Information and Control ICIC International c 2012 ISSN 1349-4198 Volume 8, Number 8, August 2012 pp. 5873{5884 DELIVERY SERVICES MODEL OF CLOUD COMPUTING: A PERSPECTIVE OVERVIEW Feng-Tse Lin and Chieh-Hung Huang Department of Applied Mathematics Chinese Culture University No. 55, Hwa-Kang Road, Yang-Min-Shan, Taipei 111, Taiwan [email protected] Received March 2011; revised August 2011 Abstract. Cloud computing is a consequence of economic, commercial, cultural and technological conditions that have combined to cause a disruptive shift in the IT industry towards a service-based economy. It is a style of computing where massively scalable IT- enabled capabilities are provided as a service over the network and give rise to the \As a Service" business. The evolution of Cloud computing can handle massive data as per on demand service. Supporting this transition is a range of technologies from cluster- ing to virtualization. This study presents an expanded delivery services model of Cloud computing for enterprise and business. The characteristics and the challenges of Cloud computing are analyzed and discussed. The offerings from some Cloud service providers are also outlined. Keywords: Cloud computing, Virtualization, Cloud infrastructure, Cloud services, Everything-as-a-Service 1. Introduction. In the IBM technical white paper of Cloud computing, the concept of Cloud computing has developed from earlier ideas such as grid and utility computing, and aims to provide a completely Internet-driven, dynamic and scalable service-oriented IT environment, which can be accessed from anywhere using any web-capable device [6]. With the Cloud computing technology, user's computer no longer has to do all the heavy computing process or data storage.
  • Flexiscale Next Generation Data Centre Management

    Flexiscale Next Generation Data Centre Management

    FlexiScale Next Generation Data Centre Management Gihan Munasinghe Paul Anderson Xcalibre Communications, School of Informatics, Livingston, UK University of Edinburgh, UK [email protected] [email protected] Abstract— Data centres and server farms are rapidly becoming ing”1. Conventionally, this still involves dedicated hardware a key infrastructure component for businesses of all sizes. – as the load increases, more dedicated machines would be However, matching the available resources to the changing level allocated (from a pool of idle machines) and some mechanism of demand is a major challenge. used to “load-balance” between them. FlexiScale is a data centre architecture which is designed to deliver a guaranteed QoS level for the exported services. It does Whilst this approach is a scalable solution, it suffers from a this by autonomically reconfiguring the infrastructure to cater for number of problems. There is still a considerable inefficiency fluctuations in the demand. FlexiScale is based on virtualisation in allocating dedicated servers – at any one time, a large technology which provides location- and hardware-transparent percentage of the machines may be running at a very low services. It currently uses Virtual Iron [2] as the management load average. It can also take a significant time to load and platform, and a XEN-based virtualisation platform [5]. In this paper, we describe our experiences and difficulties in reconfigure additional servers which means that there is quite a implementing the FlexiScale architecture. Phase I is currently in high latency in responding to requests for increased resources. production - this provides a scalable, fault tolerant hardware The use of “virtual machines” is becoming a popular architecture.
  • Cloud Computing in a Nutshell

    Cloud Computing in a Nutshell

    UNIT-I Cloud Computing in a Nutshell Cloud Computing Cloud computing is a general term for anything that involves delivering hosted services over the Internet. “Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over a network (typically the Internet). The name comes from the common use of a cloud-shaped symbol as an abstraction for the complex infrastructure it contains in system diagrams. Cloud computing entrusts remote services with a user's data, software and computation.” Cloud Benefits Pay as you go Focus on business rather than IT Elasticity - Scale up and down based on business need Cloud Models Deployment Models : Public Cloud, Private Cloud, Hybrid Cloud, Community Cloud Service Models : SaaS, PaaS, IaaS Essential Characteristics On Demand Self-Service: Allows for provisioning of computing resources automatically as needed. Broad Network Access: Access to cloud resources is over the network using standard mechanisms provided through multi-channels. Resource Pooling: The vendors’ resources are capable of being pooled to serve multiple clients using a multi-tenant model, with different physical and virtual resources in a dynamic way. Example of resources include; computation capabilities, storage and memory. Rapid Elasticity: Allows for rapid capability provisioning, for quick scaling out and scaling in of capabilities. The capability available for provisioning to the client seems to be unlimited and that it can be purchased as demanded. Measured Service: Allows
  • Malla Reddy College of Engineering and Technology

    Malla Reddy College of Engineering and Technology

    MALLA REDDY COLLEGE OF ENGINEERING AND TECHNOLOGY Compiled By, Faculty of Cloud Computing Department of CSE CLOUD COMPUTING Objectives 1. To understand the various distributed system models and evolving computing paradigms 2. To gain knowledge in virtualization of computer resources 3. To realize the reasons for migrating into cloud 4. To introduce the various levels of services that can be achieved by a cloud. 5. To describe the security aspects in cloud and the services offered by a cloud. UNIT- I Cloud Computing Fundamentals: Definition of Cloud computing, Roots of Cloud Computing , Layers and Types of Clouds, Desired Features of a Cloud, Cloud Infrastructure Management, Infrastructure as a Service Providers, Platform as a Service Providers. Computing Paradigms: High-Performance Computing, Parallel Computing, Distributed Computing, Cluster Computing, Grid Computing. UNIT- II Migrating into a Cloud: Introduction, Broad Approaches to Migrating into the Cloud, the Seven-Step Model of Migration into a Cloud, Enriching the ‘Integration as a Service’ Paradigm for the Cloud Era, the Onset of Knowledge Era the Evolution of SaaS, Evolution of Saas. UNIT- III Infrastructure as a Service (IAAS) & Platform (PAAS): Virtual machines provisioning and Migration services, Virtual Machines Provisioning and Manageability, Virtual Machine Migration Services, VM Provisioning and Migration in Action. On the Management of Virtual machines for Cloud Infrastructures- Aneka—Integration of Private and Public Clouds. UNIT- IV Software as a Service (SAAS) &Data Security in the Cloud: Software as a Service SAAS), Google App Engine – Centralizing Email Communications- Collaborating via Web- Based Communication Tools-An Introduction to the idea of Data Security. UNIT- V SLA Management in cloud computing: Traditional Approaches to SLO Management, Types of SLA, Life Cycle of SLA, SLA Management in Cloud.
  • GFD-I Open Cloud Computing Interface Thijs Metsch, Sun

    GFD-I Open Cloud Computing Interface Thijs Metsch, Sun

    GFD-I Thijs Metsch, Sun Microsystems Open Cloud Computing Interface September 16, 2009 Open Cloud Computing Interface - Use cases and requirements for a Cloud API 1. Introduction ............................................................................................................ 1 2. OCCI Use Cases ................................................................................................... 2 2.1. SLA-aware cloud infrastructure using SLA@SOI ............................................ 2 2.2. Service Manager to control the Life cycle of Services ..................................... 2 2.3. Interoperability across Cloud Infrastructures using OpenNebula ...................... 4 2.4. AJAX web front-end directly calling API ........................................................ 5 2.5. Single technical integration to support multiple service providers ..................... 5 2.6. Wrapping EC2 in OCCI ............................................................................... 6 2.7. Automated Business Continuity and Disaster Recovery .................................. 6 2.8. Simple scripting of cloud from Unix shell ....................................................... 6 2.9. Typical web hosting cluster .......................................................................... 6 2.10. Manage cloud resources from a centralized dashboard ................................ 7 2.11. Compute Cloud ......................................................................................... 7 2.12. Multiple Allocation .....................................................................................
  • An Applied Evaluation and Assessment of Cloud Computing Platforms

    An Applied Evaluation and Assessment of Cloud Computing Platforms

    An Applied Evaluation and Assessment of Cloud Computing Platforms Daniel H¨ogberg January 21, 2012 Master's Thesis in Computing Science, 30 credits Supervisor at CS-UmU: Mikael R¨annar Examiner: Fredrik Georgsson Ume˚a University Department of Computing Science SE-901 87 UMEA˚ SWEDEN Abstract Cloud computing is an emerging paradigm with the potential to change the way computing resources are used by enabling the long held idea of utility computing. This thesis aims to conduct a survey of the cloud computing platforms that are currently available and to com- pare and evaluate the alternatives. Criteria that are important to consider when choosing between cloud platforms are defined and used to compare a set of selected platforms. A case management application called Wera is also migrated to platforms to test the migration processes and the platforms in practice. An experience gained from performing migrations to several Infrastructure-as-a-Service platforms is that they are very much alike. The storage models and features available may differ but the functionality offered is essentially the same. The fact that the area is still new is very visible when working with the platforms, but even though the platforms are still evolving, they are useful. Disruptions in the availability are rare and it is surprisingly easy to migrate an application to an Infrastructure-as-a-Service platform and have it run in the cloud. Employing Platform-as-a-Service offerings requires a greater effort to get started but using them there is even more to gain by tasks like patching and automatic scaling being transferred to the provider.
  • United States, European Union, United Kingdom, France, and China

    United States, European Union, United Kingdom, France, and China

    Over the past decade, many data, information, or computational grids were built in various parts of the world. It summarizes five representative grid computing systems built in the United States, European Union, United Kingdom, France, and China. We call these national grids, because they are essentially government-funded projects pushing for grand challenge applications that demand high-performance computing and high-bandwidth communication networks. Here treat the EU countries as a single entity. Most national grids are built by linking supercomputer centers and major computer ensembles together with Internet backbones and high-bandwidth WANs or LANs. More details can be found in the cited subsequent sections. International Grid Projects Grid applications cannot be restricted to geographical boundaries. As summarized , several global-scale grid projects were launched or are still active in use today. These projects promote volunteer computing, utility computing, and specific software applications that utilizes grid infrastructure. International grids involve both government and industrial funding. The European Union has been a major player in grid computing. The most famous EU grid projects are the EGEE, DataGrid, and BEinGrid. In the industrial sector, we have seen grid providers including Sun Microsystems, IBM, HP, etc. International grids are built with fix-term projects. Some of them are no longer active to provide public services at the end of funding. Assignment Questions: 1. Explain in detail about OGSA . 2.Explain in detail about the requirements of OGSA. 3.Breifly explain about the data intensive grid service models. 4.Explain briefly about the various OGSA services. 5.Describe in detail about grid migration services and its security services.
  • IBM Data Center Networking Planning for Virtualization and Cloud Computing

    IBM Data Center Networking Planning for Virtualization and Cloud Computing

    Front cover IBM Data Center Networking Planning for Virtualization and Cloud Computing Drivers for change in the data center IBM systems management networking capabilities The new data center design landscape Marian Friedman Michele Girola Mark Lewis Alessio M. Tarenzio ibm.com/redbooks International Technical Support Organization IBM Data Center Networking: Planning for Virtualization and Cloud Computing May 2011 SG24-7928-00 Note: Before using this information and the product it supports, read the information in “Notices” on page vii. First Edition (May 2011) © Copyright International Business Machines Corporation 2011. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . vii Trademarks . viii Preface . ix The team who wrote this book . x Now you can become a published author, too! . xi Comments welcome. xi Stay connected to IBM Redbooks . xii Chapter 1. Drivers for a dynamic infrastructure. 1 1.1 Key operational challenges . 3 1.1.1 Costs and service delivery . 4 1.1.2 Energy efficiency. 5 1.1.3 Business resiliency and security . 5 1.1.4 Changing applications and business models . 5 1.1.5 Harnessing new technologies to support the business . 6 1.1.6 Evolving business models. 6 1.2 Cloud computing can change how IT supports business . 7 1.2.1 The spectrum of cloud solutions . 8 1.3 Benefits and challenges of cloud computing . 10 1.4 Perceived barriers to cloud computing . 12 1.5 Implications for today’s CIO . 16 1.6 Dynamic infrastructure business goals . 16 1.6.1 Reduce cost .
  • Improving Virtualization Security by Splitting Hypervisor Into Smaller Components

    Improving Virtualization Security by Splitting Hypervisor Into Smaller Components

    Improving Virtualization Security by Splitting Hypervisor into Smaller Components Wuqiong Pan1;2, Yulong Zhang2, Meng Yu2, and Jiwu Jing1 1 State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China {wqpan,jing}@lois.cn 2 Department of Computer Science, Virginia Commonwealth University, Richmond, VA, 23284 USA {wpan,zhangy44,myu}@vcu.edu Abstract. In cloud computing, the security of infrastructure is deter- mined by hypervisor (or Virtual Machine Monitor, VMM) designs. Un- fortunately, in recent years, many attacks have been developed to com- promise the hypervisor, taking over all virtual machines running above the hypervisor. Due to the functions a hypervisor provides, it is very hard to reduce its size. Including a big hypervisor in the Trusted Computing Base (TCB) is not acceptable for a secure system design. Several secure, small, and innovative hypervisor designs, e.g., TrustVisor, CloudVisor, etc., have been proposed to solve the problem. However, these designs either have reduced functionalities or pose strong restrictions to the vir- tual machines. In this paper, we propose an innovative hypervisor design that splits hypervisor's functions into a small enough component in the TCB, and other components to provide full functionalities. Our design can significantly reduce the TCB size without sacrificing functionalities. Our experiments also show acceptable costs of our design. Keywords: VMM, Hypervisor, Cloud computing, TCB 1 Introduction Virtualization techniques allow multiple operating systems (OSs) to run concur- rently on a host computer. By sharing hardware, resource utilization can greatly be improved. Virtualization is also the key technology of cloud computing. Some software, such as Xen [1], can provide hardware virtualization by adding a new software layer called hypervisor beneath all Virtual Machines (VMs).
  • Improving Virtualization Security by Splitting Hypervisor Into Smaller Components Wuqiong Pan, Yulong Zhang, Meng Yu, Jiwu Jing

    Improving Virtualization Security by Splitting Hypervisor Into Smaller Components Wuqiong Pan, Yulong Zhang, Meng Yu, Jiwu Jing

    Improving Virtualization Security by Splitting Hypervisor into Smaller Components Wuqiong Pan, Yulong Zhang, Meng Yu, Jiwu Jing To cite this version: Wuqiong Pan, Yulong Zhang, Meng Yu, Jiwu Jing. Improving Virtualization Security by Splitting Hypervisor into Smaller Components. 26th Conference on Data and Applications Security and Privacy (DBSec), Jul 2012, Paris, France. pp.298-313, 10.1007/978-3-642-31540-4_23. hal-01534758 HAL Id: hal-01534758 https://hal.inria.fr/hal-01534758 Submitted on 8 Jun 2017 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Distributed under a Creative Commons Attribution| 4.0 International License Improving Virtualization Security by Splitting Hypervisor into Smaller Components Wuqiong Pan1;2, Yulong Zhang2, Meng Yu2, and Jiwu Jing1 1 State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China {wqpan,jing}@lois.cn 2 Department of Computer Science, Virginia Commonwealth University, Richmond, VA, 23284 USA {wpan,zhangy44,myu}@vcu.edu Abstract. In cloud computing, the security of infrastructure is deter- mined by hypervisor (or Virtual Machine Monitor, VMM) designs. Un- fortunately, in recent years, many attacks have been developed to com- promise the hypervisor, taking over all virtual machines running above the hypervisor.