Abstract
IaaS cloud provides customers on-demand computational resources such as mass storage, virtual machine and network. However, it also raises some security problems that may hold back its widespread adoption. Since IaaS leverages many technologies, it inherits their security issues. For example, to provision and manage these computing resources, cloud platform and virtual platform are indispensable, but their security issues don’t disappear, and even bring in some new security issues. What’s more, their protection mechanisms are mutually independent and don’t exploit each other’s security advantages. That leaves security blind spots between them and can’t guarantee the security of whole IaaS cloud. In this paper, we introduce security cooperation between cloud platform and virtual platform to address privacy and security issues of IaaS, and build secure IaaS cloud based on OpenNebula and Xen. Our approach leverages each component’s security advantages and unites them into secure IaaS cloud, and experiments show it just incurs little performance overhead.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., et al.: A view of cloud computing. Commun. ACM 53(4), 50–58 (2010)
NIST, NIST: The NIST definition of cloud computing. Commun. ACM 53(6), 50–50 (2011)
Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., et al.: Security and privacy for storage and computation in cloud computing. Inf. Sci. 258(3), 371–386 (2014)
Corradi, A., Fanelli, M., Foschini, L.: VM consolidation: a real case based on openstack cloud. Future Gener. Comput. Syst. 32(2), 118–127 (2014)
Milojičić, D., Llorente, I.M., Montero, R.S.: Opennebula: a cloud management tool. IEEE Internet Comput. 15(2), 11–14 (2011)
Sempolinski, P., Thain, D.: A comparison and critique of eucalyptus, OpenNebula and Nimbus. In: 2010 IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom), pp. 417–426. IEEE (2010)
Paradowski, A., Liu, L., Yuan, B.: Benchmarking the performance of OpenStack and CloudStack. In: 2014 IEEE 17th International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing (ISORC), pp. 405–412. IEEE Computer Society (2014)
Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., et al.: Xen and the art of virtualization. In: Proceedings of SOSP-03: The Nineteenth ACM Symposium on Operating Systems Principles, vol. 19, pp. 164–177. ACM, New York, NY (2003)
Leinenbach, D., Santen, T.: Verifying the Microsoft hyper-V hypervisor with VCC. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 806–809. Springer, Heidelberg (2009)
Tian, J.W., Liu, X.X., Xi, L.I., Wen-Hui, Q.I.: Application on VMware Esxi virtualization technique in server resource integration. Hunan Electr. Power 6, 004 (2012)
Wang, Z., Jiang, X.: HyperSafe: a lightweight approach to provide lifetime hypervisor control-flow integrity. In: Proceedings of S&P, Oakland, pp. 380–395 (2010)
Azab, A.M., Ning, P., Wang, Z., Jiang, X., Zhang, X., Skalsky, N.C.: HyperSentry: enabling stealthy in-context measurement of hypervisor integrity 65. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 38–49. ACM (2010)
Steinberg, U., Kauer, B.: NOVA: a microhypervisor-based secure virtualization architecture. In: Proceedings of the European Conference on Computer Systems, pp. 209–222 (2010)
Dall, C., Nieh, J.: KVM/ARM: the design and implementation of the Linux arm hypervisor. In: Proceedings of International Conference on Architectural Support for Programming Languages and Operating Systems, vol. 42, pp. 333–348 (2014)
Seshadri, A., Luk, M., Qu, N., Perrig, A.: SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity oses. SOSP 41(6), 335–350 (2007)
Colp, P., Nanavati, M., Zhu, J., Aiello, W., Coker, G., Deegan, T., et al.: Breaking up is hard to do: security and functionality in a commodity hypervisor. In: Proceedings of ACM Symposium on Operating Systems Principles, pp. 189–202 (2011)
Manadhata, P.K., Wing, J.M.: An attack surface metric. IEEE Trans. Softw. Eng. 37(3), 371–386 (2011)
Shepler, S., Callaghan, B., Robinson, D., Thurlow, R., Beame, C., & Eisler, M., et al. (2000). Nfs version 4 protocol. Ousterhout, “Caching in the Sprite Network File System,” ACM Transactions on Computer Systems 6(1)
Hitz, D., Lau, J., Malcolm, M.: File system design for an NFS file server appliance. In: USENIX Technical Conference, vol. 1 (1994)
Wada, K.: Redundant arrays of independent disks. In: Liu, L., Özsu, T. (eds.) Encyclopaedia of Database Systems. Springer, New York (2009)
Savage, S., Wilkes, J.: AFRAID - a frequently redundant array of independent disks. Parity 2, 5 (1996)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Yang, J., Zhu, Z., Sun, L., Zhang, J., Zhu, X. (2015). Enhancing Security of IaaS Cloud with Fraternal Security Cooperation Between Cloud Platform and Virtual Platform. In: Huang, Z., Sun, X., Luo, J., Wang, J. (eds) Cloud Computing and Security. ICCCS 2015. Lecture Notes in Computer Science(), vol 9483. Springer, Cham. https://doi.org/10.1007/978-3-319-27051-7_23
Download citation
DOI: https://doi.org/10.1007/978-3-319-27051-7_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27050-0
Online ISBN: 978-3-319-27051-7
eBook Packages: Computer ScienceComputer Science (R0)