The
Vulnerabilities of Hypervisors in Cloud Computing Server and Major Enhancement
Methodologies.
Ling
Ouyang, Andy Le, David Reinke
San Jose
State University
The
Vulnerabilities of Hypervisors in Cloud Computing Server and Major Enhancement Methodologies.
Ling
Ouyang, Andy Le, David Reinke
San Jose
State University
Abstract
Virtualization, as an
emerging technology to consolidate the computing resources between multiple
users and also enable live migration of
software solution or services from one physical server to another, is widely used in many domains, especially in
the clouding computing system. Hypervisor, also known as Virtual Machine
Monitor(VMM), is one of the most important mechanism to implement
virtualization by creating a software abstraction between the computer hardware
and the operating systems. This paper mainly emphasizes the challenges of
implementing and utilizing hypervisor mechanism in clouding computing based
virtualization environment and major enhancement for such vulnerabilities.
1. INTRODUCTION
Virtualization has become more and more popular in modern computing. The technology can not only achieve concurrent execution of multiple virtual machines on the same hardware processor [1] to consolidate the computing resources but also enable live migration of software solution or services from one physical server to another [2] to improve the portability of the software. Hypervisor, also known as Virtual Machine Monitor(VMM), has long been used to in virtualization implementation by creating a software abstraction between the computer hardware and the operating systems.
The basic
requirement of hypervisor is to export a hardware interface to the software in
a virtual machine by retaining the control of hardware machine and access[3].
The key metrics that are considered when implementing the hypervisor are
compatibility, performance and simplicity.
There are several solutions for hypervisor that are commonly used
nowadays, which are Xen based solutions, KVM based solutions and MicroKernel
based solutions. Each solution has its own strength and limitations when
implementing the hypervisor.
Hypervisor is
deployed to many areas such as clouding computing, server consolidation and
embedded system. For example,
enterprises implements hypervisor to virtualize the data center physical
infrastructure to a smaller number of
virtualized servers to improve the the resource utilization,
manageability and flexibility[2].
Hypervisor also introduces some security layers by isolating virtual
machine operation system such that a compromise on one part of partition is
being prevented to spread to other partitions. This separation mechanism is
very critical in cloud computing system that consisting of different type of
cloud servers like web and mail servers.[4]
This paper is structured as three major parts. Firstly, we will discuss the basic state of art of virtualization hypervisors including the evolution history of hypervisor, the major types of hypervisor and related implementation methodologies. Secondly, we will focus on the application of hypervisor in clouding computing such as the role of hypervisor in clouding computing, the standard implementation methodology and major challenges for the hypervisor in clouding computing system. Finally, this paper will highlight the vulnerabilities the hypervisor faces in cloud computing domain such as security threats, performance overheads and the corresponding counter measurements and enhancement.
2. BACKGROUND OF HYPERVISOR
The concept of a hypervisor emerged towards the end of the
1960s to initially multiplex the expensive computing hardware resources to
multiple applications. However, as modern multitasking operating system was
rapidly growing during the 1980s and 1990s ,
VMM was almost forgotten since its original capability on relocating
resources on big computing hardware was replaced by having many small cheap
personal computers with a modern multitasking operating system. The revival of VMM starts from middle 2000s
when the functions like software migration and security isolation are explored
by researchers. By providing an uniform view of abstract layer on different
hardware machine, the hardware-software dependencies is greatly reduced. By providing a complete encapsulation and
isolation between different virtual machine, system crash or threat on one
service would not affect other services on the same physical platform and thus
enhance the security of the whole systems[3].
2.1 Hypervisor Forms
Hypervisors can
either run directly on the host hardware or run on top of an operating system
such as Windows or Linux. The former one is called bare-Metal or a Type 1
hypervisor while the latter one is called hosted or Type 2 hypervisor. The Type
1 hypervisor has thinner virtualization structure compared to Type 2 hypervisor
but normally requires modification on the guest operating system to eliminate
the binary translation, which can be classified as para virtualization. Type 2
hypervisor has one more layer of host operating system on top of physical
hardware but it typically requires no modification on the guest OS, which is
called full virtualization . For example, if the guest OS can run on an x86
machine, it can run on the hypervisor without modification. The tradeoff of
Type 2 hypervisor is more processing overhead and slower performance [5].
2.2 Major VMM solutions
Current mainstream VMM solutions include VMware, Microsoft’s
(Hyper-V), Citrix (Xen system), Kernel-Based Virtual Machine (KVM), and OpenVZ.
Since KVM, Xen , KVM and OpenVZ are
currently the open source VMM versions available for x86 platform, a detailed
discussion would focus on these three products.
Xen, is a widely adopted open source industry standard for
virtualization. It can work both in para-virtualization and the
hardware-assisted virtualization modes. It supports a wide range of guest
operating systems including Linux and Windows. It allows several guest
operating systems to be executed concurrently on the same physical machine.
XenServer is based upon Xen which is currently owned by Citrix. The Xen system
structure consists of the Xen hypervisor which is the lowest and most
privileged software layer; this layer supports one or more guest operating
systems [4]. KVM is an open source
virtual machine monitor based on Linux system. It supports full virtualization
on processors with hardware assisted virtualization extensions for Linux on x86
hardware. It also supports a wide selection of guest operating systems
including Linux and Windows.
OpenVZ is also a Linux-based operating system-level server
virtualization developed by Swsoft. In OpenVZ, multiple isolated and secured
operating system instances known as containers or virtual environments (VEs),
are created and ran on a physical layer. Each of these VEs is a stand-alone
server that can be rebooted independently and has its own root directory. The
advantage of OpenVZ compared to other virtualization Technology such as Xen and
KVM, is that it uses a single kernel shared by all its various VEs. Hence, it
is faster and more efficient as it does not have the overhead of a true
hypervisor. The constraints are that OpenVZ can run only Linux, which limits
its usage if the guest operating systems are required to run different kernels
other than Linux.
2.3 Critical Performance Metric for
Hypervisor
To choose an appropriate hypervisor from a broad of products
is not trivial. Several important
metrics, including processor overhead, management features, ease of deployment
and maintenance, scalability, and security, are taken into consideration [6].
Besides the metrics comparison, the compatibility between the guest operating
system and each hypervisor solution should also be well understood ahead. Virtual Machine performance should be
examined and compared to the physical counterparts. Depending on what specific
use and workload a hypervisor is intended to do, an appropriate hypervisor
model will more likely be selected if cost is still within the customer’s
budget. The management features that a hypervisor can support is also critical
for specific customers. For example, some hypervisors include feature such as
Anti-Virus, which is very useful for some enterprise customers that are
sensitive to virus attack. But for personal or small business customer, this
management feature may not be that important since they are less likely be
targeted by such attacks as the big enterprises do like banks. Ease of deployment is another metric that
many customers consider when purchasing the solution, especially for small and medium sized companies, since the
easier that a hypervisor can be installed on their system and maintained, the
less cost the companies spend. As for
scalability metric, it is sometimes a trade off to the easy of deployment and
use. For a bare metal hypervisor, it can enable more than a dozen of virtual
CPUS with up to 1TB of memory on a single VM, which should be enough to satisfy
any workload. However, for hosted hypervisor, the scalability is very limited
and can only support less than 10 virtual CPUs and no more than 32 GB memory.
Security is one of the most major concern for domains like clouding computing
due to the fact that the service of cloud computing is based on sharing. Major
security attacks for clouding computing including session hijacking, main in
the middle attack, flooding attack and cloud malware injection [7]. Hypervisor should be able detect such attacks
as early as possible and prevent such compromises from impacting the guest
operating system and the physical hardware.
3. HISTORY OF CLOUD COMPUTING
The idea
of Cloud Computing has been around in technology for a while, but has evolved
greatly recently due to the advancement in technology. The term Cloud Computing
is used to describe how data is stored on a remote server where it is
accessible over the internet [10]. This idea helped develop the internet and
how cloud computing is used now in today’s society. During the 1950’s, many
users had the capability of accessing a central computer [14]. They were able
to access them through dumb terminals which provided them access to the
mainframe computers. At this time, mainframe computers were quite costly for
everyone to buy and not everyone needed the storage capacity, so not every user
needed one. Economically, the idea that made sense was to share data through a
single computer. Therefore, in the 1960s, a man by the name of John McCarthy
created the idea of “computer time-sharing or networking” [10]. This idea of
time sharing, or sharing resources and ideas, helped revolutionize the way data
is shared among many users. Flash forward a decade later, the concept of
virtualization came into the picture. Virtualization allowed users to run
multiple operating system environments all at one time. During the 1970s, the
concept of virtual machines or VMs was produced and it helped strengthen
technology and pushed it to new heights. Now, users can run multiple operating
systems on one isolated environment and one of the software that came out
during that time was VMWare [14]. In addition to virtual machines being
invented, the decade of the ‘70s also brought big computer companies and email
messages to the world [8]. This decade was a big boom period where technology
flourished and many ideas were being developed. As the development of technology
began to ascend, more attributes of cloud computing began to be produced and
introduced to the world. In the 1980s, another boom in technology arose as the
first personal computer was sold on the market by IBM. More than 5 million
computers were in use by 1980 as this built a segway to the worldwide debut of
the internet [8]. Eventually, the internet and the World Wide Web was put into
existence and made its debut; an organization named CERN released the World
Wide Web for general use in 1991. Not until 1993 that a browser called Mosaic
was created; it allowed graphics to be viewable on the internet [8]. Private
companies were now allowed to use the internet for the first time as well [8].
A year later in 1994, Marc Andreessen and Jim Clark founded Netscape and the
internet traffic was then handed over to companies like this. Soon, more
internet companies came out such as Amazon.com and eBay. With the internet
being online, that gave companies like these the ability to commercially
advertise their product to others around the world. After these companies
gained notoriety, cloud computing took off and the dot.com bubble started as
well. All of this happened in the late ‘90s and early 2000s and they happened
due to in large part of technology growing and evolving. Cloud computing took
off with the help of new developments which included Multi-tenant architectures
and highly prevalent high speed bandwidth [8]. After this big tech boom,
services such as Facebook came out and provided users with new ways of communication
and storage. They allowed users to save data and photos in the cloud which made
the cloud a personal service. Nowadays, cloud computing has become a very big
part of our society as many different services have given users the ability to
access data and run apps from the cloud.
3.1 Uses of Cloud Computing
Within
cloud computing, there exist different characteristics. They include: on demand
self-service, broad network access, resource pooling, rapid elasticity, and
measured service. All of these characteristics each have unique capabilities.
Within these unique characteristics, there exist different ways that a cloud
can provide service to customers. The different service models include:
Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure
as a Service (IaaS) [13]. Lastly, there are different ways that clouds can be
deployed to users. The different deployment types include: private cloud,
community cloud, public cloud, and hybrid cloud [13]. An example of a cloud
service that is used by many clients today is Google Apps. Google Apps is a
Software as a Service where it provides the software through their cloud on a
web browser. It is also a public cloud where the services provided by Google
Apps such as Google Doc and Google Drive are stored in the cloud and can be
accessed publicly. This is one of many different services that cloud computing
provides and some of them uses hypervisors as an architecture for cloud
computing.
4. HYPERVISORS IN CLOUD COMPUTING
In cloud
computing, hypervisors work as a virtualization layer that is located between
an operating system and a hardware platform [12]. They are common to
Infrastructure as a Service (IaaS) clouds as they support to operate
multi-tenant VMs [12]. One of their capabilities is that they can show the same
application on different systems without having to make a copy of the
application for each system. Other than their capability of virtualizing
applications, they can also support application interfaces to execute certain
operations such as launching, migrating, and terminating virtual machine
instances [12]. When it comes to implementing hypervisors into the cloud, there
are different types of hypervisors to choose from. The different types include:
native, embedded and hosted hypervisors. The native hypervisor sits on the
hardware platform and it is used for gaining better performance for users [11].
The embedded hypervisor is put into a processor on a chip and this is used for
improving performance for a service provider [11]. Lastly, the hosted
hypervisor is placed above both the hardware and operating system and it is
used for private and public clouds for performance enhancements [11].
4.1 Benefits of Hypervisors in Cloud Computing
Using
hypervisors in cloud computing can bring many benefits. First, it helps
virtualize applications quickly and efficiently. Second, it helps support many
different operating environments. Lastly, it helps split the time that each OS
has with different parts of the computer; this shows that the hypervisor is
like a director directing traffic within the computer. An example of a
hypervisor used in cloud computing is a Xen virtualization model. This
hypervisor provides a lot of different benefits to the cloud. The benefits
include virtual relocation, instant archiving, instant rebalancing, and instant
deployment. Before getting into detail about what these terms mean, the
benefits with the name “instant” in from of them show how the Xen can deliver
quickness to a system. First, virtual relocation allows the cloud management
system to relocate virtual machines such as guest OS’s in a matter of seconds
[9]. Second, instant archiving gives the cloud an ability to take an unused
server offline and then that same virtual machine can be brought back online
instantly in a matter of seconds [9]. Third, instant rebalancing gives the
cloud the ability to take a utilized VM and transfer it to physical machines
that have vacant resources such as to memory, CPU, or disk [9]. Lastly, Xen can
give the cloud the ability to bring a server online quickly as well [9]. As the
Xen can have very many benefits, it can also have multiple vulnerabilities.
5. HYPERVISOR VULNERABILITY
Cloud Computing is a popular means for operating a large
scale internet-based High Performance Computing (HPC) solution. Although the
use of a hypervisor allows multiple operating systems to share a single
hardware host, the added software layer does have vulnerabilities. These
vulnerabilities can be arranged into three categories: the complexity of use by
both the systems administrator and normal VM user, the impact on performance
due to hypervisor overhead, and the security concerns from an attack. We will
analyze these three categories in depth for two popular Open Source
hypervisors, the Type 1 Xen hypervisor, and the Type 2 KVM hypervisor.
5.1 Usability
One such vulnerability of
hypervisors is the complexity of implementation. How usable is the
Hypervisor? The usability can be broken down into two perspectives: that of the
systems administrator and that of the normal VM user.
Upon choosing a suitable Hypervisor, a systems administrator
will be concerned with how easily the hypervisor is to install. Although
installation is relatively painless, the KVM installation was the easiest of
the two to install [15]. The KVM hypervisor offers many available support
packages and the installation only requires one or more kernel modules. KVM
also offers support software. On the other hand, the Xen hypervisor is much
more complicated to install [15]. Xen requires the administrator to do a full
modification to the kernel, not just a module or two. A modified kernel loaded
in the boot process might render the system unable to be updated or complicate
the update process. Future patches might also be difficult to install due to
the modified kernel. Depending on the administrator’s usage of the systems,
choosing an easier installable and lower maintenance hypervisor such as KVM
could prove to be beneficial and less vulnerable to administrative mishaps.
The other perspective of a hypervisor’s usability is from
the VM user and Could developer. The major concern here is if the hypervisor
supports the features desired by the user and the impact of usability when the
number of users is scaled. This former mainly what type of API (Application
Program Interface) and CLI (Command Line Interface) is offered. Both the Xen
and KVM hypervisor support (to some extent) the libvirt API. Libvirt is
commonly used by many of today’s IaaS (Infrastructure as a Service) Cloud
offerings, including Nimbus, Eucalyptus, OpenNubula and OpenStack [15]. As for
the variance in CLI interface, Xen provides their own tools for controlling and
monitoring guests but can be complicated to use. Although KVM also provides a
functional CLI and is considered less cumbersome and provides less advanced
features directly to users, such as power management or quick memory adjustment
[15].
5.2 Scalability
The scalability will also affect the usability of a Cloud
system implementing hypervisor technology. As multiple virtual machines are
concurrently running on a hypervisor system, the performance and usability
should be stable. In a scalability test ran by Deshane et al, Apache source
code was compiled by guest VMs on both Xen and KVM managed systems. This is called a performance isolation test
which measures how well the guests are protected from extreme resource consumption
by other guests [17]. It was found that for Xen, an increase in the number of
guests resulted in a linear increase of compile time. For the KVM managed
system, as the number of guests increased to four, one of the guests had
crashed. As the guests were increased to eight, four had crashed and with
thirty guests, the KVM system crashed completely [17]. This showed that Xen has
better scalability and a more reliable usability when and increase in VMs were
being managed. This vulnerability of being able to share resources among guests
is a major concern for both the VM user and administrative users due to the
possibility of a system crash.
5.3 Overhead Performance
Whether
using a type 1 or type 2 hypervisor, a major concern on choosing a suitable
installation is how the system performs under stress. Comparing the performance
of both the Xen and KVM hypervisors to a bare-metal system is a way to
determine how the overhead layer of the different Virtual Machine Monitors will
affect performance. In analyzing the overhead performance of these two
installations, we will refer to the benchmark test results conducted by Younge
et al. This study conducts benchmarks using two well-known industry standard
performance benchmark suites; HPPC and SPEC.
The High Performance Computing
machines used in this study use The Future Grid Project machines consisting of
a total of four nodes allocated directly from India and loaded with a fresh
installation of Red Hat Enterprise Linux server 5.5 x86_64 [15]. The benchmark
suites were built using the Intel 11.1 compiler using the MPI and MKL runtime
libraries. All of the tests were set to
default with no optimizations. Each benchmark was conducted a total of 20 times
and mean values were obtained [15].
The HPCC benchmark suite consists of
mainly 7 different tests which each focus on stressing different elements of
the computing architecture. These set of tests are widely used in evaluating
the overall performance of a system and provide reproducible results.
1.
HPL
(High Performance Linpack). HPL is a software package that solves a random
linear system of equations in double precision arithmetic. This benchmark is
perhaps the most important benchmark in High Performance Computing today [15].
2.
DGEMM
(Double-precision General Matrix-matrix Multiplication). DGEMM is a CPU
intensive program which measures the floating point rate of execution of matrix
multiplication.
3.
STREAM
benchmark which measures the sustainable memory bandwidth and the computation
rate for simple vector kernel.
4.
PTRANS
(Parallel Matrix Transpose). PTRANS focuses on the communications between
multiple processors. This test is useful to determine the communications
capacity of the network.
5.
Random
Access measures the rate of integer random updates of memory.
6.
FFT
(Fast Fourier Transformation). This test measures the floating point rate of
executing a double precision complex one-dimensional DFT (Discrete Fourier
Transform).
7.
Communication
Bandwidth and latency is a set of tests based on b_eff (effective bandwidth
benchmark) which measure the latency and bandwidth of a system using different
communication patterns.
The SPEC (Standard Performance Evaluation Corporation)
Benchmark tests are another industry standard for system evaluation [15]. SPEC
consists of many different testing components thus the SPEC OMP2001 is used due
to it utilizes parallel applications. SPEC OMP focuses on measuring the SMP
(Shared Memory Multi-Processor) in HPC systems by imposing heavy demands on the
memory.
Using the benchmark results from
Young et al the Xen and KVM Linpack tests were about the same however, the Xen
system was reported to have a high variance between individual test runs. This
phenomenon could impact performance and cause errors and delays between
parallel applications. The FFT benchmark test showed similar results. The FFT tests are often regarded as more
relative to a user’s real-world application than the Linpack [15]. In this test
both the Xen and KVM systems were about equal to that running on a bare-metal
system, but the Xen system again demonstrated a high variance in individual
runs. A key aspect to Cloud computing is consistency and reliability. If this
performance instability demonstrated by the Xen hypervisor occurred in real world
usage, users may experience an inconsistency in performance.
Another useful set of benchmarks
which apply to real-world application use are those of the communication
bandwidth and latency. These tests pass packets between multiple CPUs. All of
these tests were conducted within the same node rather than over the network [15].
Where the Xen system lacked in the previous set of tests, it is observed that
its vulnerability in computational performance is compensated by the increase
in bandwidth handling performance. The Xen system outperformed the KVM system
in both the PingPong Bandwidth and PingPong Latency benchmark set of runs.
Although the HPCC set of benchmark
tests are representative of most real world applications, the SPEC OpenMP
utilize different aspects of a system’s performance. In these tests the KVM
system showed near bare-metal performance which implies that most users will not
notice the overhead layer of the hypervisor overhead. The Xen system showed an
8% drop in performance compared to native speeds [15].
5.4 Security Concerns
A recent rise in popularity and use
of the Cloud Computing paradigm have raised concerns over the security
vulnerabilities that can arise. Regardless of how easy a hypervisor is to use
or how fast the system performs is outweighed by how secure a service offering
is. The hypervisor model shares resources and mediates multiple VM users and
data is often personal and/or proprietary. For users, a breach in security
resulting in a release of information to an unauthorized party can be a
critical concern. We will examine the
hypervisor structure where vulnerabilities can be found and classify them into
three categories: the functionality where
the vulnerability arises, the trigger sources, and the trigger targets [16]. We
will also go into depth describing the mechanics of a known security
vulnerability with a case study on a Dom0 attack on Xen [18].
The complex nature of various
hypervisors and relatively young evolution of the widespread use of this
technology makes it difficult to categorize the inner mechanics. Perez-Botero
et al separates the Hypervisor functionality that enables a security breach or
attack vector into 11 functional parts [16].
1.
Virtual
CPU’s
2.
Symmetric
Multiprocessing (SMP)
3.
Soft
Memory Management Unit (MMU)
4.
Interrupt
and Timer Mechanisms
5.
I/O
and Networking
6.
Paravirtualized
I/O
7.
VM
Exits
8.
Hypercalls
9.
VM
Management (configure, start, pause and stop VMs)
10.
Remote
Management Software
11.
Hypervisor
Add-ons
Parts 1 through 6 involve virtualized hardware mechanisms
presented to a guest VM and are needed for the VM to operate properly. Parts 7
and 8 are functions used by VMs to delegate sensitive operations to the
hypervisor. Part 9 are mechanisms used by the hypervisor to manage a VM’s
state. Part 10 refers to remote management, and part 11 allows add-on modules
to the hypervisor.
Perez-Botero et al researched 4 vulnerability databases for
attack vector vulnerabilities in the Xen and KVM hypervisor systems. A total 97
documented attacks were found, 59 on Xen and 38 on KVM [16]. For the
functionally-based category of attacks, the bulk of which involved peripheral
device emulation (I/O Networking and Paravirtualized I/O) accounted for more
than 1/3 for both the Xen and KVM systems. This can be attributed to the large
code base of numerous back-end drivers supported by both systems.
The other two categories of hypervisor vulnerabilities
complement the functionality and are the trigger source and attack target. A
hypervisor vulnerability manifests itself inside a module’s code, but can be
triggered from a variety of runtime spaces and can target one or more of those
runtime spaces [16]. Perez-Botero et al breaks down the 59 analyzed
vulnerabilities into 5 parts.
1.
Network
– least privileged runtime space but easiest to attain.
2.
Guest
VM’s User-Space – almost any code can be executed here however some
functionality may be limited. Known as the Ring 3 level.
3.
Guest
VM’s Kernel-Space – this involves compromising the OS security and injecting OS
code at the kernel level. Known as the Ring 0 level.
4.
Dom0/Host
OS – a privileged runtime level that lie between the guest VM’s OS and the
privilege level of the hypervisor itself. Xen’s Dom0 level has direct access to
I/O and networking devices. Dom0 is allowed to invoke VM Management
operations. KVM does not have a Dom0
equivalent. In a KVM system the hypervisor is part of a fully operational Linux
kernel.
5.
Hypervisor
– The most desired runtime space with Ring 1 privileges. Any command can run
from the Ring 1 level.
In analyzing the 97 documented attacks from the trigger
source of attack perspective, it was
found that Xen was much more vulnerable to to network-based attacks than KVM.
On the other hand KVM is much more vulnerable to Host OS based threats but
expected due to the KVM hypervisor being part of the main Linux kernel. The KVM
hypervisor code can be invoked by other kernel space processes running on the
host.
All attacks involve a way in or source and a target. For
both the XEN and KVM systems the dominant target of attacks were directed
towards the Device Emulation back-end drivers. These are found in the Dom0 on
Xen and in the Hypervisor on KVM. The Device Emulation functionalities
contribute to more than one third of the known vulnerabilities in both
Hypervisors [16].
In most
documented cases the attack threats were aimed to grant the malicious user Ring
1 or Ring 0 privileges. These are the
levels where instructions are permitted to
remap the memory of a VM user space. When a host machine’s memory is
remapped by means of Hypervisor manipulation the data integrity can become
compromised and the memory space from one VM user can be accessed by another
malicious VM user. In a perfect world this would not happen but in reality it
does. Due to this, new defenses must be
implemented in order to keep the Hypervisor secure. One proposed method of
defense is to design the Hypervisor code base to be more resilient to attacks
making it more difficult for a guest VM to inject code in order to gain control
over higher level instructions. Another approach is to protect the host kernel
from being managed by an untrusted OS. We could also introduce hardware
assisted techniques which monitor the software integrity and prevent the attack
before the system is compromised. Lastly, we could get rid of the Hypervisor
layer entirely. We can develop new cost effective ways of managing Cloud-based
services without the use of a hypervisor. The guest VMs can be placed directly
on the physical hardware and still be able to run multiple VMs.
References
[1] Z.H.Gu, Q.L.Zhao, A
State-of-the-Art Survey on Real-Time Issues in Embedded Systems Virtualization,
Journal of Software Engineering and Applications, 2012, 5, 277-290
[2]
VMWare, A Performance Comparison of Hypervisors. Available online at
[3] M.Rosenblum, T.Garfinkel,
Virtual Machine Monitors: Current Technology and
Future Trends, IEEE Computer Society , 2005, 5
[4] F.Bazargan, C.Y.Yeun,
M.J.Zemerly, State-of-the-Art of Virtualization, its Security Threats and
Deployment Models, International Journal for Information Security Research
(IJISR), Volume 2, Issues 3/4, 2012, 11
[5]
Y.Zheng, A Performance Comparison of Hypervisors. Available online at
[6] B.P.Tholeti, Hypervisors,
virtualization, and the cloud: Learn about hypervisors, system virtualization,
and how it works in a cloud environment. Available online at http://www.ibm.com/developerworks/cloud/library/cl-hypervisorcompare/
[7] N.Arya, M.Gidwani, S.K. Gupta,
Hypervisor Security - A Major Concern, International Journal for Information
Security Research (IJISR), Volume 2, Issues 3/4, 2012, 11
[8] A Complete History of Cloud
Computing.
[9] Greg Boss, Padma Malladi, Dennis
Quan, Linda Legregni, and Harold Hall. Cloud Computing. High Performance On Demand
Solution (HiPODS), pages 1-17, 2007.
[10] Martin Childs. John McCarthy:
Computer scientist known as the father of AI.
[11] Judith Hurwitz, Robin Bloor,
Marcia Kaufman, and Fern Halper. How to Use a Hypervisor in Cloud Computing
Virtualization. For Dummies. http://www.dummies.com/how-
to/content/how-to-use-a-hypervisor-in-cloud-computing-virtual.html
[12]
Wayne Jansen and Timothy Grance. Guidelines on Security and Privacy in Public
Cloud Computing. National Institute of
Standards and Technology. http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf
[13]
Peter Mell and Timothy Grance. The NIST Definition of Cloud Computing. National Institute of Standards and
Technology. http://faculty.winthrop.edu/domanm/csci411/Handouts/NIST.pdf
[14]
Maximilliano D. Neto. A brief history of cloud computing. Thoughts on Cloud Cloud
computing conversations led by IBMers. http://thoughtsoncloud.com/2014/03/a-brief-history-of-cloud- computing/
[15] Andrew J. Younge, Robert Henschel, James
T. Brown, Gregor von Laszewski, Judy Qui, Geoffrey C. Fox. Analysis of
Virtualization Technologies for High Performance Computing Environments, Cloud Computing (Cloud), 2011 IEEE
International Concerence on, 2011,
9-16.
[16] Diego Perez-Botero, Jakub
Scefer, Ruby B.Lee. Characterizing Hypervisor Vulnerabilities in Cloud
Computing Servers. In Proceedings of the
2013 international workshop on Security in cloud computing, 2013, 3-10.
[17]
Deshane, T., Shepherd, Z., Matthews, J., Ben-Yehuda, M., Shah, A., & Rao,
B.. Quantitative comparison of Xen and KVM. Xen
Summit, Boston, MA, USA, 2008, 1-2.
[18] Rutkowska, J., & Wojtczuk,
R., Preventing and detecting Xen
hypervisor subversions. Blackhat
Briefings USA., 2008.
No comments:
Post a Comment