Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2

Abhinav Srivastava1 and Vinod Ganapathy2

AT&T Labs—Research1, Rutgers University2

Towards a Richer Model of Cloud App Markets

Cloud App Market• A place where

– developers publish software VMs– customers find, buy, and run VMs in

the cloud– providers handle billing & payment

Cloud App Market

$$

A Cloud Platform

Virtual machine monitor (VMM)

Hardware

Management VM Work VM

Provider VM Client1 VM

Work VMWork VMsWork VMs

Client2 VM

A Cloud Platform with App

VMM

Hardware



New OS/SDE VMWork VMs

App VM

Nascent Market• Offers only SDE and OS distributions

• No interaction between App and work VMs

• Analogy between process/OS and VM/VMM Control and Flexibility

Current Encrypted Storage Design

Provider VM

Backend

Disk R/W

Disk

Client VM

Frontend

Storage Encryption

Potential Cloud App: Encrypted Storage

Provider VM Client VMEncryption App

Backend Frontend Backend Frontend

Disk R/W

Disk

Potential Cloud App: Checkpoint App

Provider VM

VMM

Checkpoint App

Copy client VM’s memory pages

Work VMs

Client VM

Management VM

Taxonomy of VM Apps• Standalone VM apps• Cooperative VM apps• Service VM apps• Bundled VM apps

Standalone Apps

VMM

Hardware



New OS/SDE VMWork VMs

App VM

Cooperative Apps

VMM

Hardware



Checkpoint app/Rootkit

detectorWork VMs

App VM

memory

Service Apps

VMM

Hardware



Forensic Analysis/Fire

wallWork VMs

App VM

image/packets

Bundled Apps

VMM

Hardware



FirewallWork VMs

Service VM

packets

NIDS

Service VM

App Bundle

Key Requirements• Trustworthy launch of VM apps• New privilege model• Preventing information leakage• Featherweight VMs• Standardized API interface• Customized plumbing I/O• Migration

Design Space• Virtual machine monitor modification• Nested virtualization• Para-virtualization-based Nesting• Hybrid design

Design Space• Virtual machine monitor modification

Modified VMM

Management VM

Provider VM VM

Hardware

App VM

Design Space• Nested virtualization

Management VM

Stock VMM

Nested Management

VMClient VM

Provider VM VM

VMM (with nesting support)

Hardware

Client VMClient VM

Design Space• Nested virtualization

Management VM

VM App’s VMM

Nested Management

VM (checkpoint)

Client work VM

Provider VM App VM

Provider’s VMM (with nesting support)

Hardware

Design Space• Para-virtualization-based Nesting

Stock VMM (no nesting support)

Hardware

Management VM

VMM

Nested Management

VM (checkpoint)

Client’s work VM

Provider VM VM

Blanket Layer

Design Space• Para-virtualization-based Nesting

Provider’s VMM (no nesting support)

Hardware

Management VM

VM app’s VMM

Nested Management

VM (checkpoint)

Client’s work VM

Provider VM App VM

Blanket VMM

Comparison of Design Options

Design Performance Deployability CapabilityVMM changes

Nested virtualizationParavirt-based nesting

Conclusions• Nascent market• Taxonomy of potential cloud apps• Key requirements• Design space

Thank You!!

Firewall App

Provider VM Client VMFirewall App

Backend Frontend Backend Frontend

Packets

NIC

Firewall App

Provider VM

Backend

Packets

NIC

Client VM

Frontend

Firewall

Key Requirements• New privilege model

VMM

Privileged Operation

Is request from a management VM

Deny Allow

YESNO

Key Requirements• New privilege model

VMM

Privileged Operation

Is request from a management VM

Allow

YESNORequestor has

delegated privileges??

Deny Allow

NO YES

Cloud App Market• Similar to smart-phone apps store • A place where– Developers publish software VMs and get paid– Customers find, buy, and run services (VMs) in the cloud– Providers handle billing & payment

Cloud App Market

Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2

Documents

Transcript of Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2