Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2
description
Transcript of Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2
![Page 1: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/1.jpg)
Abhinav Srivastava1 and Vinod Ganapathy2
AT&T Labs—Research1, Rutgers University2
Towards a Richer Model of Cloud App Markets
![Page 2: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/2.jpg)
Cloud App Market• A place where
– developers publish software VMs– customers find, buy, and run VMs in
the cloud– providers handle billing & payment
![Page 3: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/3.jpg)
Cloud App Market
$$
![Page 4: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/4.jpg)
A Cloud Platform
Virtual machine monitor (VMM)
Hardware
Management VM Work VM
Provider VM Client1 VM
Work VMWork VMsWork VMs
Client2 VM
![Page 5: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/5.jpg)
A Cloud Platform with App
VMM
Hardware
Management VM Work VM
Provider VM Client1 VM
New OS/SDE VMWork VMs
App VM
![Page 6: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/6.jpg)
Nascent Market• Offers only SDE and OS distributions
• No interaction between App and work VMs
• Analogy between process/OS and VM/VMM Control and Flexibility
![Page 7: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/7.jpg)
Current Encrypted Storage Design
Provider VM
Backend
Disk R/W
Disk
Client VM
Frontend
Storage Encryption
![Page 8: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/8.jpg)
Potential Cloud App: Encrypted Storage
Provider VM Client VMEncryption App
Backend Frontend Backend Frontend
Disk R/W
Disk
![Page 9: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/9.jpg)
Potential Cloud App: Checkpoint App
Provider VM
VMM
Checkpoint App
Copy client VM’s memory pages
Work VMs
Client VM
Management VM
![Page 10: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/10.jpg)
Taxonomy of VM Apps• Standalone VM apps• Cooperative VM apps• Service VM apps• Bundled VM apps
![Page 11: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/11.jpg)
Standalone Apps
VMM
Hardware
Management VM Work VM
Provider VM Client1 VM
New OS/SDE VMWork VMs
App VM
![Page 12: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/12.jpg)
Cooperative Apps
VMM
Hardware
Management VM Work VM
Provider VM Client1 VM
Checkpoint app/Rootkit
detectorWork VMs
App VM
memory
![Page 13: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/13.jpg)
Service Apps
VMM
Hardware
Management VM Work VM
Provider VM Client1 VM
Forensic Analysis/Fire
wallWork VMs
App VM
image/packets
![Page 14: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/14.jpg)
Bundled Apps
VMM
Hardware
Management VM Work VM
Provider VM Client1 VM
FirewallWork VMs
Service VM
packets
NIDS
Service VM
App Bundle
![Page 15: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/15.jpg)
Key Requirements• Trustworthy launch of VM apps• New privilege model• Preventing information leakage• Featherweight VMs• Standardized API interface• Customized plumbing I/O• Migration
![Page 16: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/16.jpg)
Design Space• Virtual machine monitor modification• Nested virtualization• Para-virtualization-based Nesting• Hybrid design
![Page 17: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/17.jpg)
Design Space• Virtual machine monitor modification
Modified VMM
Management VM
Provider VM VM
Hardware
App VM
![Page 18: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/18.jpg)
Design Space• Nested virtualization
Management VM
Stock VMM
Nested Management
VMClient VM
Provider VM VM
VMM (with nesting support)
Hardware
Client VMClient VM
![Page 19: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/19.jpg)
Design Space• Nested virtualization
Management VM
VM App’s VMM
Nested Management
VM (checkpoint)
Client work VM
Provider VM App VM
Provider’s VMM (with nesting support)
Hardware
![Page 20: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/20.jpg)
Design Space• Para-virtualization-based Nesting
Stock VMM (no nesting support)
Hardware
Management VM
VMM
Nested Management
VM (checkpoint)
Client’s work VM
Provider VM VM
Blanket Layer
![Page 21: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/21.jpg)
Design Space• Para-virtualization-based Nesting
Provider’s VMM (no nesting support)
Hardware
Management VM
VM app’s VMM
Nested Management
VM (checkpoint)
Client’s work VM
Provider VM App VM
Blanket VMM
![Page 22: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/22.jpg)
Comparison of Design Options
Design Performance Deployability CapabilityVMM changes
Nested virtualizationParavirt-based nesting
![Page 23: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/23.jpg)
Conclusions• Nascent market• Taxonomy of potential cloud apps• Key requirements• Design space
![Page 24: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/24.jpg)
Thank You!!
![Page 25: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/25.jpg)
Firewall App
Provider VM Client VMFirewall App
Backend Frontend Backend Frontend
Packets
NIC
![Page 26: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/26.jpg)
Firewall App
Provider VM
Backend
Packets
NIC
Client VM
Frontend
Firewall
![Page 27: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/27.jpg)
Key Requirements• New privilege model
VMM
Privileged Operation
Is request from a management VM
Deny Allow
YESNO
![Page 28: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/28.jpg)
Key Requirements• New privilege model
VMM
Privileged Operation
Is request from a management VM
Allow
YESNORequestor has
delegated privileges??
Deny Allow
NO YES
![Page 29: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/29.jpg)
Cloud App Market• Similar to smart-phone apps store • A place where– Developers publish software VMs and get paid– Customers find, buy, and run services (VMs) in the cloud– Providers handle billing & payment
![Page 30: Abhinav Srivastava 1 and Vinod Ganapathy 2 AT&T Labs—Research 1 , Rutgers University 2](https://reader036.fdocuments.us/reader036/viewer/2022070501/56816921550346895de0519e/html5/thumbnails/30.jpg)
Cloud App Market