Detection of Service Level Agreement (SLA) Violation in Memory Management in Virtual Machines

In cloud computing, quality of services is often enforced through Service Level Agreement (SLA) between end users and cloud providers. While SLAs on hardware resources such as CPU cycles or bandwidth can be monitored by low layer sensors, the enforcement of security SLAs stays a very challenging problem. Several high level architectures for security SLAs have been proposed. However, details still need to be filled before they can be deployed. In this paper, we propose to design mechanisms to detect violations of security SLAs. Specifically, we focus on unauthorized accesses to memory pages of a virtual machine and violation of the memory deduplication policies. Through measuring the accumulated memory access latency, we try to derive out whether or not the memory pages have been swapped out and the order of accesses to them. These events will then be compared to access commands issued by the local VM. In this way, unauthorized memory accesses or violation of deduplication policies can be detected. Compared to existing approaches, our mechanisms do not need explicit help from the hypervisor or third parties. Therefore, it can detect SLA violations even when they are initiated by the hypervisor. We implement our approaches under VMWare with Windows virtual machines. Our experiment results show that the VM can effectively detect the violations with small increases in overhead.

[1]  Peng Liu,et al.  MyCloud: supporting user-configured privacy protection in cloud computing , 2013, ACSAC.

[2]  Hai Huang,et al.  Security implications of memory deduplication in a virtualized environment , 2013, 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[3]  Weichao Wang,et al.  Non-interactive OS fingerprinting through memory de-duplication technique in virtual machines , 2011, 30th IEEE International Performance Computing and Communications Conference.

[4]  Carlos Becker Westphall,et al.  SLA Perspective in Security Management for Cloud Computing , 2010, 2010 Sixth International Conference on Networking and Services.

[5]  Ruby B. Lee,et al.  A Case for Hardware Protection of Guest VMs from Compromised Hypervisors in Cloud Computing , 2011, 2011 31st International Conference on Distributed Computing Systems Workshops.

[6]  Niraj K. Jha,et al.  Secure Virtual Machine Execution under an Untrusted Management OS , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[7]  Haibo Chen,et al.  Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W).

[8]  virtualization.info 日本語,et al.  白書:Understanding Memory Resource Management in VMware ESX 4.1(20100719-3) , 2010 .

[9]  Matti A. Hiltunen,et al.  An exploration of L2 cache covert channels in virtualized environments , 2011, CCSW '11.

[10]  George Varghese,et al.  Difference engine , 2010, OSDI.

[11]  Nick Feamster,et al.  SilverLine: Data and Network Isolation for Cloud Services , 2011, HotCloud.

[12]  César A. F. De Rose,et al.  CASViD: Application Level Monitoring for SLA Violation Detection in Clouds , 2012, 2012 IEEE 36th Annual Computer Software and Applications Conference.

[13]  Ralf Steinmetz,et al.  A Tale of Millis and Nanos: Time Measurements in Virtual and Physical Machines , 2013, ESOCC.

[14]  Rajkumar Buyya,et al.  A dependency‐aware ontology‐based approach for deploying service level agreement monitoring services in Cloud , 2012, Softw. Pract. Exp..

[15]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[16]  Schahram Dustdar,et al.  Low level Metrics to High level SLAs - LoM2HiS framework: Bridging the gap between monitored metrics and SLA parameters in cloud environments , 2010, 2010 International Conference on High Performance Computing & Simulation.

[17]  Cheol-Ho Hong,et al.  Compressed and shared swap to extend available memory in virtualized consumer electronics , 2014, IEEE Transactions on Consumer Electronics.

[18]  Schahram Dustdar,et al.  LAYSI: A Layered Approach for SLA-Violation Propagation in Self-Manageable Cloud Infrastructures , 2010, 2010 IEEE 34th Annual Computer Software and Applications Conference Workshops.

[19]  Adi Shamir,et al.  Efficient Cache Attacks on AES, and Countermeasures , 2010, Journal of Cryptology.

[20]  George Spanoudakis,et al.  Establishing and Monitoring SLAs in Complex Service Based Systems , 2009, 2009 IEEE International Conference on Web Services.

[21]  Nick Feamster,et al.  SilverLine: preventing data leaks from compromised web applications , 2013, ACSAC.

[22]  Xuxian Jiang,et al.  Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction , 2007, CCS '07.

[23]  Jaehyuk Huh,et al.  Architectural support for secure virtualization under a vulnerable hypervisor , 2011, 2011 44th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[24]  Cyrille Artho,et al.  Memory deduplication as a threat to the guest OS , 2011, EUROSEC '11.

[25]  Erich Schikuta,et al.  SLA Validation in Layered Cloud Infrastructures , 2010, GECON.

[26]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[27]  Weichao Wang,et al.  Fingerprinting large data sets through memory de-duplication technique in virtual machines , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[28]  Saul J. Berman,et al.  How cloud computing enables process and business model innovation , 2012 .

[29]  Alec Wolman,et al.  Credo: Trusted Computing for Guest VMs with a Commodity Hypervisor , 2011 .

[30]  Rajkumar Buyya,et al.  Towards autonomic detection of SLA violations in Cloud infrastructures , 2012, Future Gener. Comput. Syst..

[31]  Ollie Whitehouse An Analysis of Address Space Layout Randomization on Windows Vista , 2007 .

[32]  Martin Gilje Jaatun,et al.  Security SLAs for Federated Cloud Services , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[33]  Ronda R. Henning,et al.  Security service level agreements: quantifiable security for the enterprise? , 1999, NSPW '99.

[34]  F. O R M A T I O N G U I D Timekeeping in VMware Virtual Machines , 2004 .

[35]  Antonino Mazzeo,et al.  A SLA evaluation methodology in Service Oriented Architectures , 2006, Quality of Protection.

[36]  Andreas Haeberlen,et al.  A case for the accountable cloud , 2010, OPSR.