Protection mechanisms for application service hosting platforms

The application service hosting platform (ASHP) has recently received tremendous attention from both industry and academia. An ASHP provides a shared high-performance infrastructure to host different application services (AS), outsourced by application service providers (ASP). In this paper, we focus on the protection of ASHP which has inherent requirement of sharing, openness, and mutual isolation. In contrast to a dedicated server platform, which is analogous with a private house, an ASHP is like an apartment building, involving the 'host' - the ASHP infrastructure, and the 'tenants' - the AS. Strong protection and isolation must be provided between the host and the tenants, as well as between different tenants. Unfortunately, traditional OS architecture and mechanisms are not adequate to provide strong ASHP protection. In this paper we first make the case for a new OS architecture based on the virtual OS technology. We then present three protection mechanisms we have developed in SODA, our ASHP architecture. The mechanisms include: (1) resource isolation between AS; (2) virtual switching and firewalling between AS; and (3) kernelized intrusion detection and logging for each AS. For (3), we have developed a system called Kernort inside the virtual OS kernel. Kernort detects network intrusions in real-time and logs AS activities even when the AS has been compromised. Moreover for the privacy of AS, logs are encrypted by Kernort so that the 'landlord' (namely ASHP owner) cannot view them without authorization. We are applying SODA to iShare, an Internet-based distributed resource sharing platform.

[1]  V. N. Venkatakrishnan,et al.  Empowering mobile code using expressive security policies , 2002, NSPW '02.

[2]  Samuel T. King,et al.  ReVirt: enabling intrusion analysis through virtual-machine logging and replay , 2002, OPSR.

[3]  Xuxian Jiang,et al.  SODA: a service-on-demand architecture for application service hosting utility platforms , 2003, High Performance Distributed Computing, 2003. Proceedings. 12th IEEE International Symposium on.

[4]  Oguz Kaan Onbilger,et al.  A Distributed and Compromise-tolerant Mobile Agent Protection Scheme , 2001 .

[5]  Jeff Dike,et al.  User-mode Linux , 2006, Annual Linux Showcase & Conference.

[6]  Andrew Warfield,et al.  Xen and the art of virtualization , 2003, SOSP '03.

[7]  R. Sekar,et al.  User-Level Infrastructure for System Call Interposition: A Platform for Intrusion Detection and Confinement , 2000, NDSS.

[8]  Kang G. Shin,et al.  Virtual Services: A New Abstraction for Server Consolidation , 2000, USENIX Annual Technical Conference, General Track.

[9]  Carl Staelin,et al.  lmbench: Portable Tools for Performance Analysis , 1996, USENIX Annual Technical Conference.

[10]  Benny Rochwerger,et al.  Oceano-SLA based management of a computing utility , 2001, 2001 IEEE/IFIP International Symposium on Integrated Network Management Proceedings. Integrated Network Management VII. Integrated Management Strategies for the New Millennium (Cat. No.01EX470).

[11]  Shuichi Oikawa,et al.  Resource kernels: a resource-centric approach to real-time and multimedia systems , 2001, Electronic Imaging.

[12]  Pekka Nikander,et al.  DOS-Resistant Authentication with Client Puzzles , 2000, Security Protocols Workshop.

[13]  UrgaonkarBhuvan,et al.  Resource overbooking and application profiling in shared hosting platforms , 2002 .

[14]  Michael Franz,et al.  Towards trusted systems from the ground up , 2002, EW 10.

[15]  Prashant J. Shenoy,et al.  Application performance in the QLinux multimedia operating system , 2000, ACM Multimedia.

[16]  Giovanni Vigna,et al.  Detecting Malicious Java Code Using Virtual Machine Auditing , 2003, USENIX Security Symposium.

[17]  Volkmar Sieh,et al.  Framework for testing the fault-tolerance of systems including OS and network aspects , 2001, Proceedings Sixth IEEE International Symposium on High Assurance Systems Engineering. Special Topic: Impact of Networking.

[18]  WhitakerAndrew,et al.  Scale and performance in the Denali isolation kernel , 2002 .

[19]  Dan S. Wallach,et al.  Extensible security architectures for Java , 1997, SOSP.

[20]  Prashant J. Shenoy,et al.  Resource overbooking and application profiling in shared hosting platforms , 2002, OSDI '02.

[21]  Peter A. Dinda,et al.  Towards Virtual Networks for Virtual Machine Grid Computing , 2004, Virtual Machine Research and Technology Symposium.

[22]  Simon N. Foley,et al.  Secure Component Distribution Using WebCom , 2002, SEC.

[23]  Peter Druschel,et al.  Resource containers: a new facility for resource management in server systems , 1999, OSDI '99.