CUDACS: Securing the Cloud with CUDA-Enabled Secure Virtualization

While on the one hand unresolved security issues pose a barrier to the widespread adoption of cloud computing technologies, on the other hand the computing capabilities of even commodity HW are boosting, in particular thanks to the adoption of *-core technologies. For instance, the Nvidia Compute Unified Device Architecture (CUDA) technology is increasingly available on a large part of commodity hardware. In this paper, we show that it is possible to effectively use such a technology to guarantee an increased level of security to cloud hosts, services, and finally to the user. Secure virtualization is the key enabling factor. It can protect such resources from attacks. In particular, secure virtualization can provide a framework enabling effectivemanagement of the security of possibly large, heterogeneous, CUDA-enabled computing infrastructures (e.g. clusters, server farms, and clouds). The contributions of this paper are twofold: first, to investigate the characteristics and security requirements ofCUDAenabled cloud computing nodes; and, second, to provide an architecture for leveraging CUDA hardware resources in a secure virtualization environment, to improve cloud security without sacrificing CPU performance. A prototype implementation of our proposal and related results support the viability of our proposal.

[1]  Lin Shi,et al.  vCUDA: GPU accelerated high performance computing in virtual machines , 2009, 2009 IEEE International Symposium on Parallel & Distributed Processing.

[2]  Vanish Talwar,et al.  GViM: GPU-accelerated virtual machines , 2009, HPCVirt '09.

[3]  Jeremy Sugerman,et al.  GPU virtualization on VMware's hosted I/O architecture , 2008, OPSR.

[4]  Roberto Di Pietro,et al.  A Security Management Architecture for the Protection of Kernel Virtual Machines , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[5]  Eyal de Lara,et al.  VMM-independent graphics acceleration , 2007, VEE '07.

[6]  Antonino Tumeo,et al.  Efficient pattern matching on GPUs for intrusion detection systems , 2010, CF '10.

[7]  Kevin Skadron,et al.  Accelerating SQL database operations on a GPU with CUDA , 2010, GPGPU-3.

[8]  Richard Wolski,et al.  The Eucalyptus Open-Source Cloud-Computing System , 2009, 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid.

[9]  Brian Hay,et al.  Forensics examination of volatile system data using virtual introspection , 2008, OPSR.

[10]  Adrian Perrig,et al.  SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes , 2007, SOSP.

[11]  Frank Gens,et al.  Cloud Computing Benefits, risks and recommendations for information security , 2010 .

[12]  A. Volokyta,et al.  Secure virtualization in cloud computing , 2012, Proceedings of International Conference on Modern Problem of Radio Engineering, Telecommunications and Computer Science.

[13]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[14]  Jorge Lobo,et al.  Policies for Distributed Systems and Networks , 2001, Lecture Notes in Computer Science.

[15]  Roberto Di Pietro,et al.  KvmSec: a security extension for Linux kernel virtual machines , 2009, SAC '09.

[16]  Luigi V. Mancini,et al.  Towards a formal model for security policies specification and validation in the selinux system , 2004, SACMAT '04.

[17]  Frank Mueller,et al.  Time-based intrusion detection in cyber-physical systems , 2010, ICCPS '10.

[18]  Jens H. Krüger,et al.  GPGPU: general purpose computation on graphics hardware , 2004, SIGGRAPH '04.

[19]  Alastair Nottingham,et al.  GPU packet classification using OpenCL: a consideration of viable classification methods , 2009, SAICSIT '09.

[20]  Hermann Härtig,et al.  Reducing TCB size by using untrusted components: small kernels versus virtual-machine monitors , 2004, EW 11.

[21]  Jianhua Ma,et al.  Password Recovery for RAR Files Using CUDA , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[22]  Tom R. Halfhill NVIDIA's Next-Generation CUDA Compute and Graphics Architecture, Code-Named Fermi, Adds Muscle for Parallel Processing , 2009 .

[23]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[24]  Adit Ranadive,et al.  IBMon: monitoring VMM-bypass capable InfiniBand devices using memory introspection , 2009, HPCVirt '09.