NoHype: Virtualized cloud infrastructure without the virtualization

Eric Keller, Jakub Szefer, Jennifer L. Rexford, Ruby Bei-Loh Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

198 Scopus citations

Abstract

Cloud computing is a disruptive trend that is changing the way we use computers. The key underlying technology in cloud infrastructures is virtualization-so much so that many consider virtualization to be one of the key features rather than simply an implementation detail. Unfortunately, the use of virtualization is the source of a significant security concern. Because multiple virtual machines run on the same server and since the virtualization layer plays a considerable role in the operation of a virtual machine, a malicious party has the opportunity to attack the virtualization layer. A successful attack would give the malicious party control over the all-powerful virtualization layer, potentially compromising the confidentiality and integrity of the software and data of any virtual machine. In this paper we propose removing the virtualization layer, while retaining the key features enabled by virtualization. Our NoHype architecture, named to indicate the removal of the hypervisor, addresses each of the key roles of the virtualization layer: arbitrating access to CPU, memory, and I/O devices, acting as a network device (e.g., Ethernet switch), and managing the starting and stopping of guest virtual machines. Additionally, we show that our NoHype architecture may indeed be "no hype" since nearly all of the needed features to realize the NoHype architecture are currently available as hardware extensions to processors and I/O devices.

Original languageEnglish (US)
Title of host publicationISCA 2010 - The 37th Annual International Symposium on Computer Architecture, Conference Proceedings
Pages350-361
Number of pages12
DOIs
StatePublished - 2010
Event37th International Symposium on Computer Architecture, ISCA 2010 - Saint-Malo, France
Duration: Jun 19 2010Jun 23 2010

Publication series

NameProceedings - International Symposium on Computer Architecture
ISSN (Print)1063-6897

Other

Other37th International Symposium on Computer Architecture, ISCA 2010
Country/TerritoryFrance
CitySaint-Malo
Period6/19/106/23/10

All Science Journal Classification (ASJC) codes

  • Hardware and Architecture

Keywords

  • Cloud computing
  • Hypervisor
  • Many-core
  • Multi-core
  • Security
  • System architecture
  • Virtualization

Fingerprint

Dive into the research topics of 'NoHype: Virtualized cloud infrastructure without the virtualization'. Together they form a unique fingerprint.

Cite this