Abhinav Srivastava1 and Vinod Ganapathy2
AT&T Labs—Research1, Rutgers University2
Towards a Richer Model of Cloud App Markets
Cloud App Market• A place where
– developers publish software VMs– customers find, buy, and run VMs in
the cloud– providers handle billing & payment
Cloud App Market
$$
A Cloud Platform
Virtual machine monitor (VMM)
Hardware
Management VM Work VM
Provider VM Client1 VM
Work VMWork VMsWork VMs
Client2 VM
A Cloud Platform with App
VMM
Hardware
Management VM Work VM
Provider VM Client1 VM
New OS/SDE VMWork VMs
App VM
Nascent Market• Offers only SDE and OS distributions
• No interaction between App and work VMs
• Analogy between process/OS and VM/VMM Control and Flexibility
Current Encrypted Storage Design
Provider VM
Backend
Disk R/W
Disk
Client VM
Frontend
Storage Encryption
Potential Cloud App: Encrypted Storage
Provider VM Client VMEncryption App
Backend Frontend Backend Frontend
Disk R/W
Disk
Potential Cloud App: Checkpoint App
Provider VM
VMM
Checkpoint App
Copy client VM’s memory pages
Work VMs
Client VM
Management VM
Taxonomy of VM Apps• Standalone VM apps• Cooperative VM apps• Service VM apps• Bundled VM apps
Standalone Apps
VMM
Hardware
Management VM Work VM
Provider VM Client1 VM
New OS/SDE VMWork VMs
App VM
Cooperative Apps
VMM
Hardware
Management VM Work VM
Provider VM Client1 VM
Checkpoint app/Rootkit
detectorWork VMs
App VM
memory
Service Apps
VMM
Hardware
Management VM Work VM
Provider VM Client1 VM
Forensic Analysis/Fire
wallWork VMs
App VM
image/packets
Bundled Apps
VMM
Hardware
Management VM Work VM
Provider VM Client1 VM
FirewallWork VMs
Service VM
packets
NIDS
Service VM
App Bundle
Key Requirements• Trustworthy launch of VM apps• New privilege model• Preventing information leakage• Featherweight VMs• Standardized API interface• Customized plumbing I/O• Migration
Design Space• Virtual machine monitor modification• Nested virtualization• Para-virtualization-based Nesting• Hybrid design
Design Space• Virtual machine monitor modification
Modified VMM
Management VM
Provider VM VM
Hardware
App VM
Design Space• Nested virtualization
Management VM
Stock VMM
Nested Management
VMClient VM
Provider VM VM
VMM (with nesting support)
Hardware
Client VMClient VM
Design Space• Nested virtualization
Management VM
VM App’s VMM
Nested Management
VM (checkpoint)
Client work VM
Provider VM App VM
Provider’s VMM (with nesting support)
Hardware
Design Space• Para-virtualization-based Nesting
Stock VMM (no nesting support)
Hardware
Management VM
VMM
Nested Management
VM (checkpoint)
Client’s work VM
Provider VM VM
Blanket Layer
Design Space• Para-virtualization-based Nesting
Provider’s VMM (no nesting support)
Hardware
Management VM
VM app’s VMM
Nested Management
VM (checkpoint)
Client’s work VM
Provider VM App VM
Blanket VMM
Comparison of Design Options
Design Performance Deployability CapabilityVMM changes
Nested virtualizationParavirt-based nesting
Conclusions• Nascent market• Taxonomy of potential cloud apps• Key requirements• Design space
Thank You!!
Firewall App
Provider VM Client VMFirewall App
Backend Frontend Backend Frontend
Packets
NIC
Firewall App
Provider VM
Backend
Packets
NIC
Client VM
Frontend
Firewall
Key Requirements• New privilege model
VMM
Privileged Operation
Is request from a management VM
Deny Allow
YESNO
Key Requirements• New privilege model
VMM
Privileged Operation
Is request from a management VM
Allow
YESNORequestor has
delegated privileges??
Deny Allow
NO YES
Cloud App Market• Similar to smart-phone apps store • A place where– Developers publish software VMs and get paid– Customers find, buy, and run services (VMs) in the cloud– Providers handle billing & payment
Cloud App Market