Proceedings of the 5th ACM Symposium on Cloud Computing (SOCC 2014); pages 128-140; Seattle, Washington; November 3-5, 2014.
We recently proposed Self-service Cloud Computing (SSC) as a model to improve the security and privacy of client data on public cloud platforms. SSC prevents cloud operators from snooping on or modifying client VMs and provides clients the flexibility to deploy security services, such as VM introspection tools, on their own VMs. SSC achieves these goals by modifying the hypervisor privilege model.
This paper focuses on the unique challenges involved in building a control plane for an SSC-based cloud platform. The control plane is the layer that facilitates interaction between hosts in the cloud infrastructure as well as between the client and the cloud. We describe a number of novel features in SSC's control plane, such as its ability to allow specification of VM dependencies, flexible deployment of network middleboxes, and new VM migration protocols. We report on our design and implementation of SSC's control plane, and present experimental evaluation of services implemented atop the control plane.
Slides: [ Powerpoint | PDF ]
DOI: [ 10.1145/2670979.2670989 ]