Abstract
While on the one hand unresolved security issues pose a barrier to the widespread adoption of cloud computing technologies, on the other hand the computing capabilities of even commodity HW are boosting, in particular thanks to the adoption of *-core technologies. For instance, the Nvidia Compute Unified Device Architecture (CUDA) technology is increasingly available on a large part of commodity hardware. In this paper, we show that it is possible to effectively use such a technology to guarantee an increased level of security to cloud hosts, services, and finally to the user. Secure virtualization is the key enabling factor. It can protect such resources from attacks. In particular, secure virtualization can provide a framework enabling effective management of the security of possibly large, heterogeneous, CUDA-enabled computing infrastructures (e.g. clusters, server farms, and clouds). The contributions of this paper are twofold: first, to investigate the characteristics and security requirements of CUDA-enabled cloud computing nodes; and, second, to provide an architecture for leveraging CUDA hardware resources in a secure virtualization environment, to improve cloud security without sacrificing CPU performance. A prototype implementation of our proposal and related results support the viability of our proposal.
Chapter PDF
References
Bakkum, P., Skadron, K.: Accelerating SQL database operations on a GPU with CUDA. In: Proceedings of the 3rd Workshop on General-Purpose Computation on Graphics Processing Units, GPGPU 2010, pp. 94–103. ACM, New York (2010)
Catteddu, D., Hogben, G.: Cloud computing: Benefits, risks and recommendations for information security (2009), http://www.enisa.europa.eu/act/rm/files/deliverables
Nvidia Corporation. Nvidia’s next generation CUDA compute architecture: Fermi (2009), http://www.nvidia.com/content/PDF/fermi_white_papers/NVIDIA_Fermi_Compute_Architecture_Whitepaper.pdf
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder policy specification language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001)
Dowty, M., Sugerman, J.: GPU virtualization on VMware’s hosted I/O architecture. SIGOPS Oper. Syst. Rev. 43(3), 73–82 (2009)
Gupta, V., Gavrilovska, A., Schwan, K., Kharche, H., Tolia, N., Talwar, V., Ranganathan, P.: GViM: Gpu-accelerated virtual machines. In: Proceedings of the 3rd ACM Workshop on System-level Virtualization for High Performance Computing, HPCVirt 2009, pp. 17–24. ACM, New York (2009)
Hay, B., Nance, K.: Forensics examination of volatile system data using virtual introspection. SIGOPS Oper. Syst. Rev. 42(3), 74–82 (2008)
Hohmuth, M., Peter, M., Härtig, H., Shapiro, J.S.: Reducing TCB size by using untrusted components: small kernels versus virtual-machine monitors. In: Proceedings of the 11th Workshop on ACM SIGOPS European Workshop, EW11, p. 22. ACM, New York (2004)
Hu, G., Ma, J., Huang, B.: Password recovery for RAR files using CUDA. In: Proceedings of the 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, DASC 2009, Washington, DC, USA, pp. 486–490. IEEE Computer Society, Los Alamitos (2009)
Andres Lagar-Cavilla, H., Tolia, N., Satyanarayanan, M., de Lara, E.: Vmm-independent graphics acceleration. In: Proceedings of the 3rd International Conference on Virtual Execution Environments, VEE 2007, pp. 33–43. ACM, New York (2007)
Lin, S., Hao, C., Jianhua, S.: vCUDA: GPU accelerated high performance computing in virtual machines. In: Proceedings of the 2009 IEEE International Symposium on Parallel & Distributed Processing, IPDPS 2009, Washington, DC, USA, pp. 1–11. IEEE Computer Society, Los Alamitos (2009)
Lombardi, F., Di Pietro, R.: Kvmsec: a security extension for linux kernel virtual machines. In: Proceedings of the 2009 ACM Symposium on Applied Computing, SAC 2009, pp. 2029–2034. ACM, New York (2009)
Lombardi, F., Di Pietro, R.: Secure virtualization for cloud computing. Journal of Network and Computer Applications (2010) (in Press) (accepted manuscript), doi: 10.1016/j.jnca.2010.06.008
Lombardi, F., Di Pietro, R.: A security management architecture for the protection of kernel virtual machines. In: Proceedings of the Third IEEE International Symposium on Trust, Security and Privacy for Emerging Applications, TSP 2010, Washington, DC, USA, pp. 948–953. IEEE Computer Society, Los Alamitos (June 2010)
Luebke, D., Harris, M., Krüger, J., Purcell, T., Govindaraju, N., Buck, I., Woolley, C., Lefohn, A.: GPGPU: general purpose computation on graphics hardware. In: ACM SIGGRAPH 2004 Course Notes, SIGGRAPH 2004, p. 33. ACM, New York (2004)
Nottingham, A., Irwin, B.: GPU packet classification using OpenCL: a consideration of viable classification methods. In: Proceedings of the 2009 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists, SAICSIT 2009, pp. 160–169. ACM, New York (2009)
Nurmi, D., Wolski, R., Grzegorczyk, C., Obertelli, G., Soman, S., Youseff, L., Zagorodnov, D.: The Eucalyptus open-source cloud-computing system. In: Proceedings of the 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid, CCGRID 2009, Washington, DC, USA, pp. 124–131. IEEE Computer Society, Los Alamitos (2009)
Phoronix. Phoronix test suite (2009), http://phoronix-test-suite.com/
Ranadive, A., Gavrilovska, A., Schwan, K.: IBMon: monitoring vmm-bypass capable infiniband devices using memory introspection. In: Proceedings of the 3rd ACM Workshop on System-level Virtualization for High Performance Computing, HPCVirt 2009, pp. 25–32. ACM, New York (2009)
Ristenpart, T., Tromert, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2009, pp. 103–115. ACM, New York (2009)
Seshadri, A., Luk, M., Qu, N., Perrig, A.: SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In: Proceedings of Twenty-First ACM SIGOPS Symposium on Operating Systems Principles, SOSP 2007, pp. 335–350. ACM, New York (2007)
Tumeo, A., Villa, O., Sciuto, D.: Efficient pattern matching on GPUs for intrusion detection systems. In: Proceedings of the 7th ACM International Conference on Computing Frontiers, CF 2010, pp. 87–88. ACM, New York (2010)
Zanin, G., Mancini, L.V.: Towards a formal model for security policies specification and validation in the SElinux system. In: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies, SACMAT 2004, pp. 136–145. ACM, New York (2004)
Zimmer, C., Bhat, B., Mueller, F., Mohan, S.: Time-based intrusion detection in cyber-physical systems. In: Proceedings of the 1st ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS 2010, pp. 109–118. ACM, New York (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lombardi, F., Di Pietro, R. (2010). CUDACS: Securing the Cloud with CUDA-Enabled Secure Virtualization. In: Soriano, M., Qing, S., López, J. (eds) Information and Communications Security. ICICS 2010. Lecture Notes in Computer Science, vol 6476. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17650-0_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-17650-0_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17649-4
Online ISBN: 978-3-642-17650-0
eBook Packages: Computer ScienceComputer Science (R0)