UTCS Colloquia - Professor Haibo Chen/Parallel Processing Institute, Fudan University, "Retrofitting Protection of Virtual Machines in Multi-tenant Cloud with CloudVisor", ACES 6.336

Contact Name: 
Jenna Whitney
Apr 13, 2011 11:00am - 12:00pm

There is a sign-up schedule for this event that can be found at



Type of Talk: Colloquia

Speaker/Affiliation: Professor Haib

o Chen/Parallel Processing Institute, Fudan University

Talk Audience:
UTCS Faculty, Grads, and Undergrads

Date/Time: Wednesday, April 13

, 2011 11:00 a.m.

Location: ACES 6.336

Host: Lorenzo Alvisi

nTalk Title: Retrofitting Protection of Virtual Machines in Multi-tenant Cl

oud with CloudVisor

Talk Abstract:
Multi-tenant cloud such as Amazon

''s EC2, which usually leases resources in the form of virtual machines,

has been commercially available for years. Unfortunately, with the adoptio

n of commodity virtualized infrastructures, software stacks in typical mul

ti-tenant clouds are non-trivially large and complex, and thus are prone t

o compromise or abuse from adversaries including the cloud operators, whic

h may lead to leakage of users‚ sensitive data.

In this talk, I wil

l describe a transparent, backward-compatible approach that tries to prote

ct the privacy and integrity of customers'' virtual machines on commodity v

irtualized cloud infrastructures, even
facing a total compromise of the

virtual machine monitor (VMM) and the management VM. The key of the approa

ch is the separation of the resource management from security protection in
the virtualization layer. A tiny security monitor, called CloudVisor, is
introduced underneath the commodity VMM using nested virtualization and pr

ovides protection to the hosted VMs. As a result, the approach allows virt

ualization software (e.g., VMM, management VM and tools) to handle comple

x tasks of managing leased VMs for the cloud, without breaking privacy and
integrity of users'' data inside the VMs. In the end, I will demonstrate

the efficiency and effectiveness of CloudVisor by evaluating a prototype th

at supports the mostly unmodified Xen VMM with multiple Linux and Windows a

s the guest OSes.

Speaker Bio: