Separating Protection and Management in Cloud Infrastructures

Abstract

Cloud computing infrastructures serving mutually untrusted users provide security isolation to protect user computation and resources. Additionally, clouds should also support flexibility and efficiency, so that users can customize resource management policies and optimize performance and resource utilization. However, flexibility and efficiency are typically limited due to security requirements. This dissertation investigates the question of how to offer flexibility and efficiency as well as strong security in cloud infrastructures. Specifically, this dissertation addresses two important platforms in cloud infrastructures: the containers and the Infrastructure as a Service (IaaS) platforms. The containers platform supports efficient container provisioning and executing, but does not provide sufficient security and flexibility. Different containers share an operating system kernel which has a large attack surface, and kernel customization is generally not allowed. The IaaS platform supports secure sharing of cloud resources among mutually untrusted users, but does not provide sufficient flexibility and efficiency. Many powerful management primitives enabled by the underlying virtualization platform are hidden from users, such as live virtual machine migration and consolidation. The main contribution of this dissertation is the proposal of an approach inspired by the exokernel architecture that can be generalized to any multi-tenant system to improve security, flexibility, and efficiency. This approach is called the exokernel approach --- a principle of separating protection and management. By separating protection and management, the protection layer can focus on security isolation and resource multiplexing, making security guarantees easier to maintain and verify. Resource management components are dedicated to each user or application for customization and optimization, greatly improving flexibility and efficiency. We investigate the effectiveness of this approach by applying it to the containers and the Infrastructure as a Service (IaaS) platforms, and introduce X-Containers and Library Cloud. X-Containers is a new exokernel+LibOS architecture that is fully compatible with Linux containers and provides competitive or superior performance to native Docker Containers as well as other LibOS designs. Library Cloud is a new abstraction that enables more flexible and efficient user-level cloud resource management without breaking security isolation between different users. Together, these systems represent important steps towards secure, flexible, and efficient cloud infrastructures.