Pwnetizer: Improving Availability in Cloud Computing through Fast Cloning and I/O Randomization
Abstract:
The rise of the Cloud Computing paradigm has led to security concerns amongst its adopters,
given that resources are shared and mediated by a Hypervisor which may be targeted by rogue
guest Virtual Machines (VMs) and remote attackers. We conducted a thorough analysis of the
codebase of two popular open-source Hypervisors, Xen and KVM, followed by an extensive study
of the vulnerability reports associated with them. Based on our findings, we propose a practical
characterization of Hypervisor vulnerabilities. From this analysis, we see that more than one third of
all attacks are due to I/O device emulation and that availability breaches are by far the most common
security breaches, considering the cornerstone security properties of Confidentiality, Integrity and
Availability.
We developed Pwnetizer, a novel VM cloning strategy, to address these weaknesses of virtualized
environments. Pwnetizer facilitates increased availability by rapidly generating clone VMs that can
instantly contribute to the overall throughput, as they increase the resources available to a cloud
customer's applications (network bandwidth, CPU and RAM). Previously, VM Cloning research
has prioritized the performance of computationally-intensive workloads by enabling the creation of
transient clone VMs that depend on a master VM. Meanwhile, the few alternatives able to generate
fully-independent stateful VM Clones suer from considerable downtimes (tens of seconds), which
is itself a loss of availability. A KVM-based prototype of our Pwnetizer solution is able to gracefully
generate on-demand independent VM Clones with sub-second downtimes.
At minimal additional overhead, our cloning technology also randomizes the I/O device drivers
employed by each clone VM. This takes advantage of the variety of device drivers with overlapping
functionality supported by commodity Hypervisors. Without having to vet them beforehand, we
defend a set of diversified clone VMs against current and future attacks on I/O device drivers with
security vulnerabilities. This further improves availability by preventing large-scale VM crashes
caused by attacks made possible by device emulation bugs.