Virtualization contributes to the optimization and modularization of resource usage in a machine. Furthermore, many systems have relied on a virtualization layer to provide extra security functionality. Both features rank amongst the most important of the technological capabilities enabling cloud computing, improving performance and security. The availability of hardware support for 86 virtualization allows to run virtual machines (VMs) with very low overhead. However, using hardware virtualization inside the OS makes it unavailable for any additional security code as the hardware supports only a single layer of VMs. Stacking virtual machines recursively is one solution to this problem. Unfortunately, current implementations induce an overhead that grows exponentially with the stacking depth. In the paper we address this conflict by describing a novel design that mitigates the performance issues of recursive virtual machines. Once this solved, the doors are open for the design of advanced security mechanisms that are implemented in the intermediate layers and provide additional security features to the system. We suggest concrete ways to further explore this avenue. © 2011 IEEE.
|Original language||English (US)|
|Title of host publication||Proceedings of the International Conference on Dependable Systems and Networks|
|Publisher||IEEE Computer Societyhelp@computer.org|
|Number of pages||6|
|State||Published - Jan 1 2011|