Mitigating Multi-Tenancy Risks in IaaS Cloud Through Constraints-Driven Resource Scheduling

Slide Note
Embed
Share

Addressing the challenges of multi-tenancy in Infrastructure as a Service (IaaS) clouds, this research focuses on constraints-driven virtual resource scheduling to enhance security and isolation among tenants. The study discusses co-location strategies, attribute-based conflict specifications, and conflict-free partitioning techniques for efficient resource management in cloud platforms.

remi_403
remi_403 Follow

Uploaded on Oct 09, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Mitigating Multi-Tenancy Risks in IaaS Cloud Through Constraints-Driven Virtual Resource Scheduling Khalid Bijon, Ram Krishnan, and Ravi Sandhu The University of Texas at San Antonio, USA ACM Symposium on Access Control Models and Technologies (SACMAT 2015) Vienna, Austria June 1-3, 2015

  2. Cloud Service Models Network accessible software Software as a Service (SaaS) App dev environment with cloud characteristics Platform as a Service (PaaS) Virtualized hardware infrastructure Infrastructure as a Service (IaaS) 2

  3. IaaS Cloud: Virtual to Physical Mappings

  4. PUBLIC CLOUD PRIVATE CLOUD $ HIGH RISK $$$ LOW RISK Level of Physical Resource Sharing HIGH LOW VM VM VM VM VM VM VM VM VM VM VM VM Hypervisor Hypervisor Hypervisor Hypervisor Physical Machine Physical Machine Physical Machine Physical Machine Multi-tenancy is unavoidable in cloud platforms Hypervisor provides isolation, albeit tricky E.g. Ristenpart et al Tenant 1: Need 3 VMs Tenant 2: Need 3 VMs Tenant 3: Need 2 VMs Tenant 2: Need 3 VMs Tenant 4: Need 1 VM 4

  5. Constraints-Driven Co-location Toward a programmable cloud platform for resource isolation that can satisfy constraints such as: Do not co-locate sensitive VMs with low-sensitive Do not co-locate high-availabilityVMs in the same rack Do not co-locate Exxon VMs with those of BP Must not co-locate vs. must co-locate Scheduling problems 5

  6. Attribute-Based Conflict Specification for VM Co-location Name-value pairs on VMs E.g. sensitivity(vm1)= high , tenant(vm2)= Acme Specified for VMs of each tenant Intra-tenant (tenant-specified) Varies from tenant to tenant E.g. sensitivity , group , etc. Inter-tenant (cloud service provider specified) Available to VMs of all tenants E.g. tenant , flavor , etc. 6

  7. Sample Attributes for a Tenant 7

  8. Conflict-Free Partitioning of Attributes Step 1: Finding MIN_PARTITION is similar to k-coloring: NP-Complete Step 2: O(|ATTRVM | x |PARTITIONatt|) 8

  9. Co-Resident VM Scheduling Step 3: Partitions of co-resident VMs O(|VM| x |ConflictFreeATTR| x |ATTRVM|) Step 4: Scheduling of co-resident VMs into physical hosts Similar to bin-packing: NP-Hard Not a problem introduced by this work 9

  10. Experimental Setup OpenStack deployed on 5 physical machines Each is a Dell R710 with 16 cores, 2.53 GHz and 98GB RAM Each VM simulated as a physical host to simulate 100s of physical hosts 10

  11. Conflict-Free Partition Using Backtracking Small-ish scope and conflict set Large scope and conflict set 11

  12. Scheduling Latency After Partitioning 12

  13. #Hosts With varying number of elements in Conflict-Set With varying number of maximum degree of conflicts 13

  14. Host Utilization 14

  15. Conflict Changes Conflict specification can change over time! Changes can be of different types Type 1: remove an element from the ConSetatt Type 2: add an element to ConSetatt PARTITIONatt remains unchanged Type 3: add an element to ConSetatt PARTITIONatt changes -> may need to migrate 15

  16. Migrations % of Conflict for a Given Scope % of Total VMs that Require Migration 16

  17. Ongoing/Future Directions Constraints that span further levels of abstractions o PaaS and SaaS 17

  18. Ongoing/Future Directions (continued) Constraints involving other virtual resources Storage, Network, etc. Managing conflict changes over time Incremental conflict specification Attribute computation to inform conflict specification 18

  19. Summary A conflict specification framework for resources in IaaS Conflict-free partitioning is NP-Complete Prototyped and experimented in OpenStack 19

  20. Thank you! 20

Related


Platform as a Service (PaaS) vs. Infrastructure as a Service (IaaS) in Cloud Computing

Platform as a Service (PaaS) vs. Infrastructure as a Service (IaaS) in Cloud Computing

lami
Active Response Mechanism for IaaS Cloud Security

Active Response Mechanism for IaaS Cloud Security

jou_h
Orchestrated Scheduling and Prefetching for GPGPUs

Orchestrated Scheduling and Prefetching for GPGPUs

arie_146
Online Procurement Auctions for Resource Pooling in Client-Assisted Cloud Storage Systems

Online Procurement Auctions for Resource Pooling in Client-Assisted Cloud Storage Systems

addingt
Evolution of Labour Tenancy: Historical Perspectives and Current Realities

Evolution of Labour Tenancy: Historical Perspectives and Current Realities

efa
Changes in Tenancy and Possession Regulations: Latest Updates

Changes in Tenancy and Possession Regulations: Latest Updates

grey
Understanding Cloud Computing Architecture and Services

Understanding Cloud Computing Architecture and Services

soren
Infrastructure as a Service

Infrastructure as a Service

gunnar
Challenges and Solutions in Elastic Cloud Security

Challenges and Solutions in Elastic Cloud Security

mancini_a
GPU Scheduling Strategies: Maximizing Performance with Cache-Conscious Wavefront Scheduling

GPU Scheduling Strategies: Maximizing Performance with Cache-Conscious Wavefront Scheduling

aila
Understanding Scheduling Algorithms in Operating Systems

Understanding Scheduling Algorithms in Operating Systems

rhodes
Understanding Cloud Computing: Benefits and Risks

Understanding Cloud Computing: Benefits and Risks

tiggy
Secure Out-of-Band Remote Management Using Encrypted Virtual Serial Consoles in IaaS Clouds

Secure Out-of-Band Remote Management Using Encrypted Virtual Serial Consoles in IaaS Clouds

barn_z
Cloud-Optimized HDF5 Files Overview

Cloud-Optimized HDF5 Files Overview

gianni
Infrastructure as a Service (IaaS) - Amazon EC2

Infrastructure as a Service (IaaS) - Amazon EC2

colten
Open-Source General Partitioning Multi-Tool for VLSI Physical Design

Open-Source General Partitioning Multi-Tool for VLSI Physical Design

calliope
Insights into Volunteer Scheduling and Management

Insights into Volunteer Scheduling and Management

dard577
CloudScale: Elastic Resource Scaling for Multi-Tenant Cloud Systems

CloudScale: Elastic Resource Scaling for Multi-Tenant Cloud Systems

haar618
Cloud_cci: Comprehensive Overview of Available Data and Evaluation

Cloud_cci: Comprehensive Overview of Available Data and Evaluation

ksned
Understanding Operating System Scheduling Principles

Understanding Operating System Scheduling Principles

yazh_941
Hierarchy-Based Algorithms for Minimizing Makespan under Precedence and Communication Constraints

Hierarchy-Based Algorithms for Minimizing Makespan under Precedence and Communication Constraints

wass_iya
Enhancing Cloud Security Through Virtual Machine Co-Migration for IDS Offloading

Enhancing Cloud Security Through Virtual Machine Co-Migration for IDS Offloading

acozz
Understanding Program Analysis with Set Constraints

Understanding Program Analysis with Set Constraints

tjim
Constraints on Top EW Couplings: Workshop on Top Physics at the LC

Constraints on Top EW Couplings: Workshop on Top Physics at the LC

quintal_k

More Related Content

Efficient Resource Mobilization and Management Strategies by Dr. Abraham Maliet Mamer
Efficient Resource Mobilization and Management Strategies by Dr. Abraham Maliet Mamer
Cloud Computing and Virtualization
Cloud Computing and Virtualization
Understanding Mobile Apps and The Cloud in Technical Evangelism
Understanding Mobile Apps and The Cloud in Technical Evangelism
Enterprise Risk Management (ERM) Strategies for Mitigating Key Business Risks
Enterprise Risk Management (ERM) Strategies for Mitigating Key Business Risks
Improving GPGPU Performance with Cooperative Thread Array Scheduling Techniques
Improving GPGPU Performance with Cooperative Thread Array Scheduling Techniques
Understanding Scheduling in Operating Systems: A Comprehensive Overview
Understanding Scheduling in Operating Systems: A Comprehensive Overview
Advanced Cloud Computing Solutions with DIRAC Services
Advanced Cloud Computing Solutions with DIRAC Services
Understanding Cloud Federation and Identity Management
Understanding Cloud Federation and Identity Management
Emerging Trends in Cloud Databases: Challenges and Opportunities
Emerging Trends in Cloud Databases: Challenges and Opportunities
Overview of VIIRS Cloud Properties Products and Requirements
Overview of VIIRS Cloud Properties Products and Requirements
Secure Cloud Applications with Intel SGX - OSDI 2014 Presentation Summary
Secure Cloud Applications with Intel SGX - OSDI 2014 Presentation Summary
Cloud Adoption and Organizational Change Management Program Overview
Cloud Adoption and Organizational Change Management Program Overview
Understanding Cloud Security Threats and Vulnerabilities
Understanding Cloud Security Threats and Vulnerabilities
Multi-Stage, Multi-Resolution Beamforming Training for IEEE 802.11ay
Multi-Stage, Multi-Resolution Beamforming Training for IEEE 802.11ay
Understanding Cloud Computing Cost Comparison
Understanding Cloud Computing Cost Comparison
Understanding Information Leakage in Cloud Computing
Understanding Information Leakage in Cloud Computing
Real Property Considerations in Maryland Probate
Real Property Considerations in Maryland Probate
Future Support for Private Landlords in Knowsley: Tenancy Sustainment Forum Highlights
Future Support for Private Landlords in Knowsley: Tenancy Sustainment Forum Highlights
Recent Updates for Landlords and Tenants in Napier - August 2019
Recent Updates for Landlords and Tenants in Napier - August 2019
Land Reforms in India: Objectives, Measures, and Impact
Land Reforms in India: Objectives, Measures, and Impact
Overview of Lease and Tenancy Laws in Great Britain
Overview of Lease and Tenancy Laws in Great Britain
Understanding Linux Process Scheduling and Priorities
Understanding Linux Process Scheduling and Priorities
Understanding Scheduling Terminology and Concepts in MyEdBC
Understanding Scheduling Terminology and Concepts in MyEdBC
Time-Aware Scheduling Capabilities in IEEE 802.11be
Time-Aware Scheduling Capabilities in IEEE 802.11be