The Iris System: Tidying Up Under the Rug

Virtualization helps conceal hardware complexity, one of its many benefits for programmers and administrators. But it’s also a rug under which security and reliability concerns can be all too easily swept. Here’s a simple example. Suppose that a file system replicates data across two storage devices to prevent data loss in the advent of a…

Read More

Stealing Your Neighbors’ Keys with a Drinking Glass

Security experts have long speculated about whether virtualized environments, such as public clouds, exhibit dangerous side channels. A side channel is a form of information leakage that arises as a byproduct of resource exposure, such as the sharing of memory caches. A side-channel attack exploits such leakage to steal secrets, such as cryptographic keys. A…

Read More

Cherrypicking Virtual Machines in a Public Cloud

Resources in public clouds are sold on the same premise of uniform quality as apples. A virtual machine (VM) of a given type, for instance, is a fixed-sized bundle of resources—CPU, local storage, and so forth—that is rented to a tenant at a set hourly rate. Yet VMs, like apples, vary in quality. A VM’s performance depends on the CPU model in the machine on which it sits, the workloads of its neighbors (the VMs of other tenants), and a variety of other characteristics.

Read More