A Comparison of Secure Multi-Tenancy Architectures for Filesystem Storage Clouds

  • Anil Kurmus
  • Moitrayee Gupta
  • Roman Pletka
  • Christian Cachin
  • Robert Haas
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7049)


A filesystem-level storage cloud offers network-filesystem access to multiple customers at low cost over the Internet. In this paper, we investigate two alternative architectures for achieving multi-tenancy securely and efficiently in such storage cloud services. They isolate customers in virtual machines at the hypervisor level and through mandatory access-control checks in one shared operating-system kernel, respectively. We compare and discuss the practical security guarantees of these architectures. We have implemented both approaches and compare them using performance measurements we obtained.


Virtual Machine Storage Cloud Virtual Machine Monitor Interface Node Attack Graph 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    IBM Scale Out Network Attached Storage,
  2. 2.
    Schmuck, F., Haskin, R.: GPFS: A Shared-disk File System For Large Computing Clusters. In: Proc. File and Storage Technologies (2002)Google Scholar
  3. 3.
    Kivity, A., Kamay, Y., Laor, D., Lublin, U., Liguori, A.: kvm: the Linux Virtual Machine Monitor. In: Proc. Linux Symposium, vol. 1 (2007)Google Scholar
  4. 4.
    Cai, H., Reinwald, B., Wang, N., Guo, C.: SaaS Multi-Tenancy: Framework, Technology, and Case Study. International Journal of Cloud Applications and Computing (IJCAC) 1(1) (2011)Google Scholar
  5. 5.
    Traeger, A., Rai, A., Wright, C., Zadok, E.: NFS File Handle Security. In: Tech. Rep., Computer Science Department, Stony Brook University (2004)Google Scholar
  6. 6.
    Oehme, S., Deicke, J., Akelbein, J., Sahlberg, R., Tridgell, A., Haskin, R.: IBM Scale out File Services: Reinventing network-attached storage. IBM Journal of Research and Development 52(4.5) (2008)Google Scholar
  7. 7.
  8. 8.
    Osman, S., Subhraveti, D., Su, G., Nieh, J.: The Design and Implementation of Zap: A System for Migrating Computing Environments. In: ACM SIGOPS Operating Systems Review, vol. 36(SI) (2002)Google Scholar
  9. 9.
    Kamp, P., Watson, R.: Jails: Confining the omnipotent root. In: Proc. International System Administration and Network Engineering (2000)Google Scholar
  10. 10.
    Price, D., Tucker, A.: Solaris Zones: Operating System Support for Consolidating Commercial Workloads. In: Proc. System Administration (2004)Google Scholar
  11. 11.
    McCarty, B.: SELinux: NSA’s Open Source Security Enhanced Linux (2004)Google Scholar
  12. 12.
    Diesburg, S.M., Wang, A.-I.A.: A survey of confidential data storage and deletion methods. ACM Computing Surveys 43 (December 2010)Google Scholar
  13. 13.
    Sivathanu, G., Wright, C.P., Zadok, E.: Ensuring data integrity in storage: Techniques and applications. In: Proc. Storage Security and Survivability (2005)Google Scholar
  14. 14.
    Schechter, S.: Computer Security Strength & Risk: A Quantitative Approach. PhD thesis, Harvard University Cambridge, Massachusetts (2004)Google Scholar
  15. 15.
    Schneier, B.: Attack trees. Dr. Dobb’s journal 24(12) (1999)Google Scholar
  16. 16.
    Hardy, N.: The Confused Deputy. ACM SIGOPS Operating Systems Review 22(4) (1988)Google Scholar
  17. 17.
    Wojtczuk, R.: Adventures with a certain Xen vulnerability (in the PVFB backend). Message Sent to Bugtraq Mailing List on October 15 (2008)Google Scholar
  18. 18.
    Ormandy, T.: An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments. In: Proc. CanSecWest Applied Security Conference (2007)Google Scholar
  19. 19.
    Kortchinsky, K.: Cloudburst – Hacking 3D and Breaking out of VMware (2009)Google Scholar
  20. 20.
    Blanc, M., Guerin, K., Lalande, J., Le Port, V.: Mandatory Access Control implantation against potential NFS vulnerabilities. In: International Symposium on Collaborative Technologies and Systems (2009)Google Scholar
  21. 21.
    libvirt: The virtualization API,
  22. 22.
    Nurmi, D., Wolski, R., Grzegorczyk, C., Obertelli, G., Soman, S., Youseff, L., Zagorodnov, D.: The Eucalyptus Open-source Cloud-computing System. In: Proc. Cluster Computing and the Grid (2009)Google Scholar
  23. 23.
  24. 24.
    Liedtke, J.: On micro-kernel construction. In: Proc. SOSP (1995)Google Scholar
  25. 25.
    Heiser, G., Uhlig, V., LeVasseur, J.: Are Virtual Machine Monitors Microkernels Done Right? ACM SIGOPS Operating Systems Review 40(1) (2006)Google Scholar
  26. 26.
    Hohmuth, M., Peter, M., Härtig, H., Shapiro, J.S.: Reducing TCB size by using untrusted components: small kernels versus virtual-machine monitors. In: Proc. SIGOPS European Workshop (2004)Google Scholar
  27. 27.
    Jujjuri, V., Hensbergen, E.V., Liguori, A.: VirtFS – A virtualization aware File System pass-through. In: Proc. Ottawa Linux Symposium (2010)Google Scholar
  28. 28.
    Christodorescu, M., Sailer, R., Schales, D.L., Sgandurra, D., Zamboni, D.: Cloud Security Is Not (Just) Virtualization Security: A Short Paper. In: Proc. CCSW (2009)Google Scholar
  29. 29.
    Petroni Jr, N.L., Hicks, M.: Automated Detection of Persistent Kernel Control-Flow Attacks. In: Proc. CCS (2007)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2011

Authors and Affiliations

  • Anil Kurmus
    • 1
  • Moitrayee Gupta
    • 2
  • Roman Pletka
    • 1
  • Christian Cachin
    • 1
  • Robert Haas
    • 1
  1. 1.IBM ResearchZurich
  2. 2.Department of Computer Science and EngineeringUCSDUSA

Personalised recommendations