@VTUpadhai – Cloud Computing (21CS72) – Module 4 Notes

Module 4 - Cloud Security: Risks, Top concern for cloud users, privacy impact assessment, trust, OS
security, VM Security, Security Risks posed by shared images and management OS.
Cloud Security Risks
Cloud computing security faces several risks that both users and providers must address. These include
traditional security threats, risks associated with system availability, and concerns around third-party
control of data.
Traditional Security Threats:
 User-side threats: Users must secure their devices and infrastructure, which can be more
challenging when some components are outside their control.
 Authentication and Authorization: Proper access control is crucial, with different access levels
for individuals within an organization. It’s also hard to integrate internal security policies with
those of the cloud provider.
 Cloud-side threats: Cloud services are vulnerable to traditional attacks like DDoS, phishing,
SQL injection, and cross-site scripting. Virtualization also adds complexity, as shared resources
could be exploited by malicious users.
Availability Risks:
 System Failures: Cloud services can face downtimes due to power outages or system failures.
Data lock-in can also affect business continuity if a provider fails.
 Third-Party Control: Cloud providers may subcontract resources, and the risks of data loss or
breaches increase if those third parties are not trustworthy.
Cloud-Specific Threats:
 Abuse of Cloud Resources: Criminals could misuse cloud resources for malicious activities like
launching DDoS attacks, sending malware, or distributing spam.
 Shared Technology Risks: Issues in virtualization technologies could lead to vulnerabilities that
affect multiple users sharing the same resources.
 Insecure APIs: Cloud service APIs might not provide adequate security for tasks like
authentication and monitoring.
 Insider Threats: Cloud providers might have malicious insiders with access to sensitive
information or systems.
 Data Loss or Leakage: There is a risk of losing critical data due to failures in replication or
storage media. This can be catastrophic, especially if there is no backup.
 Account Hijacking: Cloud users face threats of credentials theft, which can lead to unauthorized
access to cloud services.
 @VTUpadhai – Cloud Computing (21CS72) – Module 4 Notes

Mitigation Efforts:
The Cloud Security Alliance (CSA) has identified key threats like malicious insiders, data loss, insecure
APIs, and account hijacking. Their Security Guidance for Cloud Computing offers advice on how to
minimize these risks.
To address these security concerns, it's important to establish robust security protocols, ensure
transparency in provider operations, and be aware of new attack vectors unique to cloud computing, such
as multitenancy risks and data control challenges.

Figure 9.1 depicts the surfaces of attacks in a cloud computing environment. It shows the interactions
between three key actors: the User, the Service, and the Cloud Infrastructure.
 User-Cloud: The user requests resources from the cloud, and potential attacks can occur during
this interaction.
 Service-User: The service interacts with the user, and attacks may target the service from the user
side, such as phishing or SSL certificate spoofing.
 Cloud-User: The cloud infrastructure can also be a source of attacks on the user, such as attacks
from compromised cloud resources.
 Service-Cloud: The service interacts with the cloud infrastructure to manage and request
resources, and attacks can originate here, such as privilege escalation or data distortion.
 Cloud-Service: Cloud infrastructure can attack the service, for example, through privilege-related
attacks or data injection.

Security- Top concern for cloud users

Security remains the top concern for cloud users, as they are accustomed to having full control over their
sensitive data within a secure perimeter, protected by corporate firewalls. However, in the cloud, they
must extend trust to cloud service providers (CSPs), which presents a significant shift in responsibility.
Major security concerns include unauthorized access, data theft, and loss of control over the data
lifecycle.
 @VTUpadhai – Cloud Computing (21CS72) – Module 4 Notes

Key User Concerns:

1. Unauthorized Access & Data Theft:
o Data stored in the cloud is more vulnerable than during processing, and cloud storage
servers need robust security to prevent unauthorized access.
o Rogue employees or insiders at the CSP, whose security screening and hiring processes
are often opaque to users, present a significant risk.
2. Data Lifecycle Control:
o Users often cannot confirm whether their data has been fully deleted after termination of
the service. Backups performed without user consent can create a situation where data is
lost, accessed by unauthorized parties, or exposed.
3. Lack of Standardization:
o Interoperability is a major issue. Users face challenges such as how to retrieve data if the
CSP goes offline, how to manage price hikes by the CSP, and what the costs are for
migrating to another provider.
4. Auditing and Compliance:
o Full audit trails are challenging in cloud environments, and compliance with laws such as
privacy and security regulations is complicated. Existing frameworks like FIPS and
FISMA do not easily extend to cloud services.
5. Autonomic Computing Risks:
o New technologies like autonomic computing, which allows systems to self-organize, self-
optimize, and self-repair, could introduce new security risks, making it even harder to
trace actions or identify vulnerabilities.
6. Multitenancy:
o While multitenancy reduces costs, it also introduces risks as many users share the same
server. Compromise of a server can affect multiple users, and threats to data during
processing time cannot be overlooked.
7. Legal and Privacy Concerns:
o Cloud computing operates in a complex legal environment, with data potentially crossing
multiple jurisdictions. The question of which laws apply, especially when data is
outsourced or shared with law enforcement, is a major concern for users.
User Actions to Minimize Risks:
 Evaluate CSP Security Policies: Users should review the CSP's security measures and their
compliance with privacy laws.
 Analyze Stored Data: Users should assess the types of data stored and processed on the cloud,
especially for sensitive information.
 Clear Contractual Obligations: Contracts with CSPs should define the following:
 @VTUpadhai – Cloud Computing (21CS72) – Module 4 Notes

1. CSP's obligations to handle sensitive information securely.

2. CSP's liability for mishandling or losing data.
3. Rules on data ownership and geographical storage of data and backups.
Solutions for Data Protection:
 Avoid Cloud Processing for Sensitive Data: When possible, users should avoid processing
highly sensitive data in the cloud, though this isn't feasible for all applications.
 Encryption: Users should encrypt sensitive data when stored on public or hybrid clouds.
However, encryption can complicate data indexing and searching, and fully homomorphic
encryption or secure two-party computations are potential solutions, though they are currently
inefficient.
In summary, while the cloud offers cost savings and flexibility, it requires careful attention to security and
privacy. Users must actively assess risks, negotiate clear contracts, and implement additional protective
measures like encryption to minimize potential threats.
Privacy and privacy impact assessment
Privacy refers to the right of individuals or organizations to control and protect their personal or
proprietary information from being disclosed without their consent. Privacy is recognized as a basic
human right by many nations, with various laws and regulations in place to protect it, though these rights
are limited by other laws and can conflict with other rights, like freedom of speech. As technology
advances, new privacy threats have emerged, particularly in the digital age, with identity theft being a
common risk due to stolen or misused personal information.
Key Privacy Concerns in Cloud Computing:
1. Loss of Control:
o Once data is stored on a CSP's servers, users lose control over the exact location and
duration of data storage. For example, with services like Gmail, users cannot control
where their data is stored or how long emails are retained in server backups.
2. Unauthorized Secondary Use:
o CSPs may use data for purposes beyond the original intent, such as targeted advertising.
This secondary use is often not preventable, as there are no technological solutions to
stop it.
3. Dynamic Provisioning and Outsourcing:
o CSPs often outsource services, which introduces issues such as the lack of transparency
about subcontractors' rights to data. Questions also arise about how data rights change
during events like mergers or bankruptcy.
4. Legal and Legislative Framework:
o Different countries have varying privacy laws, with some more aggressive than others in
protecting personal data. The European Union, for example, enforces strict regulations,
 @VTUpadhai – Cloud Computing (21CS72) – Module 4 Notes

including the "right to be forgotten," which allows individuals to have their data erased
from the internet.
Privacy Impact Assessment (PIA):
A Privacy Impact Assessment (PIA) is a tool for identifying privacy risks in information systems. PIAs
are critical for ensuring privacy is built into systems from the start rather than retrofitted. A PIA process
typically involves the following:
 Notice: Organizations must provide clear information about what data they collect, how it’s used,
and if it's shared with third parties.
 Choice: Users should have the ability to choose how their data is used, especially for secondary
purposes like marketing or sharing with external entities.
 Access: Users should be able to review the data collected about them and correct inaccuracies or
delete information if necessary.
 Security: Organizations must take reasonable steps to protect user data from unauthorized access
or breaches.
Proposed Tools for Privacy Management:
There is a call for tools to proactively address privacy concerns in systems. One proposed tool is a web-
based Privacy Impact Assessment (PIA) tool that helps organizations evaluate and mitigate privacy risks.
This tool would take inputs from project information, risk assessments, and stakeholder details to
generate a comprehensive PIA report, covering areas like transparency, security, and cross-border data
flows.
The PIA tool would be supported by a knowledge base created by domain experts, which would use a
rule-based system to evaluate privacy risks and generate necessary actions based on specific legal and
regulatory frameworks. This proactive approach ensures privacy concerns are addressed before systems
are fully deployed, reducing the need for costly changes later.
Privacy remains a critical concern in cloud computing, particularly as personal data is stored on third-
party servers, and users often lose control over their information. Strong legislation, transparent privacy
policies, and tools like PIAs are essential to managing these risks and ensuring that privacy rights are
respected in the digital age.

Trust in Cloud Computing

Trust is a crucial factor in cloud computing, similar to its role in other online activities. It is based on the
reliance individuals or organizations place on the character, ability, strength, or truth of others. Trust
facilitates cooperation, reduces conflict, decreases transaction costs, and fosters adaptive organizational
forms.
Key Aspects of Trust:
1. Risk: Trust is built on the perception of risk, where uncertainty about potential losses makes trust
necessary. Without risk, there would be no need for trust.
 @VTUpadhai – Cloud Computing (21CS72) – Module 4 Notes

2. Interdependence: Trust also depends on interdependence, where one entity's success relies on
the actions of another. This relationship is key in cloud services, where a user depends on the CSP
for data storage, security, and availability.
Phases of Trust:
1. Building Phase: Trust is initially formed based on initial interactions or promises.
2. Stability Phase: Trust becomes stable and established over time.
3. Dissolution Phase: Trust declines due to breaches or failures.
Types of Trust:
 Deterrence-based Trust: Trust based on the belief that the penalties for breaching trust outweigh
any potential benefits from dishonest behavior.
 Calculus-based Trust: Trust based on the belief that cooperation benefits both parties.
 Relational Trust: Develops over time through repeated positive interactions, based on
dependability and reliability.
Trust in Online Environments:
Trust in online environments, especially on the internet, faces unique challenges. Anonymity and lack of
identity transparency reduce trust, as it becomes difficult to assess the true nature of an entity. Without
identifiable characteristics or accountability, the ability to trust becomes compromised.
Addressing Trust Issues:
1. Access Control: Mechanisms are needed to prevent unauthorized access and protect data.
2. Identity Transparency: Ensuring that the identities of parties involved in transactions are
verified and transparent. This can be achieved through biometric identification, digital signatures,
and certificates.
3. Surveillance: Ongoing monitoring of systems through intrusion detection or logging and auditing
ensures actions can be traced and reviewed, thus fostering accountability.
Mechanisms for Building Trust:
1. Credentials: Digital credentials, like digital signatures, serve as proof of identity and
competence. For example, a doctor’s diploma certifies their qualifications, just as a digital
certificate verifies the identity of a user or organization online.
2. Policies: Trust policies outline conditions under which trust is granted and specify actions to take
when conditions are met or violated. These often require the verification of credentials.
3. Reputation: Reputation is built over time based on interactions with an entity. Positive or
negative history influences trust decisions. Recommendations or reviews from other trusted
parties also contribute to reputation-building.
 @VTUpadhai – Cloud Computing (21CS72) – Module 4 Notes

Trust in Cloud Services:

In cloud computing, trust is often assessed based on the service provider’s reliability and how well they
meet specified requirements. A “trust of party A to party B for a service X” is based on A’s belief that B
will reliably perform X within a given context. Trust in cloud computing thus depends on transparency,
security, the performance of the provider, and historical interactions.
Building and maintaining trust in cloud computing involves creating transparent, secure systems that
provide clear identity verification, enforce access control, and allow for monitoring of actions. Trust is
also shaped by long-term relationships, reputation, and adherence to established policies. As cloud
services become integral to business operations, ensuring trust remains a core element of cloud security
strategies.

Operating System Security in Cloud Computing

Operating systems (OS) play a critical role in securing the hardware resources and applications that share
those resources in a computing environment. In cloud computing, OS security is essential for maintaining
data integrity, confidentiality, and the protection of applications from malicious attacks. The threats to OS
security have expanded with the growing sophistication of attacks targeting even personal devices like
computers, tablets, and smartphones.
Key Aspects of OS Security:
1. Access Control: The OS controls access to system objects, ensuring that only authorized users or
applications can access critical resources.
2. Authentication: The OS uses authentication mechanisms to verify the identity of users and
applications before granting access to resources.
3. Cryptographic Policies: The OS defines cryptographic policies to protect data confidentiality,
ensuring that sensitive information is encrypted and secure.
Mandatory vs. Discretionary Security:
 Mandatory Security: Involves strict control of policies by the system administrator. These
policies define how security attributes are assigned to users and applications. Trusted applications
are confined to specific security domains and can only access the resources necessary for their
function.
 Discretionary Security: Places the burden of security on individual users, potentially leading to
security breaches due to negligence or lack of knowledge. Discretionary mechanisms allow
applications to alter security policies, which may inadvertently compromise the system.
Trusted Applications and Privileges:
Applications that perform critical security functions are designated as trusted applications. These
applications must be restricted to the minimum privileges necessary for their operation to prevent abuse
or exploitation. For example, type enforcement is a security measure that limits the privileges of trusted
applications to protect against unauthorized access.
 @VTUpadhai – Cloud Computing (21CS72) – Module 4 Notes

Trusted Paths and Security Mechanisms:

A trusted path is essential for ensuring secure interactions between users and trusted software. Without
such a path, malicious software could impersonate trusted software, undermining system security.
Mechanisms like trusted paths allow for secure login authentication and password changes. Enforcer
and decider components in access control mechanisms ensure that security policies are enforced
accurately by gathering necessary information and making security decisions based on predefined
policies.
Mobile Code and Security:
Mobile code, such as Java applets, introduces significant security risks by executing code that may
attempt to access restricted data or resources. While the Java Security Manager provides some
protection by running applications in a sandbox environment, it is still vulnerable to certain forms of
tampering. The OS must prevent mobile code from altering data or violating security policies, especially
when executed in environments that cannot fully protect themselves.
Challenges of Commodity Operating Systems:
Commodity operating systems (like Windows or Linux) are complex and contain millions of lines of
code, making them susceptible to vulnerabilities and attacks. These systems often fail to adequately
isolate applications from each other, meaning that if one application is compromised, all other
applications on the same platform could also be at risk. OSes also provide weak mechanisms for ensuring
that applications can authenticate each other securely and lack trusted paths for secure communication
between users and applications.
Specialized Platforms:
For high-security applications, specialized platforms (such as those used in cellular phones, game
consoles, and ATMs) may include embedded cryptographic keys. These platforms can verify their identity
to remote systems and authenticate the software running on them, making them more secure than general-
purpose operating systems. These features are not available in traditional commodity systems, which are
more vulnerable to malicious attacks.
While an OS is a critical component for securing the platform on which applications run, it alone cannot
provide sufficient protection against modern security threats. Application-specific security mechanisms,
such as digital signatures in electronic commerce transactions, are essential to bolster the security offered
by the OS. Commodity operating systems offer low assurance due to their complexity, lack of adequate
isolation, and weak authentication mechanisms. These weaknesses are particularly challenging in a
distributed computing environment, where applications may interact with unknown or potentially
malicious entities. Therefore, OS security must be supplemented with additional measures to ensure
comprehensive protection.

Virtual Machine Security

 VM Technology: Virtual machine (VM) security is key in cloud environments, offering benefits
like better isolation between VMs, but also presenting unique vulnerabilities.
 @VTUpadhai – Cloud Computing (21CS72) – Module 4 Notes

 VM Security Models:
o In the Traditional System VM Model, the Virtual Machine Monitor (VMM) enforces
security by controlling access to hardware and isolating VMs from each other.
o Hybrid and Hosted VM Models are less secure because the entire system’s security
depends on the host OS.
o Virtual Security Services: VMs can have their security managed either by the VMM
(Figure 9.2a) or a dedicated security VM (Figure 9.2b). A Trusted Computing Base
(TCB) is critical for maintaining security in virtualized environments.
Isolation and Control
 VMM Isolation: The VMM ensures stricter isolation of VMs than traditional OS processes,
protecting VMs from malicious actions by other VMs.
 Challenges: The VMM primarily manages lower-level system functions, while higher-level
security services are more abstract and difficult to enforce through the VMM.
Security Features of Virtualization
 VM Cloning and Replication: The ability to clone or replicate VMs enhances security, as it
allows for the testing of suspicious applications in a controlled, isolated environment.
 Communication and Isolation: Inter-VM communication is faster than between physical
machines, which can be used to enhance security by isolating sensitive processes.
Threats and Attacks
 Sophisticated Attacks: Attackers may attempt to avoid VM honeypots, or access VM logs to
steal sensitive data like cryptographic keys. Log files must be carefully protected.
 Security Trade-offs: Virtualization provides enhanced security but incurs higher hardware costs
and development overhead. The Virtual Machine Monitor (VMM) introduces overhead due to
its involvement in privileged operations.
VM-based Intrusion Detection and Prevention
 VM-based intrusion detection systems (IDS), such as Livewire and Siren, use VM isolation,
inspection, and interposition to detect attacks. VMs also support intrusion prevention systems
like SVFS and NetTop, focusing on protecting against threats before they impact the system.
VMM and VM-Based Threats
1. VMM-based Threats:
o Resource Starvation: Rogue VMs can bypass resource limits, starving other VMs.
o Side-Channel Attacks: Poor isolation between VMs can allow malicious VMs to attack
others.
o Buffer Overflow: Vulnerabilities within the VMM can be exploited by attackers.
 @VTUpadhai – Cloud Computing (21CS72) – Module 4 Notes

2. VM-based Threats:
o Rogue VMs: Unauthorized VMs can be created and launched with insecure settings.
o Tampered VM Images: VMs may use insecure or compromised images, leading to
security risks.

Figure 9.2(a): This diagram illustrates a system where Virtual Security Services are provided by the
Virtual Machine Monitor (VMM). The VMM controls the entire hardware access and manages the
interactions of the guest VMs, while also providing security services to ensure the integrity and isolation
of the VMs.
Figure 9.2(b): This figure shows an alternative architecture where a dedicated Security Services VM
handles security tasks. In this setup, the security functions are separated from the VMM and run in their
own isolated VM. This additional layer enhances security, especially for managing sensitive data and
policies.
VM technology offers strong isolation and security features, but it is not without its challenges. It requires
careful management, especially regarding resource allocation, image integrity, and monitoring for threats.
While the benefits of virtualization, like better isolation and flexibility, enhance security, it requires
additional overhead, including higher hardware costs and development efforts.

Security Risks Posed by Shared Images in Cloud Environments

When using cloud services like Amazon Web Services (AWS), image sharing—particularly through
resources like Amazon Machine Images (AMIs)—can expose users to various security vulnerabilities,
even if the cloud provider is trusted. Shared AMIs, often tempting for less experienced users, can harbor
significant security risks, especially if they come from untrusted or malicious sources.
Image Creation Process
Creating an AMI involves bundling the contents of a running system (or another image) into an S3
bucket. The process includes:
1. Creating the Image: Starting from a running system, another AMI, or a VM image.
 @VTUpadhai – Cloud Computing (21CS72) – Module 4 Notes

2. Bundling: The image is compressed, encrypted, and split into segments to be uploaded.
3. User Instantiation: The user specifies resources, credentials, firewall configuration, and region
settings to instantiate the AMI.
The process of sharing images can introduce various security risks because of leftover sensitive data or
improper configurations.
Key Findings from AMI Security Audits
A security audit of 5,303 AMIs revealed several critical security risks:
1. Vulnerabilities:
o 98% of Windows AMIs and 58% of Linux AMIs had critical vulnerabilities, including
remote code execution risks.
o These vulnerabilities were often outdated, with many images being several years old, and
sometimes lacking necessary patches.
2. Backdoors and Credentials:
o Many Linux AMIs had left-over credentials (e.g., ssh keys and passwords), allowing
unauthorized users to log into running instances.
o Some AMIs retained the original creator's ssh keys, allowing them to access instances
remotely without detection.
o Password hashes in AMIs could be cracked using tools like John the Ripper, opening
further access for attackers.
3. Omitted Security Configurations:
o Cloud-init scripts, meant to regenerate ssh host keys on boot, were sometimes omitted.
This allowed attackers to conduct man-in-the-middle attacks by exploiting shared ssh
keys across instances.
4. Unsolicited Connections:
o Some AMIs were configured to send information to external agents (e.g., syslog logs and
IP addresses), potentially leaking sensitive data to malicious actors.
o These connections could be disguised as legitimate, making it difficult for users to detect
unauthorized data exfiltration.
5. Malware:
o Malware, including Trojans, was discovered in some Windows AMIs. These Trojans
could facilitate keylogging, data theft, and process monitoring, compromising the privacy
and security of users.
 @VTUpadhai – Cloud Computing (21CS72) – Module 4 Notes

Privacy Risks for Image Creators

Creators of shared AMIs risk exposing:
 Private keys, IP addresses, browser history, and shell history.
 Malicious actors can extract sensitive data such as API keys, leading to unauthorized cloud
service usage, or access SSH keys that lack passphrase protection, allowing further compromise.
 Deleted files in AMIs can often be recovered using standard utilities, revealing sensitive
information if proper sanitization was not performed.
Key Recommendations
1. Secure Image Creation:
o Use tools like shred, scrub, or wipe to ensure sensitive data is securely deleted before
creating an image.
o Avoid leaving private keys, IP addresses, or other sensitive information in the image files.
o Ensure that cloud-init scripts are correctly configured to prevent shared SSH keys and
mitigate man-in-the-middle risks.
2. Vulnerability Management:
o Regularly update and patch AMIs, especially critical security vulnerabilities related to
system services.
o Perform vulnerability audits on AMIs before using them to ensure they don't expose the
system to known exploits.
3. Image Auditing:
o Users should audit shared AMIs to ensure no backdoors (e.g., unwanted ssh keys,
passwords) remain.
o Use security tools to inspect AMIs for malware and unexpected outgoing connections.
4. Control Access to AMI Repositories:
o Restrict access to image repositories and ensure that only authorized users can create,
modify, or share AMIs.
Shared images in cloud environments pose significant security and privacy risks, especially when the
images are not properly sanitized or maintained. Users and image creators must be aware of the potential
vulnerabilities, including leftover credentials, unpatched software, malware, and recovery of deleted files.
By following best practices for image creation and auditing, these risks can be minimized, enhancing the
overall security of cloud infrastructure.
Security risks posed by a management OS
The security risks posed by a management OS in virtualized environments, especially those relying on
hypervisors like Xen, are significant, despite the small footprint of the hypervisor itself. Here’s a
summary of the key risks and concerns:
 @VTUpadhai – Cloud Computing (21CS72) – Module 4 Notes

1. Trusted Computing Base (TCB): In a virtualized environment, the TCB includes the hardware,
hypervisor, and management OS (running in Dom0). While the hypervisor provides isolation
between VMs, the management OS is a critical component and can introduce vulnerabilities. In
Xen, Dom0 manages VM creation, I/O device emulation, and other administrative tasks.
2. Vulnerabilities in the Management OS: A study of Xen found that most attacks targeted the
service components of the management OS, not the hypervisor itself. For instance, vulnerabilities
could allow for buffer overflows, denial-of-service (DoS) attacks, or even the modification of the
guest OS kernel to allow malicious control.
3. Potential Malicious Actions by Dom0: A compromised Dom0 could perform several harmful
actions:
o Prevent a VM from starting (denial-of-service).
o Alter the kernel of a guest OS to monitor or control applications.
o Manipulate memory mappings and virtual CPU states, undermining VM integrity.
4. Communication Risks: During runtime, Dom0 facilitates communication between guest OSes
(DomUs) and external systems via shared device drivers. This communication is typically
unsecured, and while TLS encryption can be used, it doesn’t prevent Dom0 from potentially
extracting sensitive information, such as cryptographic keys, from memory.
5. Critical Role of XenStore: XenStore, a critical component for maintaining the state of the
system, can be targeted by malicious VMs to deny access to other VMs or even gain unauthorized
access to memory.
6. Protection Requirements for Dom0:
o Memory Sharing: Dom0 should be restricted from accessing the memory of DomUs
unless initiated by a hypercall from Dom0 and the memory is encrypted.
o Hypercall Restrictions: Security-critical hypercalls should be tightly controlled. Certain
hypercalls that can harm a DomU, like foreign mapping or debugging hypercalls, should
be monitored and possibly restricted.
o Ensuring Confidentiality and Integrity: Virtual CPU registers and memory should be
encrypted during save and restore operations. The hypervisor should also perform
integrity checks.
7. Performance Overhead: Increased security measures, such as encrypted memory and encrypted
virtual CPU states, can lead to significant overhead. Performance measurements show that the
overhead can increase domain build times, save times, and restore times by up to 2.3 times.
 @VTUpadhai – Cloud Computing (21CS72) – Module 4 Notes

Figure 9.3 shows the architecture of a Xen-based virtualized environment.

 Hardware: The physical machines at the bottom.
 Xen (Hypervisor): A lightweight layer that virtualizes the hardware and manages guest VMs
(DomUs).
 Dom0 (Management OS): The privileged management OS that controls VM creation, resource
allocation, and device management. It communicates between DomUs and hardware.
 DomU (Guest OS): Virtual machines running on top of Xen with their own OS and applications,
isolated from each other by the hypervisor.
The security of the entire virtualized environment is thus dependent not only on the hypervisor but also on
securing the management OS (Dom0) and the communications between Dom0 and DomUs.