ABSTRACT
Such a large collection of resources within virtual hosts is maximized among customers (also known as tenants) with the objective to achieve the best result (i.e., to provide the best service) at the least cost (i.e., by sharing the very same physical hardware over multiple
CONTENTS 13.1 Introduction 193 13.2 Virtualization Security 197 13.3 Hardware Resources 199
13.3.1 CPU Virtualization 199 13.3.2 GPU Virtualization 200 13.3.3 Network Virtualization 201
13.4 Hypervisor-Layer Resources 204 13.4.1 VMM Security 205 13.4.2 VM Security 207
13.5 OS Resources 208 13.5.1 Kernel Integrity 208 13.5.2 Privilege Separation 208
13.6 Application Resources 209 13.6.1 Secure Data Storage 209 13.6.2 User Data Isolation 210
13.7 Summary 211 References 211
virtual hosts). Heterogeneous physical and virtual resources can be used to split and process the same problem (see Figure 13.2 and also MapReduce [2]). Once virtual resources (such as virtual networks, virtual data, and virtual processors) have been assigned to tenants, these latter ones have complete access to them and can rearrange them in order to better t their needs. As an example, virtual memory and virtual networks given to the tenant by the CSP can be further redistributed by the tenant over dierent virtual machines (VMs) in order to build a specic topology aimed at providing some services. is process is called virtual resource to virtual resource (VR2VR) [3] management and many solutions have been already proposed to manage it [4,5].
