MTS: Bringing Multi-Tenancy to Virtual Networking

Kashyap Thimmaraju,Saad Hermak,Gábor Rétvári,Stefan Schmid
2024-03-04
Abstract:Multi-tenant cloud computing provides great benefits in terms of resource sharing, elastic pricing, and scalability, however, it also changes the security landscape and introduces the need for strong isolation between the tenants, also inside the network. This paper is motivated by the observation that while multi-tenancy is widely used in cloud computing, the virtual switch designs currently used for network virtualization lack sufficient support for tenant isolation. Hence, we present, implement, and evaluate a virtual switch architecture, MTS, which brings secure design best-practice to the context of multi-tenant virtual networking: compartmentalization of virtual switches, least-privilege execution, complete mediation of all network communication, and reducing the trusted computing base shared between tenants. We build MTS from commodity components, providing an incrementally deployable and inexpensive upgrade path to cloud operators. Our extensive experiments, extending to both micro-benchmarks and cloud applications, show that, depending on the way it is deployed, MTS may produce 1.5-2x the throughput compared to state-of-the-art, with similar or better latency and modest resource overhead (1 extra CPU). MTS is available as open source software.
Cryptography and Security,Networking and Internet Architecture
What problem does this paper attempt to address?
The problem that this paper attempts to solve is: in the multi - tenant cloud environment, the current virtual switch (vswitch) design lacks sufficient tenant isolation, resulting in insufficient security and performance isolation. Specifically: 1. **Security Isolation Problem**: The existing virtual switch designs do not fully follow the security system design principles (such as least privilege, complete mediation, least - shared mechanism, etc.), which makes it possible for malicious tenants to attack the host or other tenants' network traffic through the virtual switch. 2. **Performance Isolation Problem**: In the existing design, the logical data paths of multiple tenants share the same physical or software virtual switch, which may lead to low - resource cross - tenant denial - of - service (DoS) attacks and affect performance. To solve these problems, the paper proposes a new virtual switch architecture - MTS (Multi - Tenancy Switch), aiming to enhance security and improve performance in the following ways: - **Least Privilege**: Place the virtual switch in an independent VM, limit its permissions, and prevent malicious tenants from attacking the host through the virtual switch. - **Complete Mediation**: Ensure that all communications between tenants and the host are verified and monitored by a trusted middleware through SR - IOV technology. - **Additional Security Boundary**: Move the virtual switch to the user space to add a layer of security isolation. - **Least - Shared Mechanism**: Further reduce the shared resources among tenants and achieve stricter isolation by creating multiple independent virtual switch VMs. The paper verifies the effectiveness of MTS through experiments, showing significant improvements in throughput, latency, etc., and relatively small resource overhead.