Detection of Service Level Agreement (SLA) Violation in Memory Management in Virtual Machines

In cloud computing, quality of services is often enforced through Service Level Agreement (SLA) between end users and cloud providers. While SLAs on hardware resources such as CPU cycles or bandwidth can be monitored by low layer sensors, the enforcement of security SLAs stays a very challenging problem. Several high level architectures for security SLAs have been proposed. However, details still need to be filled before they can be deployed. In this paper, we propose to design mechanisms to detect violations of security SLAs. Specifically, we focus on unauthorized accesses to memory pages of a virtual machine and violation of the memory deduplication policies. Through measuring the accumulated memory access latency, we try to derive out whether or not the memory pages have been swapped out and the order of accesses to them. These events will then be compared to access commands issued by the local VM. In this way, unauthorized memory accesses or violation of deduplication policies can be detected. Compared to existing approaches, our mechanisms do not need explicit help from the hypervisor or third parties. Therefore, it can detect SLA violations even when they are initiated by the hypervisor. We implement our approaches under VMWare with Windows virtual machines. Our experiment results show that the VM can effectively detect the violations with small increases in overhead.