Shared memory protection in a multi-tenant JVM
Pages 1 - 15
Abstract
Multi-tenant Software-as-a-Service (SaaS) providers allow tenants to customize the application at different levels. When the customization involves tenant custom code and a single application instance is shared among multiple tenants, the issue of tenant isolation becomes critical. In common practice, tenant isolation, which amounts to protection of tenants against any interference and disturbance from each other, is performed by isolating tenant custom code in either a dedicated Virtual Machine (VM) or a dedicated container.
However, tenant isolation can be enforced at the higher level of threads rather than OS processes. The main advantage of this alternative approach is that it significantly increases tenant accommodation capacity (the number of tenants that can be hosted on a single node). However, achieving this benefit raises a number of non-trivial challenges, most notably the need for access control over the memory space shared between the custom code of multiple tenants.
In this paper, we present a solution for protecting the shared memory space of the Java Virtual Machine (JVM) demarcated by the static fields of the java.base module. The solution is based on systematic analysis of the java.base module. As a result of the analysis, the set of shared classes is reduced to a minimal subset of the java.base module and it is shown that the static fields of the minimal subset can be protected using the Java platform security. A multi-tenant class loading mechanism is also provided for loading a tenant-specific runtime instance of classes not included in the minimal subset.
The proposed solution is implemented on top of a customized OpenJDK 11 and validated by means of 18 validation scenarios. The evaluation results presented in this paper show that achieving a memory footprint reduction ranging between 32% and 97% requires only 32 CLOC in OpenJDK source and denial of only 9 distinct permissions for tenants without any significant performance overhead for a wide range of application domains.
References
[1]
Godmar Back, Wilson C Hsieh, and Jay Lepreau. 2000. Processes in KaffeOS: Isolation, resource management, and sharing in Java. In Proceedings of the 4th conference on Symposium on Operating System Design & Implementation-Volume 4. 23.
[2]
Stephen M Blackburn, Robin Garner, Chris Hoffmann, Asjad M Khang, Kathryn S McKinley, Rotem Bentzur, Amer Diwan, Daniel Feinberg, Daniel Frampton, and Samuel Z Guyer. 2006. The DaCapo benchmarks: Java benchmarking development and analysis. In Proceedings of the 21st annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications. 169–190.
[3]
Yang Cao, Chung-Horng Lung, Samuel A Ajila, and Xiaolin Li. 2019. Support mechanisms for cloud configuration using XML filtering techniques: A case study in SaaS. Future Generation Computer Systems, 95 (2019), 52–67.
[4]
Grzegorz Czajkowski and Laurent Daynès. 2012. Multitasking without Compromise: A Virtual Machine Evolution. SIGPLAN Notices (Originally OOPSLA 2001), 47, 4a (2012), March, 60–73. issn:0362-1340 https://doi.org/10.1145/2442776.2442785
[5]
Grzegorz Czajkowski, Laurent Daynès, and Ben L Titzer. 2003. A Multi-User Virtual Machine. In USENIX Annual Technical Conference, General Track. 85–98.
[6]
Haolong Fan, Farookh Khadeer Hussain, Muhammad Younas, and Omar Khadeer Hussain. 2015. An integrated personalization framework for SaaS-based cloud services. Future Generation Computer Systems, 53 (2015), 157–173.
[7]
Nicolas Geoffray, Gaël Thomas, Gilles Muller, Pierre Parrend, Stéphane Frénot, and Bertil Folliot. 2009. I-JVM: a Java virtual machine for component isolation in OSGi. In Dependable Systems & Networks, 2009. DSN’09. IEEE/IFIP International Conference on. 544–553.
[8]
Anders T Gjerdrum, Robert Pettersen, Håvard D Johansen, and Dag Johansen. 2017. Performance of Trusted Computing in Cloud Infrastructures with Intel SGX. In CLOSER. 668–675.
[9]
David Goltzsche, Manuel Nieke, Thomas Knauth, and Rüdiger Kapitza. 2019. AccTEE: A WebAssembly-based Two-way Sandbox for Trusted Resource Accounting. In Proceedings of the 20th International Middleware Conference (Middleware ’19). ACM, New York, NY, USA. 123–135. isbn:978-1-4503-7009-7 https://doi.org/10.1145/3361525.3361541
[10]
Diwaker Gupta, Ludmila Cherkasova, Rob Gardner, and Amin Vahdat. 2006. Enforcing performance isolation across virtual machines in Xen. In ACM/IFIP/USENIX International Conference on Distributed Systems Platforms and Open Distributed Processing. 342–362.
[11]
Almut Herzog and Nahid Shahmehri. 2005. Problems running untrusted services as java threads. In Certification and Security in Inter-Organizational E-Service. Springer, 19–32.
[12]
Java API. 2018. Java API. https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/Thread.html Accessed: 2020-03-19.
[13]
JCP. 2006. JSR 121: Resource Consumption Management API. https://jcp.org/en/jsr/detail?id=121 Accessed: 2018-12-04.
[14]
Graeme Johnson and Michael Dawson. 2015. Introduction to Java multitenancy.
[15]
Young Jin Kim, Young Choon Lee, Hyuck Han, and Sooyong Kang. 2018. Hierarchical Recursive Resource Sharing for Containerized Applications. In International Conference on Service-Oriented Computing. 781–796.
[16]
Yunfa Li, Wanqing Li, and Congfeng Jiang. 2010. A survey of virtual machine system: Current technology and future trends. In Electronic Commerce and Security (ISECS), 2010 Third International Symposium on. 332–336.
[17]
Majid Makki, Dimitri Van Landuyt, Bert Lagaisse, and Wouter Joosen. 2019. Thread-Level CPU and Memory Usage Control of Custom Code in Multi-tenant SaaS. In International Conference on Service-Oriented Computing. 267–282.
[18]
Majid Makki, Dimitri Van Landuyt, Bert Lagaisse, and Wouter Joosen. 2021. Thread-level resource consumption control of tenant custom code in a shared JVM for multi-tenant SaaS. Future Generation Computer Systems, 115 (2021), 351 – 364. issn:0167-739X https://doi.org/10.1016/j.future.2020.09.025
[19]
Mohammad Reza Memarian, Diogo Fernandes, Pedro Inácio, Ville Leppänen, and Mauro Conti. 2017. Applications of Trusted Computing in Cloud Context. In Research Advances in Cloud Computing. Springer, 449–465.
[20]
Afaf Mousa, Jamal Bentahar, and Omar Alam. 2019. Context-aware composite SaaS using feature model. Future Generation Computer Systems, 99 (2019), 376–390.
[21]
Laud Charles Ochei, Julian M. Bass, and Andrei Petrovski. 2018. Degrees of tenant isolation for cloud-hosted software services: a cross-case analysis. Journal of Cloud Computing, 7, 1 (2018), 17 Dec, 22. issn:2192-113X https://doi.org/10.1186/s13677-018-0121-8
[22]
Oracle. [n.d.]. Introduction to GraalVM. https://www.graalvm.org/docs/introduction/ Accessed: 2021-02-01.
[23]
Ronald Perez, Reiner Sailer, and Leendert van Doorn. 2006. vTPM: virtualizing the trusted platform module. In Proc. 15th Conf. on USENIX Security Symposium. 305–320.
[24]
Sara Porat, Marina Biberstein, Larry Koved, and Bilha Mendelson. 2000. Automatic detection of immutable fields in Java. In Proceedings of the 2000 conference of the Centre for Advanced Studies on Collaborative research. 10.
[25]
Aleksandar Prokopec, Andrea Rosà, David Leopoldseder, Gilles Duboscq, Petr Tŭma, Martin Studener, Lubomír Bulej, Yudi Zheng, Alex Villazón, and Doug Simon. 2019. Renaissance: Benchmarking suite for parallel applications on the jvm. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation. 31–47.
[26]
Graeme Proudler, Liqun Chen, and Chris Dalton. 2015. Trusted Computing Platforms: TPM2.0 in Context. Springer Publishing Company, Incorporated. isbn:3319087436
[27]
Luis Rodero-Merino, Luis M Vaquero, Eddy Caron, Adrian Muresan, and Frédéric Desprez. 2012. Building safe PaaS clouds: A survey on security in multitenant software platforms. computers & security, 31, 1 (2012), 96–108.
[28]
Nuno Santos, Krishna P Gummadi, and Rodrigo Rodrigues. 2009. Towards Trusted Cloud Computing. HotCloud, 9, 9 (2009), 3.
[29]
Zhidong Shen, Li Li, Fei Yan, and Xiaoping Wu. 2010. Cloud computing system based on trusted computing platform. In 2010 International Conference on Intelligent Computation Technology and Automation. 1, 942–945.
[30]
Kumar Shiv, Kingsum Chow, Yanping Wang, and Dmitry Petrochenko. 2009. SPECjvm2008 performance characterization. In SPEC Benchmark Workshop. 17–35.
[31]
Gaurav Somani and Sanjay Chaudhary. 2009. Application performance isolation in virtualization. In Cloud Computing, 2009. CLOUD’09. IEEE International Conference on. 41–48.
[32]
Hui Song, Franck Chauvel, and Arnor Solberg. 2018. Deep customization of multi-tenant SaaS using intrusive microservices. In 2018 IEEE/ACM 40th International Conference on Software Engineering: New Ideas and Emerging Technologies Results (ICSE-NIER). 97–100.
[33]
Haonan Sun, Rongyu He, Yong Zhang, Ruiyun Wang, Wai Ip, and Kai Yung. 2018. eTPM: A Trusted Cloud Platform Enclave TPM Scheme Based on Intel SGX Technology. Sensors, 18, 11 (2018), 3807.
[34]
Eddy Truyen, Dimitri Van Landuyt, Vincent Reniers, Ansar Rafique, Bert Lagaisse, and Wouter Joosen. 2016. Towards a container-based architecture for multi-tenant SaaS applications. In Proceedings of the 15th International Workshop on Adaptive and Reflective Middleware. 6.
[35]
Luis M Vaquero, Luis Rodero-Merino, and Rajkumar Buyya. 2011. Dynamically scaling applications in the cloud. ACM SIGCOMM Computer Communication Review, 41, 1 (2011), 45–52.
[36]
Craig D Weissman and Steve Bobrowski. 2009. The design of the force. com multitenant internet application development platform. In Proceedings of the 2009 ACM SIGMOD International Conference on Management of data. 889–896.
Index Terms
- Shared memory protection in a multi-tenant JVM
Recommendations
Enhanced Multi-Tenant Architecture for DaaS, PaaS, IaaS and SaaS in Edu-Cloud: Simplifying the Service provisioning in Edu-Cloud by multi-tenant architecture
ICCCT '15: Proceedings of the Sixth International Conference on Computer and Communication Technology 2015Educational institutions keep on seeking opportunities to extemporize, integrate and rationalize the way they manage their resources. Thus the technology of cloud computing can be one of the opportunities that an educational institute can make use ...
Thread-level resource consumption control of tenant custom code in a shared JVM for multi-tenant SaaS
AbstractSoftware-as-a-Service (SaaS) providers commonly support customization of their services to allow them to attract larger tenant bases. The nature of these customizations in practice ranges from anticipated configuration options to sophisticated ...
Highlights- A mechanism is provided for controlling resource consumption of tenant custom code in a shared JVM.
- CPU, memory, network and storage resources are covered.
- Tenant accommodation capacity is increased by a factor of 84.
- ...
A Methodology for Tenant Migration in Legacy Shared-Table Multi-tenant Applications
Distributed Applications and Interoperable SystemsAbstractMulti-tenancy enables cost-effective SaaS through resource consolidation. Multiple customers, or tenants, are served by a single application instance, and isolation is enforced at the application level. Service load for different tenants can vary ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
September 2021
135 pages
Copyright © 2021 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 29 September 2021
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
Conference
MPLR '21
Sponsor:
MPLR '21: 18th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes
September 29 - 30, 2021
Münster, Germany
Upcoming Conference
ISSTA '25
- Sponsor:
- sigsoft
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 174Total Downloads
- Downloads (Last 12 months)29
- Downloads (Last 6 weeks)0
Reflects downloads up to 14 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in