In existing cloud computing models, all virtual machine (VM) instances run in a single shared execution domain. The same host operating system (OS) and hypervisor stack is used across the cloud. Meanwhile, the guest systems, containing a guest OS and application, are under full control of cloud users. A single cloud manager handles VM provisioning, migration, and de-provisioning operations. Computing resources, including central processing unit (CPU) and memory, are typically over-committed across all VM instances. This has created several problems.
For example, due to the complexity, frequent updates and close interactions with cloud and web users, guest systems and cloud managers are highly vulnerable to external attacks. Also, a single attack could penetrate all hypervisors, which are of the same type, and compromise the entire cloud. Additionally, malicious code can propagate in the cloud through shared resources. Further, resource over-commitment causes performance degradations and uncertainties to individual applications.