How to Resuscitate a Sick VM in the Cloud.

A guest virtual machine in a cloud platform may fall “sick” when its kernel encounters a fatal low-level bug or is subverted by an adversary. The VM owner is hence likely to lose her control over it due to a kernel hang or being denied of remote accesses. While the VM can be rebooted with the assistance from the cloud server, the owner not only faces service disruption but also is left with no opportunity to make an in-depth diagnosis and forensics on the spot, not to mention a live rectification. Currently, the cloud service provider has neither incentive nor the technology to assist owners to resuscitate their falling VMs. In this paper, we propose a new cloud service termed VMCare-As-A-Service (VaaS) with the vision that the owner of a sick VM applies her tools running on a special VM to repair it. VaaS demands innovative cloud technologies for the unique infrastructure support as well as new software security techniques for attacks neutralization and runtime rectification upon a running and corrupted kernel. We examine the ensuing research challenges and present several preliminary approaches to kindle the interests from the community.