The Shared Memory Based Cryptographic Card Virtualization

Abstract

AbstractDriven by cloud computing technology, traditional cryptography is transforming into cloud cryptographic service. Cryptographic cards must be virtualized if they are to be used in cloud. Hardware virtualization is the most commonly used cryptographic card virtualization solution, however, all existing hardware solutions rely on high-performance cryptographic cards that support Single Root I/O Virtualization (SR-IOV). Such cryptographic cards are expensive, providing a limited number of virtual cryptographic cards, making it challenging to support large-scale computing in cloud. Furthermore, existing software-based virtualization solutions perform poorly and do not support operations such as virtual machine(VM) migration and replication. This paper proposes a shared memory based cryptographic card software virtualization solution, which virtualizes a single PCIe cryptographic card into multiple virtual cryptographic cards, and encapsulates it as a virtual cipher machine (VCM) for users. This solution enables multiple VCMs to share hardware cryptographic resources effectively and reduce the hardware requirements for cloud servers to use cryptographic resources dramatically, realizing elastic expansion and an on-demand supply of cryptographic resources. Experimental results demonstrate that the performance of the solution proposed in this paper is better than the existing software virtualization solutions and can meet the requirements of high availability and high concurrency of cryptographic applications.KeywordsCloud computingShared memoryCryptographic card virtualization