Tasa de desocupación ampliada

This section discusses the structure and example of architectures of this category in details. We form an architecture of this category by rstly considering the deployment of Px of a system in either dom0, domU, or a hypervisor, as discussed in the conditions above. After that, to create a nal architecture of this system, the system can choose to deploy Fy in appropriate locations: diskU, disk0, or both of them.

For considering of deployment of Px, when Px is deployed in a domain, this creates one or more forms of deployment of Px. For example, when a system

deploys one Px (such as Pa) in a domain, this creates one form of deployment as: a system which deploys Pa called a Pa form. When a system deploys two Px (such as Pa and Pb) in a domain, this creates three forms of deployment as: a system which deploys Pa called a Pa form; a system which deploys Pb called a Pb form; and a system which deploys both Pa and Pb (PaPb) called a PaPb form.

After that, to create a nal architecture of a system, each form above can choose to deploy Fy in disk0, diskU, or disk0U. For example, a Pa form can deploy disk0 to create a nal architecture of a system which deploys Pa and disk0. We represent this nal architecture as 'Pa/disk0'. Thus, each form can create three nal architectures. For example, a Pa form creates three nal architectures as: Pa/diskU, Pa/disk0, and Pa/disk0U.

Figure 4.1 presents all 21 possible nal architectures of the single domain category. From the gure, each branch can be a nal architecture of a logging system, for example, see the three shaded boxes with the dotted-lines labelled one. The lines create the branch of dom0, P1, and disk0. This branch is a nal architecture of a logging system, and this architecture is represented as dom0/P1/disk0 or for short P1/disk0. The representation means that a logging system that follows this architecture deploys P1 in dom0 user level, F3 in disk0, and F4 in mem0. The architecture is presented in Figure 4.2.

Forming all the 21 nal architectures or branches is discussed in the lists below:

• 9 architectures when a system deploys Px in dom0

See the three branches originated from dom0 box in Figure4.1, this creates three forms as: a system which deploys P1, a system which deploys P2, and a system which deploys P1P2. These three forms can deploy the three deployment approaches of Fy or condition 1 discussed above. This then creates nine architectures as: P1/disk0 (in the gure from dom0 box, see P1 box and its rst branch), P1/diskU, P1/disk0U, P2/disk0, P2/diskU, P2/disk0U, P1P2/disk0, P1P2/ diskU, and P1P2/ disk0U

Figure 4.2: A logging system architecture deploying P1, F3, and F4 (dom0/P1/disk0 or for short P1/disk0)

See the three branches originated from domU box in Figure 4.1, this cre- ates other three forms as: a system which deploys P3, a system which deploys P4, and a system which deploys P3P4. These three forms can de- ploy the three deployment approaches of Fy. This then creates other nine architectures as: P3/disk0 (in the gure from domU box, see P3 box and its rst branch), P3/diskU, P3/disk0U, P4/disk0, P4/diskU, P4/disk0U, P3P4/disk0, P3P4/diskU, and P3P4/ disk0U

• 3 architectures when a system deploys Px in a hypervisor

Lastly, see the branch originated from hypervisor box in Figure 4.1, this creates only one form which is a system which deploys P5. The form can deploy the three deployment approaches of Fy. Then, this creates other three architectures as: P5/disk0, P5/diskU, and P5/disk0U.

Not all 21 architectures of the single domain category already exist. We nd three existing architectures, which are listed below. Some of the architectures are

from the related work concerning logging systems in IaaS in Section 2.8.

1. The architecture in Figure 4.2 is the architecture of the logging system (Figure 3.3) in the spamming case study in Section 3.4.2.1.

2. The dotted-lines labelled two in Figure4.1 create the branch of domU, P3, and diskU. This is the JAR logging [76] system architecture.

3. The dotted-lines labelled three in Figure4.1create the branch of hypervisor, then P5, and disk0. This architecture is for AVMs [44] system and a system in [93].

Systems of the other 18 non-existing architectures are feasible to be built. We do not investigate if all these systems are very useful. However, these archi- tectures can be used as tools for analysis of systems (e.g., in terms of systems' robustness) that built based on these architectures. For example, from Figure

4.1, the following non-existing and existing architectures below can be analysed and compared.

When following the branch dom0/P2/disk0 in Figure 4.1, this is the rst architecture or P2/disk0 non-existing architecture. When following the branch dom0/P1/disk0, the second one is existing P1/disk0 architecture. A system built based on the architecture of P2/disk0 should be more robust compared to the architecture of P1/disk0. Then, for example, it will be more dicult for attackers to compromise P2 in the kernel of the rst architecture, compared to compromis- ing P1 in the user level of the second architecture. Full analysis of systems that built based on these non-existing architectures is out of the scope of this thesis.