Results 1 - 10
of
84
A comparison of software and hardware techniques for x86 virtualization
- in ASPLOS-XII: Proceedings of the 12th international conference on Architectural
, 2006
"... Until recently, the x86 architecture has not permitted classical trap-and-emulate virtualization. Virtual Machine Monitors for x86, such as VMware R ○ Workstation and Virtual PC, have instead used binary translation of the guest kernel code. However, both Intel and AMD have now introduced architectu ..."
Abstract
-
Cited by 210 (3 self)
- Add to MetaCart
Until recently, the x86 architecture has not permitted classical trap-and-emulate virtualization. Virtual Machine Monitors for x86, such as VMware R ○ Workstation and Virtual PC, have instead used binary translation of the guest kernel code. However, both Intel and AMD have now introduced architectural extensions to support classical virtualization. We compare an existing software VMM with a new VMM designed for the emerging hardware support. Surprisingly, the hardware VMM often suffers lower performance than the pure software VMM. To determine why, we study architecture-level events such as page table updates, context switches and I/O, and find their costs vastly different among native, software VMM and hardware VMM execution. We find that the hardware support fails to provide an unambiguous performance advantage for two primary reasons: first, it offers no support for MMU virtualization; second, it fails to co-exist with existing software techniques for MMU virtualization. We look ahead to emerging techniques for addressing this MMU virtualization problem in the context of hardware-assisted virtualization.
VirtualPower: Coordinated Power Management in Virtualized Enterprise Systems
- In Proceedings of International Symposium on Operating System Principles (SOSP
, 2007
"... Power management has become increasingly necessary in large-scale datacenters to address costs and limitations in cooling or power delivery. This paper explores how to integrate power management mechanisms and policies with the virtualization technologies being actively deployed in these environment ..."
Abstract
-
Cited by 161 (12 self)
- Add to MetaCart
(Show Context)
Power management has become increasingly necessary in large-scale datacenters to address costs and limitations in cooling or power delivery. This paper explores how to integrate power management mechanisms and policies with the virtualization technologies being actively deployed in these environments. The goals of the proposed VirtualPower approach to online power management are (i) to support the isolated and independent operation assumed by guest virtual machines (VMs) running on virtualized platforms and (ii) to make it possible to control and globally coordinate the effects of the diverse power management policies applied by these VMs to virtualized resources. To attain these goals, VirtualPower extends to guest VMs ‘soft ’ versions of the hardware power states for which their policies are designed. The resulting technical challenge is to appropriately map VM-level updates made to soft power states to actual changes in the states or in the allocation of underlying virtualized hardware. An implementation of VirtualPower Management (VPM) for the Xen hypervisor addresses this challenge by provision of multiple system-level abstractions including VPM states, channels, mechanisms, and rules. Experimental evaluations on modern multicore platforms highlight resulting improvements in online power management capabilities, including minimization of power consumption with little or no performance penalties and the ability to throttle power consumption while still meeting application requirements. Finally, coordination of online methods for server consolidation with VPM management techniques in heterogeneous server systems is shown to provide up to 34% improvements in power consumption.
Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems
- IN: PROC. OF THE 13TH CONFERENCE ON ARCHITECTURAL SUPPORT FOR PROGRAMMING LANGUAGES AND OPERATING SYSTEMS (ASPLOS
, 2008
"... Commodity operating systems entrusted with securing sensitive data are remarkably large and complex, and consequently, frequently prone to compromise. To address this limitation, we introduce a virtual-machine-based system called Overshadow that protects the privacy and integrity of application data ..."
Abstract
-
Cited by 106 (1 self)
- Add to MetaCart
(Show Context)
Commodity operating systems entrusted with securing sensitive data are remarkably large and complex, and consequently, frequently prone to compromise. To address this limitation, we introduce a virtual-machine-based system called Overshadow that protects the privacy and integrity of application data, even in the event of a total OS compromise. Overshadow presents an application with a normal view of its resources, but the OS with an encrypted view. This allows the operating system to carry out the complex task of managing an application’s resources, without allowing it to read or modify them. Thus, Overshadow offers a last line of defense for application data. Overshadow builds on multi-shadowing, a novel mechanism that presents different views of “physical ” memory, depending on the context performing the access. This primitive offers an additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processor architectures. We present the design and implementation of Overshadow and show how its new protection semantics can be integrated with existing systems. Our design has been fully implemented and used to protect a wide range of unmodified legacy applications running on an unmodified Linux operating system. We evaluate the performance of our implementation, demonstrating that this approach is practical.
CloudVisor: Retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization
- IN PROC. OF ACM SOSP, CAS CAIS, PORTUGAL,
, 2011
"... Multi-tenant cloud, which usually leases resources in the form of virtual machines, has been commercially available for years. Unfortunately, with the adoption of commodity virtualized infrastructures, software stacks in typical multi-tenant clouds are non-trivially large and complex, and thus are p ..."
Abstract
-
Cited by 77 (2 self)
- Add to MetaCart
(Show Context)
Multi-tenant cloud, which usually leases resources in the form of virtual machines, has been commercially available for years. Unfortunately, with the adoption of commodity virtualized infrastructures, software stacks in typical multi-tenant clouds are non-trivially large and complex, and thus are prone to compromise or abuse from adversaries including the cloud operators, which may lead to leakage of security-sensitive data. In this paper, we propose a transparent, backward-compatible approach that protects the privacy and integrity of customers ’ virtual machines on commodity virtualized infrastructures, even facing a total compromise of the virtual machine monitor (VMM) and the management VM. The key of our approach is the separation of the resource management from security protection in the virtualization layer. A tiny security monitor is introduced underneath the commodity VMM using nested virtualization and provides protection to the hosted VMs. As a result, our approach allows virtualization software (e.g., VMM, management VM and tools) to handle complex tasks of managing leased VMs for the cloud, without breaking security of users ’ data inside the VMs. We have implemented a prototype by leveraging commercially-available hardware support for virtualization. The prototype system, called CloudVisor, comprises only 5.5K LOCs and supports the Xen VMM with multiple Linux and Windows as the guest OSes. Performance evaluation shows that CloudVisor incurs moderate slowdown for I/O intensive applications and very small slowdown for other applications.
Compatibility is Not Transparency: VMM Detection Myths and Realities
- In: Proceedings of the 11th Workshop on Hot Topics in Operating Systems (HotOS-XI
, 2007
"... Abstract Recent work on applications ranging from realistic hon-eypots to stealthier rootkits has speculated about building transparent VMMs- VMMs that are indistinguishablefrom native hardware, even to a dedicated adversary. We survey anomalies between real and virtual hardware andconsider methods ..."
Abstract
-
Cited by 59 (0 self)
- Add to MetaCart
(Show Context)
Abstract Recent work on applications ranging from realistic hon-eypots to stealthier rootkits has speculated about building transparent VMMs- VMMs that are indistinguishablefrom native hardware, even to a dedicated adversary. We survey anomalies between real and virtual hardware andconsider methods for detecting such anomalies, as well as possible countermeasures. We conclude that build-ing a transparent VMM is fundamentally infeasible, as well as impractical from a performance and engineeringstandpoint.
Satori: Enlightened Page Sharing
- In Proceedings of the USENIX Annual Technical Conference
, 2009
"... We introduce Satori, an efficient and effective system for sharing memory in virtualised systems. Satori uses enlightenments in guest operating systems to detect sharing opportunities and manage the surplus memory that results from sharing. Our approach has three key benefits over existing systems: ..."
Abstract
-
Cited by 41 (0 self)
- Add to MetaCart
(Show Context)
We introduce Satori, an efficient and effective system for sharing memory in virtualised systems. Satori uses enlightenments in guest operating systems to detect sharing opportunities and manage the surplus memory that results from sharing. Our approach has three key benefits over existing systems: it is better able to detect short-lived sharing opportunities, it is efficient and incurs negligible overhead, and it maintains performance isolation between virtual machines. We present Satori in terms of hypervisor-agnostic design decisions, and also discuss our implementation for the Xen virtual machine monitor. In our evaluation, we show that Satori quickly exploits up to 94% of the maximum possible sharing with insignificant performance overhead. Furthermore, we demonstrate workloads where the additional memory improves macrobenchmark performance by a factor of two. 1
HomeAlone: Co-Residency Detection in the Cloud via Side-Channel Analysis
- IN: PROCEEDINGS OF 2011 IEEE SYMPOSIUM ON SECURITY AND PRIVACY
, 2011
"... Security is a major barrier to enterprise adoption of cloud computing. Physical co-residency with other tenants poses a particular risk, due to pervasive virtualization in the cloud. Recent research has shown how side channels in shared hardware may enable attackers to exfiltrate sensitive data acr ..."
Abstract
-
Cited by 41 (2 self)
- Add to MetaCart
Security is a major barrier to enterprise adoption of cloud computing. Physical co-residency with other tenants poses a particular risk, due to pervasive virtualization in the cloud. Recent research has shown how side channels in shared hardware may enable attackers to exfiltrate sensitive data across virtual machines (VMs). In view of such risks, cloud providers may promise physically isolated resources to select tenants, but a challenge remains: Tenants still need to be able to verify physical isolation of their VMs. We introduce HomeAlone, a system that lets a tenant verify its VMs' exclusive use of a physical machine. The key idea in HomeAlone is to invert the usual application of side channels. Rather than exploiting a side channel as a vector of attack, HomeAlone uses a side-channel (in the L2 memory cache) as a novel, defensive detection tool. By analyzing cache usage during periods in which "friendly" VMs coordinate to avoid portions of the cache, a tenant using HomeAlone can detect the activity of a co-resident "foe" VM. Key technical contributions of HomeAlone include classification techniques to analyze cache usage and guest operating system kernel modifications that minimize the performance impact of friendly VMs sidestepping monitored cache portions. HomeAlone requires no modification of existing hypervisors and no special action or cooperation by the cloud provider.
Bitvisor: a thin hypervisor for enforcing i/o device security
- in Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments, VEE ’09
, 2009
"... Virtual machine monitors (VMMs), including hypervisors, are a popular platform for implementing various security functionalities. However, traditional VMMs require numerous components for pro-viding virtual hardware devices and for sharing and protecting sys-tem resources among virtual machines (VMs ..."
Abstract
-
Cited by 28 (1 self)
- Add to MetaCart
Virtual machine monitors (VMMs), including hypervisors, are a popular platform for implementing various security functionalities. However, traditional VMMs require numerous components for pro-viding virtual hardware devices and for sharing and protecting sys-tem resources among virtual machines (VMs), enlarging the code size of and reducing the reliability of the VMMs. This paper introduces a hypervisor architecture, called parapass-through, designed to minimize the code size of hypervisors by al-lowing most of the I/O access from the guest operating system (OS) to pass-through the hypervisor, while the minimum access neces-sary to implement security functionalities is completely mediated by the hypervisor. This architecture uses device drivers of the guest OS to handle devices, thereby reducing the size of components in the hypervisor to provide virtual devices. This architecture also al-
Monrose, F.: Trail of bytes: efficient support for forensic analysis
- In: Computer and Communications Security. ACM
, 2010
"... For the most part, forensic analysis of computer systems requires that one first identify suspicious objects or events, and then examine them in enough detail to form a hypoth-esis as to their cause and effect [34]. Sadly, while our ability to gather vast amounts of data has improved significantly o ..."
Abstract
-
Cited by 15 (1 self)
- Add to MetaCart
(Show Context)
For the most part, forensic analysis of computer systems requires that one first identify suspicious objects or events, and then examine them in enough detail to form a hypoth-esis as to their cause and effect [34]. Sadly, while our ability to gather vast amounts of data has improved significantly over the past two decades, it is all too often the case that we tend to lack detailed information just when we need it the most. Simply put, the current state of computer forensics leaves much to be desired. In this paper, we attempt to im-prove on the state of the art by providing a forensic platform that transparently monitors and records data access events within a virtualized environment using only the abstractions exposed by the hypervisor. Our approach monitors accesses to objects on disk and follows the causal chain of these ac-cesses across processes, even after the objects are copied into memory. Our forensic layer records these transactions in a version-based audit log that allows for faithful, and efficient, reconstruction of the recorded events and the changes they induced. To demonstrate the utility of our approach, we provide an extensive empirical evaluation, including a real-world case study demonstrating how our platform can be used to reconstruct valuable information about the what, when, and how, after a compromised has been detected.
Feedback driven QoS-aware power budgeting for virtualized servers,” in FeBID
, 2009
"... Technological advances including multicore processors and small form factor blade servers are enabling continued improvements in computing densities for modern datacenters. Large scale facili-ties leverage these densities to deploy web applications and cloud based services, but must simultaneously a ..."
Abstract
-
Cited by 15 (1 self)
- Add to MetaCart
(Show Context)
Technological advances including multicore processors and small form factor blade servers are enabling continued improvements in computing densities for modern datacenters. Large scale facili-ties leverage these densities to deploy web applications and cloud based services, but must simultaneously address the ensuing power and cooling management issues that impact datacenter sustainabil-ity and costs. Virtualization has emerged as an enabling underly-ing technology for meeting datacenter management needs, accel-erating its deployment onto enterprise servers. In this paper, we consider how a key power management capability, server power budgeting, can be provided through the virtualization management layer. Our approach utilizes feedback controllers that are designed to address two goals. The first goal is to honor platform power budgets. This is achieved using a feedback controller that monitors server power consumption and determines a platform-level CPU allocation that conforms to a power budget. The second goal is to enable QoS-aware management of virtual machines under imposed power constraints. To achieve this, additional feedback controllers are distributed across guest virtual machines (VMs). These con-trollers react to “shadow prices ” provided by the system resource manager with resource bids based upon the QoS requirements of the VM. Finally, the resource manager combines the information from the power budget controller and guest QoS controllers to de-termine VM allocations. An evaluation of our system using the Hyper-V virtualization platform highlights the feasibility and ben-efits of feedback based control for QoS-aware power budgeting. 1.
