Operating Systems Virtualisation and Security - Modern Aspects and an Open Trusted Computing Project
|
|
- Lillian O’Brien’
- 7 years ago
- Views:
Transcription
1 Operating Systems Virtualisation and Security - Modern Aspects and an Open Trusted Computing Project Ivanov Ivan Evgeniev, Gueorguiev Vesselin Technical University of Sofia, Sofia, Bulgaria Abstract The lack of platform security in today's computers has given rise to waves of successful attacks, resulting in severe damages to enterprises and potential failure of critical infrastructures. Trusted Computing aims at increasing the security of the core Operating Systems. This begins at the lowest level of the platform with a controlled loading (in virtual environment) of an operating system and goes on level by level, verifying the process after each level. New security features like isolation integrity check, security policies, risk scenarios and hardware virtualisation support will be presented. Keywords: virtualisation, security, trusted platform. 1. INTRODUCTION This paper is focused only on virtualization technologies for x86 platforms (IA32 architecture), because it is felt that this is the field where a security analysis is most needed. In fact, the mass-market of cheap and widespread x86 platforms is at the heart of the current renaissance in virtualization technologies. Especially the Open Trusted Computing FP6 project is presented as one of the biggest European initiatives in this area. Both server and desktop applications of virtualization technologies are discussed. The concept of virtual machine (VM) lies on the idea that some software layer supports desired architecture and doing so, a VM presents real machine compatibility. A virtual machine was originally defined by Popek and Goldberg in 1974 as an efficient, isolated duplicate of a real machine. Virtual machine monitors (VMM) (or hypervisor) is a software system that partitions a single physical machine into multiple virtual machines. System virtual machines are presenting full replica of the underlying physical machine. A hypervisor can run on bare hardware (native VM) or on top of an operating system (hosted VM). Multiple VMs run their own operating system (guest operating system). VMMs are based on two concepts full virtualization and paravirtualization. Full virtualization means that the VM layer simulates a stand-alone instance of a computer, all the way down to the IO ports, DMA channels, and Interrupts. In true full virtualization all CPU operations are reproduced by the virtual processor. The overhead for handling all CPU instructions, however, makes true full virtualization of x86 processors impractical, if not impossible. Instead, virtual machines that provide a robust enough representation of the underlying hardware to allow guest operating systems to run without modification can be considered to provide full virtualization. Unlike full-virtualization, paravirtualization requires some modification of the guest OS to operate. Such guests are considered to be aware or enlightened, due to their knowledge that they are operating in a virtual environment.
2 2. HISTORICAL AND TODAY S PERSPECTIVES Virtual Machine Monitors have been first announced in early 1970s. They have been oriented to those days presented computers mainframes. Virtualization made possible to run in parallel multiple operating systems thus increase the workload of the expensive hardware up to 100%. First advantages of virtual machines have been identified in [1]. The desire to run multiple operating systems was the original motivation for virtual machines, as it allowed time-sharing a single computer between several singletasking OSes. Low-cost computers abolished the need for virtualization. Some hardware support was still available under V8086 mode of Intel processors. The first new successive virtual machines were VMware s platform and Virtual PC in late 1990s. Nowadays many leading hardware and software companies are developing virtualization strategies or build hardware elements supporting virtualisation. This list includes Intel, AMD, Sun Microsystems, IBM, Microsoft. At 1999 a Trusted Computer Group has been established. Now it includes more than 110 members and all market hardware and software leaders. This group is working for realizing Trusted Computing on different platforms. Unfortunately, although the TCG standardized security services of the hardware, it did not define an open standard on how to leverage this hardware for protecting operating systems. Modern computers (and especially servers) are incomparably less expensive and more powerful than their predecessors - mainframes. This led to computer pervasiveness. As result the total cost of ownership started to increase. This cost includes many parts but some of them are administration and security defence. As presented above leading hardware vendors Intel and AMD started to support virtualization in their current processor. Building on the traditional x86 ring model, hardware supported virtualization creates the ability to establish a trusted root mode and an untrusted non-root mode, each with their own rings 0-3. Special virtualization instructions, called hypercalls, allow the guest operating systems to call out to the hypervisor for resource allocation, device interaction, or processing requests. In addition to all previous general observations George Lawton presented very deep analysis [2] about increasing growth of computers power consumption and pointed as one of possible solutions for power consumption reduction to be virtualisation and based on this workload increase for every installed computer. This discussion is out of scope of this paper but it presents one more reason for extensive research in the area of computer virtualisation. 3. THREATS AND VULNERABILITIES ANALYSIS Security is vital to the development of new e-society. The main challenges arise from the complexity of future computer usage in different environments. Totally new areas of threat are emerging from new societal applications: the protection of all citizens against violation of ITC related privacy, authentication and identification topics has become an area for which strategic research on security and trust is required. ITC equipment has already today a growing tendency for storing personal and private information, which can also be endangered by today s threat. Trustworthy embedded systems become a present in new products from cars to mobile phones. One of the most quoted phrases in computer science is David Wheeler s comment that any problem in computer science can be solved by another layer of indirection. Virtualization is one of those examples that look to confirm this sentence. Unfortunately
3 the quote is not full. Its full text is Any problem in computer science can be solved by another layer of indirection. But that usually will create another problem. This text presents in better details what happens in virtualized environments. Great features need great analyzes and increased security strategies. Hereafter are discussed three possible scenarios where features will become threats. (Analyses are based on Internet materials). Using a single computer for low-security and high-security tasks Consolidation of services onto fewer physical computers Using common hardware platform to host multiple OSes. All these scenarios have been discussed as major targets for virtualisation. And they are. Unfortunately there are the following possible threats: Some reported VMs do not provide isolation at all giving the guest full access to host s resources. These VMs are providing environment to run an application designed for one architecture onto another one. Here isolation is simply omitted. The host presents availability to share date among VMs via clipboard. System logs can be accessed in some cases by guest OSes. The VMM s goal is to facilitate some kind of communication between VMs. All these possibilities are based on the user s belief that VMs are: Absolutely isolated each other. A break-in in one VM does not provide access to the other. The host is always unbreakable (and invisible). The abovementioned assumptions are not definite and in most cases unattainable. The security society has a very good postulate An application cannot be more secure than the OS it runs on. And from historical point view it is clear that no one system can be implemented free of design and implementation bugs. Some of possible security break-ins are listed below: Because of some bugs in VM environment an application that cannot access any resource belonging to the host or other VM in normal case bypasses VM and obtains full access to all privileged resources. Security is fully compromised. Any kind of resource allocation that is not correctly handled by VM can cause this situation. Data traffic monitoring by host is potential weak point. A possibility to one VM to monitor another one. This breaks the main rule that VMs are fully independent. Resource allocation is based on a limited list of physical resources. In some situations simultaneous attempts to access some resources can lead to starvation for some VM. Modification of a VM or even the VMM by some kind of virus or other malware. Starting root-kits before the VMM. All these problems are targeted in the FP6 Open Trusted Computing project. Some public targets and results will be provided in the next section. 4. OPEN TRUSTED SECURITY PROJECT Open Trusted Security project is targeting to implement Open Trusted platform based on the cost-efficient and widely deployed Trusted Platform Module (TPM) specified by the Trusted Computing Group (TCG) and the new generation of x86 CPUs from Intel and AMD. The aim of the project is to solve all envisaged in the previous section problems, to work for standardization and harmonization of legislation regarding trusted
4 platforms and to provide stable example of open source solution for virtualization and trust platforms. The architecture is based on security mechanisms provided by low level operating system layers with isolation properties and interfaces to Trusted Computing hardware. These layers allow leveraging enhanced trust and security properties of the platform for standard operating systems, middleware, and applications. The suggested architecture is applicable to a wide range of platform types, e.g. servers, GRID technology, mobile phones and industrial automation. It provides basic building blocks for complex, distributed scenarios with inherent, multilateral trust and security capabilities. Trusted Computing (TC) aims at increasing the security of the core Operating System (OS). This begins at the very lowest level of the platform, with a controlled loading of an operating system and goes on level by level. The procedure is verified after each level by using data integrity measurements. If this is done without errors, we know that we have a correctly loaded OS, in which the functions and different parts of the system (e.g. drivers) can be verified at run time. Project development is based on a hardware root of trust. This is a security hardware module to support the integrity checks mentioned above, as well as the secure storage of keys and other data in a protected chip. This chip is referred to as Trusted Platform Module (TPM) and is the central security kernel. This hardware has been specified by the Trusted Computing Group (TCG) and is commercially available and deployed in a large scale. The project also assumes the availability of secure hardware architecture. This is a platform processor (CPU) and peripherals architecture that removes some well-known security architecture deficits. This includes mechanisms for policing memory access (including DMA, Direct Memory Access) as well as novel features supporting privileged execution and interception. These features are prerequisites for separating sensitive parts of the OS kernel. This will be developed outside the project by AMD and is expected to be available for project use by the time the project begins. We are already able to emulate the hardware function with existing software. Given the existence of the trusted hardware and secure architecture, Open_TC will aim at the following three objectives: production a secure operating system together with the secure operating system development a related protocol software prototype applications. The first two main objectives are targeted as follows Secure and trusted OS Based on novel architectural principles the targeted secure and trusted OS leverages hardware features from the TPM and the security enhanced processor for establishing a trusted and secure system. Current minimal version contains the following features: Universal virtualisation layers Trusted Software Stack (TSS) for Linux TC and TPM management software Software protocols The project targets to develop management infrastructures and software protocols for Trusted Computing in the following areas:
5 Policy management, including distributed policy enforcement Security state monitoring and management Network management Configuration management State-of-the-art extension One approach to define trustworthiness of software components is to digitally sign the binary code of a module. However, the Trusted Computing Group has not defined any procedure of validating the actual trustworthiness of these components. Assuming a process of an open security evaluation, the issue of software trustworthiness might be more easily to be resolved by OSS -based systems. The missing part for a trusted system however is still the operation system and details and interfacing of security enhanced processors (586 class). This project helps to make also OS as well as processors security principles available in a condensed and tested version (complete trusted OS on Linux). Therefore the most needed component to construct trusted platforms and systems is the development or availability of trusted operating systems because this is the point where the work of the TCG ends Software validation and verification It was discussed above that many problems affecting security due to program bugs and design mistakes. To point the challenge Open Trusted Computing project established special work package with only task for software validation and verification (V&V). The aim of this work package is to generate models, methodologies and process organization. Together with this main task this work package exploits and extends available methodologies for risk analyses, software static analyses, security testing scenarios and security metrics methodologies and applications. The members of this work package develop novel and complementary methods and methodologies to cope with the V&V problems in open-source projects. The main challenges lie in the complexity of the targeted application and its novelty with respect to the state of the art V&V techniques. Current results of this task confirmed that even in proven construction implementation bugs, low level of programming discipline and bad working templates can lead to all security flaws enumerated in paragraph CONCLUSION Current e-society requirements for privacy, security, mobility and connectivity insist for new approaches. Virtualization, hardware trusted modules and trustworthiness OSes can make solving these new challenges easier. 6. REFERENCES [1] Goldberg, R.P. (1974) Survey of Virtual Machine Research, Computer, June, [2] Lawton, G. (2007) Powering Down the Computer Infrastructure, Computer, vol. 40, 2, 16-19
6 [3] Uhlig. R. and other (2005) Intel Virtualization Technology, Computer, vol. 38, 5, [4] [5] Kirch. J. (ed.) (2007) Virtual Machine Security Guidelines, [6]
A Survey on Virtual Machine Security
A Survey on Virtual Machine Security Jenni Susan Reuben Helsinki University of Technology jreubens@cc.hut.fi Abstract Virtualization plays a major role in helping the organizations to reduce the operational
More informationFull and Para Virtualization
Full and Para Virtualization Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF x86 Hardware Virtualization The x86 architecture offers four levels
More informationVMware Server 2.0 Essentials. Virtualization Deployment and Management
VMware Server 2.0 Essentials Virtualization Deployment and Management . This PDF is provided for personal use only. Unauthorized use, reproduction and/or distribution strictly prohibited. All rights reserved.
More informationUses for Virtual Machines. Virtual Machines. There are several uses for virtual machines:
Virtual Machines Uses for Virtual Machines Virtual machine technology, often just called virtualization, makes one computer behave as several computers by sharing the resources of a single computer between
More informationVirtualization and the U2 Databases
Virtualization and the U2 Databases Brian Kupzyk Senior Technical Support Engineer for Rocket U2 Nik Kesic Lead Technical Support for Rocket U2 Opening Procedure Orange arrow allows you to manipulate the
More informationVirtualization. Dr. Yingwu Zhu
Virtualization Dr. Yingwu Zhu What is virtualization? Virtualization allows one computer to do the job of multiple computers. Virtual environments let one computer host multiple operating systems at the
More informationBasics of Virtualisation
Basics of Virtualisation Volker Büge Institut für Experimentelle Kernphysik Universität Karlsruhe Die Kooperation von The x86 Architecture Why do we need virtualisation? x86 based operating systems are
More informationVirtual Machines. www.viplavkambli.com
1 Virtual Machines A virtual machine (VM) is a "completely isolated guest operating system installation within a normal host operating system". Modern virtual machines are implemented with either software
More informationTOP TEN CONSIDERATIONS
White Paper TOP TEN CONSIDERATIONS FOR CHOOSING A SERVER VIRTUALIZATION TECHNOLOGY Learn more at www.swsoft.com/virtuozzo Published: July 2006 Revised: July 2006 Table of Contents Introduction... 3 Technology
More informationVirtualization. Types of Interfaces
Virtualization Virtualization: extend or replace an existing interface to mimic the behavior of another system. Introduced in 1970s: run legacy software on newer mainframe hardware Handle platform diversity
More informationCOS 318: Operating Systems. Virtual Machine Monitors
COS 318: Operating Systems Virtual Machine Monitors Kai Li and Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall13/cos318/ Introduction u Have
More informationSECURITY IN OPERATING SYSTEM VIRTUALISATION
SECURITY IN OPERATING SYSTEM VIRTUALISATION February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in
More informationVirtualization. Jukka K. Nurminen 23.9.2015
Virtualization Jukka K. Nurminen 23.9.2015 Virtualization Virtualization refers to the act of creating a virtual (rather than actual) version of something, including virtual computer hardware platforms,
More informationWindows Server Virtualization & The Windows Hypervisor
Windows Server Virtualization & The Windows Hypervisor Brandon Baker Lead Security Engineer Windows Kernel Team Microsoft Corporation Agenda - Windows Server Virtualization (WSV) Why a hypervisor? Quick
More informationVirtualization. Pradipta De pradipta.de@sunykorea.ac.kr
Virtualization Pradipta De pradipta.de@sunykorea.ac.kr Today s Topic Virtualization Basics System Virtualization Techniques CSE506: Ext Filesystem 2 Virtualization? A virtual machine (VM) is an emulation
More informationImplementing Security on virtualized network storage environment
International Journal of Education and Research Vol. 2 No. 4 April 2014 Implementing Security on virtualized network storage environment Benard O. Osero, David G. Mwathi Chuka University bosero@chuka.ac.ke
More informationHow To Understand The Power Of A Virtual Machine Monitor (Vm) In A Linux Computer System (Or A Virtualized Computer)
KVM - The kernel-based virtual machine Timo Hirt timohirt@gmx.de 13. Februar 2010 Abstract Virtualization has been introduced in the 1960s, when computing systems were large and expensive to operate. It
More informationVirtualization for Cloud Computing
Virtualization for Cloud Computing Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF CLOUD COMPUTING On demand provision of computational resources
More informationVirtual machines and operating systems
V i r t u a l m a c h i n e s a n d o p e r a t i n g s y s t e m s Virtual machines and operating systems Krzysztof Lichota lichota@mimuw.edu.pl A g e n d a Virtual machines and operating systems interactions
More informationCPS221 Lecture: Operating System Structure; Virtual Machines
Objectives CPS221 Lecture: Operating System Structure; Virtual Machines 1. To discuss various ways of structuring the operating system proper 2. To discuss virtual machines Materials: 1. Projectable of
More informationParallels Virtuozzo Containers
Parallels Virtuozzo Containers White Paper Top Ten Considerations For Choosing A Server Virtualization Technology www.parallels.com Version 1.0 Table of Contents Introduction... 3 Technology Overview...
More informationHypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:
Hypervisors Credits: P. Chaganti Xen Virtualization A practical handbook D. Chisnall The definitive guide to Xen Hypervisor G. Kesden Lect. 25 CS 15-440 G. Heiser UNSW/NICTA/OKL Virtualization is a technique
More informationIOS110. Virtualization 5/27/2014 1
IOS110 Virtualization 5/27/2014 1 Agenda What is Virtualization? Types of Virtualization. Advantages and Disadvantages. Virtualization software Hyper V What is Virtualization? Virtualization Refers to
More informationCompromise-as-a-Service
ERNW GmbH Carl-Bosch-Str. 4 D-69115 Heidelberg 3/31/14 Compromise-as-a-Service Our PleAZURE Felix Wilhelm & Matthias Luft {fwilhelm, mluft}@ernw.de ERNW GmbH Carl-Bosch-Str. 4 D-69115 Heidelberg Agenda
More informationVirtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University
Virtual Machine Monitors Dr. Marc E. Fiuczynski Research Scholar Princeton University Introduction Have been around since 1960 s on mainframes used for multitasking Good example VM/370 Have resurfaced
More informationevm Virtualization Platform for Windows
B A C K G R O U N D E R evm Virtualization Platform for Windows Host your Embedded OS and Windows on a Single Hardware Platform using Intel Virtualization Technology April, 2008 TenAsys Corporation 1400
More informationVirtualization: Concepts, Applications, and Performance Modeling
Virtualization: Concepts, s, and Performance Modeling Daniel A. Menascé, Ph.D. The Volgenau School of Information Technology and Engineering Department of Computer Science George Mason University www.cs.gmu.edu/faculty/menasce.html
More informationHow do Users and Processes interact with the Operating System? Services for Processes. OS Structure with Services. Services for the OS Itself
How do Users and Processes interact with the Operating System? Users interact indirectly through a collection of system programs that make up the operating system interface. The interface could be: A GUI,
More informationVirtualization. Jia Rao Assistant Professor in CS http://cs.uccs.edu/~jrao/
Virtualization Jia Rao Assistant Professor in CS http://cs.uccs.edu/~jrao/ What is Virtualization? Virtualization is the simulation of the software and/ or hardware upon which other software runs. This
More informationWhat is virtualization
Virtualization Concepts Virtualization Virtualization is the process of presenting computing resources in ways that users and applications can easily get value out of them, rather than presenting them
More informationBasics in Energy Information (& Communication) Systems Virtualization / Virtual Machines
Basics in Energy Information (& Communication) Systems Virtualization / Virtual Machines Dr. Johann Pohany, Virtualization Virtualization deals with extending or replacing an existing interface so as to
More informationVirtual Machine Security
Virtual Machine Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ 1 Operating System Quandary Q: What is the primary goal
More informationUNCLASSIFIED Version 1.0 May 2012
Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice
More informationnanohub.org An Overview of Virtualization Techniques
An Overview of Virtualization Techniques Renato Figueiredo Advanced Computing and Information Systems (ACIS) Electrical and Computer Engineering University of Florida NCN/NMI Team 2/3/2006 1 Outline Resource
More informationVirtualization Technology
Virtualization Technology A Manifold Arms Race Michael H. Warfield Senior Researcher and Analyst mhw@linux.vnet.ibm.com 2008 IBM Corporation Food for Thought Is Virtual Reality an oxymoron or is it the
More informationVirtualization. Michael Tsai 2015/06/08
Virtualization Michael Tsai 2015/06/08 What is virtualization? Let s first look at a video from VMware http://bcove.me/x9zhalcl Problems? Low utilization Different needs DNS DHCP Web mail 5% 5% 15% 8%
More informationJukka Ylitalo Tik-79.5401 TKK, April 24, 2006
Rich Uhlig, et.al, Intel Virtualization Technology, Computer, published by the IEEE Computer Society, Volume 38, Issue 5, May 2005. Pages 48 56. Jukka Ylitalo Tik-79.5401 TKK, April 24, 2006 Outline of
More information9/26/2011. What is Virtualization? What are the different types of virtualization.
CSE 501 Monday, September 26, 2011 Kevin Cleary kpcleary@buffalo.edu What is Virtualization? What are the different types of virtualization. Practical Uses Popular virtualization products Demo Question,
More informationEnabling Technologies for Distributed Computing
Enabling Technologies for Distributed Computing Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF Multi-core CPUs and Multithreading Technologies
More informationHypervisors and Virtual Machines
Hypervisors and Virtual Machines Implementation Insights on the x86 Architecture DON REVELLE Don is a performance engineer and Linux systems/kernel programmer, specializing in high-volume UNIX, Web, virtualization,
More information12. Introduction to Virtual Machines
12. Introduction to Virtual Machines 12. Introduction to Virtual Machines Modern Applications Challenges of Virtual Machine Monitors Historical Perspective Classification 332 / 352 12. Introduction to
More informationAPPLICATION OF SERVER VIRTUALIZATION IN PLATFORM TESTING
APPLICATION OF SERVER VIRTUALIZATION IN PLATFORM TESTING Application testing remains a complex endeavor as Development and QA managers need to focus on delivering projects on schedule, controlling costs,
More informationCPET 581 Cloud Computing: Technologies and Enterprise IT Strategies. Virtualization of Clusters and Data Centers
CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies Lecture 4 Virtualization of Clusters and Data Centers Text Book: Distributed and Cloud Computing, by K. Hwang, G C. Fox, and J.J. Dongarra,
More informationVirtual Machines. COMP 3361: Operating Systems I Winter 2015 http://www.cs.du.edu/3361
s COMP 3361: Operating Systems I Winter 2015 http://www.cs.du.edu/3361 1 Virtualization! Create illusion of multiple machines on the same physical hardware! Single computer hosts multiple virtual machines
More informationEECatalog SPECIAL FEATURE
Type Zero Hypervisor the New Frontier in Embedded Virtualization The hypervisor s full control over the hardware platform and ability to virtualize hardware platforms are beneficial in environments that
More informationAnh Quach, Matthew Rajman, Bienvenido Rodriguez, Brian Rodriguez, Michael Roefs, Ahmed Shaikh
Anh Quach, Matthew Rajman, Bienvenido Rodriguez, Brian Rodriguez, Michael Roefs, Ahmed Shaikh Introduction History, Advantages, Common Uses OS-Level Virtualization Hypervisors Type 1 vs. type 2 hypervisors
More informationBuilding Docker Cloud Services with Virtuozzo
Building Docker Cloud Services with Virtuozzo Improving security and performance of application containers services in the cloud EXECUTIVE SUMMARY Application containers, and Docker in particular, are
More informationThe XenServer Product Family:
The XenServer Product Family: A XenSource TM White Paper Virtualization Choice for Every Server: The Next Generation of Server Virtualization The business case for virtualization is based on an industry-wide
More informationWHITE PAPER Mainstreaming Server Virtualization: The Intel Approach
WHITE PAPER Mainstreaming Server Virtualization: The Intel Approach Sponsored by: Intel John Humphreys June 2006 Tim Grieser IDC OPINION Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200
More informationSatish Mohan. Head Engineering. AMD Developer Conference, Bangalore
Satish Mohan Head Engineering AMD Developer Conference, Bangalore Open source software Allows developers worldwide to collaborate and benefit. Strategic elimination of vendor lock in OSS naturally creates
More informationI/O Virtualization Using Mellanox InfiniBand And Channel I/O Virtualization (CIOV) Technology
I/O Virtualization Using Mellanox InfiniBand And Channel I/O Virtualization (CIOV) Technology Reduce I/O cost and power by 40 50% Reduce I/O real estate needs in blade servers through consolidation Maintain
More informationKnut Omang Ifi/Oracle 19 Oct, 2015
Software and hardware support for Network Virtualization Knut Omang Ifi/Oracle 19 Oct, 2015 Motivation Goal: Introduction to challenges in providing fast networking to virtual machines Prerequisites: What
More informationUnderstanding Full Virtualization, Paravirtualization, and Hardware Assist. Introduction...1 Overview of x86 Virtualization...2 CPU Virtualization...
Contents Introduction...1 Overview of x86 Virtualization...2 CPU Virtualization...3 The Challenges of x86 Hardware Virtualization...3 Technique 1 - Full Virtualization using Binary Translation...4 Technique
More informationVirtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies
Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies Kurt Klemperer, Principal System Performance Engineer kklemperer@blackboard.com Agenda Session Length:
More informationVirtualization Technology. Zhiming Shen
Virtualization Technology Zhiming Shen Virtualization: rejuvenation 1960 s: first track of virtualization Time and resource sharing on expensive mainframes IBM VM/370 Late 1970 s and early 1980 s: became
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g Virtualization: Architectural Considerations and Implementation Options Virtualization Virtualization is the
More informationDistributed and Cloud Computing
Distributed and Cloud Computing K. Hwang, G. Fox and J. Dongarra Chapter 3: Virtual Machines and Virtualization of Clusters and datacenters Adapted from Kai Hwang University of Southern California March
More informationInternational Journal of Advancements in Research & Technology, Volume 1, Issue6, November-2012 1 ISSN 2278-7763
International Journal of Advancements in Research & Technology, Volume 1, Issue6, November-2012 1 VIRTUALIZATION Vikas Garg Abstract: The main aim of the research was to get the knowledge of present trends
More informationx86 ISA Modifications to support Virtual Machines
x86 ISA Modifications to support Virtual Machines Douglas Beal Ashish Kumar Gupta CSE 548 Project Outline of the talk Review of Virtual Machines What complicates Virtualization Technique for Virtualization
More informationEnabling Technologies for Distributed and Cloud Computing
Enabling Technologies for Distributed and Cloud Computing Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF Multi-core CPUs and Multithreading
More informationVirtualization in the ARMv7 Architecture Lecture for the Embedded Systems Course CSD, University of Crete (May 20, 2014)
Virtualization in the ARMv7 Architecture Lecture for the Embedded Systems Course CSD, University of Crete (May 20, 2014) ManolisMarazakis (maraz@ics.forth.gr) Institute of Computer Science (ICS) Foundation
More informationComputing in High- Energy-Physics: How Virtualization meets the Grid
Computing in High- Energy-Physics: How Virtualization meets the Grid Yves Kemp Institut für Experimentelle Kernphysik Universität Karlsruhe Yves Kemp Barcelona, 10/23/2006 Outline: Problems encountered
More informationVirtual Machines. Virtualization
Virtual Machines Marie Roch Tanenbaum 8.3 contains slides from: Tanenbaum 3 rd ed. 2008 1 Virtualization Started with the IBM System/360 in the 1960s Basic concept simulate multiple copies of the underlying
More informationKVM: A Hypervisor for All Seasons. Avi Kivity avi@qumranet.com
KVM: A Hypervisor for All Seasons Avi Kivity avi@qumranet.com November 2007 Virtualization Simulation of computer system in software Components Processor: register state, instructions, exceptions Memory
More informationIntroduction to Virtual Machines
Introduction to Virtual Machines Introduction Abstraction and interfaces Virtualization Computer system architecture Process virtual machines System virtual machines 1 Abstraction Mechanism to manage complexity
More informationVirtualization System Security
Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation Overview Vulnerability disclosure analysis Vulnerability
More informationOracle On Demand Infrastructure: Virtualization with Oracle VM. An Oracle White Paper November 2007
Oracle On Demand Infrastructure: Virtualization with Oracle VM An Oracle White Paper November 2007 Oracle On Demand Infrastructure: Virtualization with Oracle VM INTRODUCTION Oracle On Demand Infrastructure
More informationChapter 14 Virtual Machines
Operating Systems: Internals and Design Principles Chapter 14 Virtual Machines Eighth Edition By William Stallings Virtual Machines (VM) Virtualization technology enables a single PC or server to simultaneously
More informationVirtualization: What does it mean for SAS? Karl Fisher and Clarke Thacher, SAS Institute Inc., Cary, NC
Paper 347-2009 Virtualization: What does it mean for SAS? Karl Fisher and Clarke Thacher, SAS Institute Inc., Cary, NC ABSTRACT SAS groups virtualization into four categories: Hardware Virtualization,
More informationKVM Security Comparison
atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 Tel: 512-349-7525 Fax: 512-349-7933 www.atsec.com KVM Security Comparison a t s e c i n f o r m a t i o n s e c u
More information1.1.1 Introduction to Cloud Computing
1 CHAPTER 1 INTRODUCTION 1.1 CLOUD COMPUTING 1.1.1 Introduction to Cloud Computing Computing as a service has seen a phenomenal growth in recent years. The primary motivation for this growth has been the
More informationGUEST OPERATING SYSTEM BASED PERFORMANCE COMPARISON OF VMWARE AND XEN HYPERVISOR
GUEST OPERATING SYSTEM BASED PERFORMANCE COMPARISON OF VMWARE AND XEN HYPERVISOR ANKIT KUMAR, SAVITA SHIWANI 1 M. Tech Scholar, Software Engineering, Suresh Gyan Vihar University, Rajasthan, India, Email:
More informationSolution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology
Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology 30406_VT_Brochure.indd 1 6/20/06 4:01:14 PM Preface Intel has developed a series of unique Solution Recipes designed
More informationMicrokernels, virtualization, exokernels. Tutorial 1 CSC469
Microkernels, virtualization, exokernels Tutorial 1 CSC469 Monolithic kernel vs Microkernel Monolithic OS kernel Application VFS System call User mode What was the main idea? What were the problems? IPC,
More informationSURVEY ON VIRTUALIZATION VULNERABILITIES
SURVEY ON VIRTUALIZATION VULNERABILITIES Indumathy M Department of MCA, Acharya Institute of Technology, Bangalore, (India) ABSTRACT Virtualization plays a major role in serving the organizations to reduce
More informationIntel Virtualization Technology (VT) in Converged Application Platforms
Intel Virtualization Technology (VT) in Converged Application Platforms Enabling Improved Utilization, Change Management, and Cost Reduction through Hardware Assisted Virtualization White Paper January
More informationVirtualization Technologies
12 January 2010 Virtualization Technologies Alex Landau (lalex@il.ibm.com) IBM Haifa Research Lab What is virtualization? Virtualization is way to run multiple operating systems and user applications on
More informationParallels Virtuozzo Containers vs. VMware Virtual Infrastructure:
Parallels Virtuozzo Containers vs. VMware Virtual Infrastructure: An Independent Architecture Comparison TABLE OF CONTENTS Introduction...3 A Tale of Two Virtualization Solutions...5 Part I: Density...5
More informationThe Microsoft Windows Hypervisor High Level Architecture
The Microsoft Windows Hypervisor High Level Architecture September 21, 2007 Abstract The Microsoft Windows hypervisor brings new virtualization capabilities to the Windows Server operating system. Its
More informationRackspace Cloud Databases and Container-based Virtualization
Rackspace Cloud Databases and Container-based Virtualization August 2012 J.R. Arredondo @jrarredondo Page 1 of 6 INTRODUCTION When Rackspace set out to build the Cloud Databases product, we asked many
More informationParallels Virtuozzo Containers
Parallels Virtuozzo Containers White Paper Virtual Desktop Infrastructure www.parallels.com Version 1.0 Table of Contents Table of Contents... 2 Enterprise Desktop Computing Challenges... 3 What is Virtual
More informationThe Reincarnation of Virtual Machines
The Reincarnation of Virtual Machines By Mendel Rosenblum Co-Founder of VMware Associate Professor, Computer Science Stanford University Abstract:VMware, Inc. has grown to be the industry leader in x86-based
More informationSurvey On Hypervisors
Survey On Hypervisors Naveed Alam School Of Informatics and Computing Indiana University Bloomington nalam@indiana.edu ABSTRACT Virtual machines are increasing in popularity and are being widely adopted.
More informationHyperV_Mon 3.0. Hyper-V Overhead. Introduction. A Free tool from TMurgent Technologies. Version 3.0
HyperV_Mon 3.0 A Free tool from TMurgent Technologies Version 3.0 Introduction HyperV_Mon is a GUI tool for viewing CPU performance of a system running Hyper-V from Microsoft. Virtualization adds a layer
More informationCOS 318: Operating Systems. Virtual Machine Monitors
COS 318: Operating Systems Virtual Machine Monitors Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall10/cos318/ Introduction Have been around
More informationBuilding Blocks Towards a Trustworthy NFV Infrastructure
Building Blocks Towards a Trustworthy NFV Infrastructure IRTF NFVRG Adrian L. Shaw Hewlett-Packard Laboratories / July 22 nd, 2015 1 Why security and trust? Big requirement for critical
More informationEnhanced Virtualization on Intel Architecturebased
White Paper Server Virtualization on Intel Architecture Enhanced Virtualization on Intel Architecturebased Servers Improve Utilization, Manage Change, Reduce Costs Server virtualization on Intel processor-based
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationCOM 444 Cloud Computing
COM 444 Cloud Computing Lec 3: Virtual Machines and Virtualization of Clusters and Datacenters Prof. Dr. Halûk Gümüşkaya haluk.gumuskaya@gediz.edu.tr haluk@gumuskaya.com http://www.gumuskaya.com Virtual
More informationVirtualization is set to become a key requirement
Xen, the virtual machine monitor The art of virtualization Moshe Bar Virtualization is set to become a key requirement for every server in the data center. This trend is a direct consequence of an industrywide
More informationVirtualization Technologies (ENCS 691K Chapter 3)
Virtualization Technologies (ENCS 691K Chapter 3) Roch Glitho, PhD Associate Professor and Canada Research Chair My URL - http://users.encs.concordia.ca/~glitho/ The Key Technologies on Which Cloud Computing
More informationSCO Virtualization Presentation to Customers
SCO Virtualization Presentation to Customers 1 Content Virtualization An Overview Short introduction including key benefits Additional virtualization information from SCO Additional information about Virtualization
More informationPatterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de
More informationSystem Virtual Machines
System Virtual Machines Introduction Key concepts Resource virtualization processors memory I/O devices Performance issues Applications 1 Introduction System virtual machine capable of supporting multiple
More informationSUSE Linux Enterprise 10 SP2: Virtualization Technology Support
Technical White Paper LINUX OPERATING SYSTEMS www.novell.com SUSE Linux Enterprise 10 SP2: Virtualization Technology Support Content and modifications. The contents of this document are not part of the
More informationVirtualization and Cloud Computing
Virtualization and Cloud Computing Security is a Process, not a Product Guillermo Macias CIP Security Auditor, Sr. Virtualization Purpose of Presentation: To inform entities about the importance of assessing
More informationA M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions
A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions AMD DAS (DASH, AMD Virtualization (AMD-V ) Technology, and Security) 1.0 is a term used to describe the various
More informationLecture 2 Cloud Computing & Virtualization. Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu
Lecture 2 Cloud Computing & Virtualization Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu Outline Introduction to Virtualization The Major Approaches
More informationmanaging the risks of virtualization
managing the risks of virtualization Chris Wraight CA Technologies 28 February 2011 Session Number 8951 abstract Virtualization opens the door to a world of opportunities and well managed virtualization
More informationVIRTUALIZATION 101. Brainstorm Conference 2013 PRESENTER INTRODUCTIONS
VIRTUALIZATION 101 Brainstorm Conference 2013 PRESENTER INTRODUCTIONS Timothy Leerhoff Senior Consultant TIES 21+ years experience IT consulting 12+ years consulting in Education experience 1 THE QUESTION
More information