Securing Your Cloud with Xen Project s Advanced Security Features
|
|
- Virginia Snow
- 8 years ago
- Views:
Transcription
1 Securing Your Cloud with Xen Project s Advanced Security Features Russell Pavlicek, Xen Project Evangelist CloudOpen North America 2013
2 Who is the Old, Fat Geek Up Front? Xen Project Evangelist Employed by Citrix, focused entirely on the Xen Project History with Open Source begins in 1997 Former columnist with Infoworld, Processor magazines Former panelist on The Linux Show webcast, repeat guest on The Linux Link Tech Show Over 150 pieces published, plus one book on Open Source development and several blogs CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 2 / 32
3 Introduction: Xen Project and Security Xen Project is an enterprise-grade Type I hypervisor Built for the Cloud before it was called the Cloud A number of advanced security features Driver Domains, Stub Domains, FLASK, and more Most of them are not (or cannot) be turned on by default Although they are simple to use, sometimes they can appear to be complicated CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 3 / 32
4 Presentation Goals Introduce you to key Xen Project Security Tools Discuss some key Xen security features Get you started in the right direction toward securing your Xen installation CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 4 / 32
5 Presentation Outline A few thoughts on the problem of securing the Cloud Overview of the Xen architecture Brief introduction to principles of security analysis Consider some attack surfaces and Xen features we can use to mitigate them: Driver Domains PVgrub Stub Domains Paravirtualization (PV) mode vs Hardware Virtualization (HVM) mode FLASK example policy CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 5 / 32
6 The Cloud Security Conundrum Security: The 800 pound gorilla of the Cloud world Nothing generates more fear in specific, and FUD in general Probably the single greatest barrier to Cloud adoption Immediately behind it is the inability to get out of a 20th century IT mindset (i.e., Change is Bad ) The good news: we don t need to fear it we just need to solve it CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 6 / 32
7 Cloud Security: New Visibility to Old Problem Security has always been an issue Putting a truly secure system in the open does not reduce its security, just increases the frequency of attack Unfortunately, system security behind the firewall has not always been comprehensive Having solutions in Clouds forces us to solve the security issues we should have already solved Security through obscurity is no longer sufficient CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 7 / 32
8 Security by Design, not by Wishful Thinking Security by Wishful Thinking is Officially Dead Merely hoping that your firewall holds off the marauding hordes is NOT good enough Addressing security in one area while ignoring others is NOT good enough Saying, We ve never had a problem before is NOT good enough Comprehensive security starts with design It needs to planned and carefully thought through It needs to be implemented at multiple levels It needs components which are themselves securable CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 8 / 32
9 Xen Project: Security by Design Xen Project was designed for Clouds before the term Cloud was coined in the industry Designers foresaw the day of an infrastructure for wide-area distributed computing which we now call the Cloud /srg/netos/xeno/publications.html Xen is designed to thwart attacks from many attack vectors, using different defensive techniques CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 9 / 32
10 Xen Architecture: A Basic Picture dom 0 device model (qemu) toolstack Hardware Drivers netback blkback Paravirtualized (PV) Domain netfront blkfront Fully Virtualized (HVM) Domain Xen Hypervisor I/O Devices CPU Memory Hardware CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 10 / 32
11 Security Overview Threat Models: Attacker can access network Attacker controls one Guest VM Security considerations to evaluate: How much code is accessible? What is the interface like? (e.g., pointers vs scalars) Defense-in-depth Then combine security tactics to secure the installation There is no single magic bullet Individual tactics reduce danger; combined tactics go even farther CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 11 / 32
12 Example System, for our Discussion Hardware setup Two networks: one Control network, one Guest network IOMMU with interrupt remapping (AMD or Intel VT-d v2) to allow for full Hardware Virtualization (HVM) Default configuration Network drivers in the Control Domain (aka Domain 0 or just Dom0 ) Paravirtualized (PV) guests using PyGrub (grub-like boot utility within context of Guest Domain) Hardware Virtualized (HVM) guests using Qemu (as the device model) running in the Control Domain CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 12 / 32
13 Attack surface: Network path dom 0 toolstack Domain iptables NIC Driver bridge netback netfront Rogue Domain netfront Xen Hypervisor Control NIC Guest NIC Hardware Where might an exploit focus? Bugs in hardware driver Bugs in bridging / filtering Bugs in netback (via the ring protocol) CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 13 / 32
14 Attack surface: Network path dom 0 toolstack Domain iptables NIC Driver bridge netback netfront Rogue Domain netfront Xen Hypervisor Control NIC Guest NIC Hardware What could a successful exploit yield? Control of Domain 0 kernel Pretty much control of the whole system CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 14 / 32
15 Security feature: Driver Domains dom 0 toolstack NIC Driver Driver Domain iptables NIC Driver bridge netback Domain netfront Rogue Domain netfront Xen Hypervisor Control NIC Guest NIC Hardware What is a Driver Domain? Unprivileged VM which drives hardware, provides access to guests CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 15 / 32
16 Security feature: Driver Domains dom 0 toolstack NIC Driver Driver Domain iptables NIC Driver bridge netback Domain netfront Rogue Domain netfront Xen Hypervisor Control NIC Guest NIC Hardware Now a successful exploit could yield: Control of the Driver Domain (PV hypercall interface) Control of that guest s network traffic Control of NIC An opportunity to attack netfront of other guests CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 16 / 32
17 HowTo: Driver Domains Create a VM with appropriate drivers Use any distribution suitable as a Control Domain Install the Xen-related hotplug scripts Just installing the Xen tools in the VM is usually good enough Give the VM access to the physical NIC with PCI pass-through Configure the network topology in the Driver domain Just like you would for the Control Domain Configure the guest Virtual Network Interface (vif) to use the new domain ID Add backend=domnet to vif declaration vif = [ type=pv, bridge=xenbr0, backend=domnet ] Domain CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 17 / 32
18 Attack surface: PyGrub dom 0 toolstack domain builder pygrub Paravirtualized (PV) Domain guest disk Xen Hypervisor What is PyGrub? grub implementation for PV guests Python program running in Control Domain Reads guest filesystem, parses grub.conf, shows menu Passes resulting kernel image to domain builder CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 18 / 32
19 Attack surface: PyGrub dom 0 toolstack domain builder pygrub Paravirtualized (PV) Domain guest disk Xen Hypervisor Where might an exploit focus? Bugs in file system parser Bugs in menu parser Bugs in domain builder CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 19 / 32
20 Attack surface: PyGrub dom 0 kernel toolstack domain builder pygrub Paravirtualized (PV) Domain guest disk Xen Hypervisor What could a successful exploit yield? Control of Domain 0 user space Pretty much control of the whole system CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 20 / 32
21 Security practice: Fixed kernels dom 0 kernel image toolstack domain builder Paravirtualized (PV) Domain guest disk Xen Hypervisor What is a fixed kernel? Passing a known-good kernel from Control Domain Removes attacker avenue to domain builder CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 21 / 32
22 Security practice: Fixed kernels dom 0 kernel image toolstack domain builder Paravirtualized (PV) Domain guest disk Xen Hypervisor Disadvantages Host admin must keep up with kernel updates Guest admin can t pass kernel parameters, custom kernels, CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 22 / 32
23 Security feature: PVgrub dom 0 toolstack domain builder pvgrub MiniOS guest disk Xen Hypervisor What is PVgrub? MiniOS + PV port of grub running in a guest context PV equivalent of HVM BIOS + grub Now a successful exploit could yield: Control of the attacked guest domain alone CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 23 / 32
24 HowTo: PVgrub Make sure that you have the PVgrub image pvgrub-$arch.gz Normally lives in /usr/lib/xen/boot Included in Fedora Xen packages Debian-based: need to build yourself Use appropriate PVgrub as bootloader in guest configuration kernel="/usr/lib/xen/boot/pvgrub-x86_32.gz" CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 24 / 32
25 Attack surface: Device model (Qemu) Where might an exploit focus? Bugs in NIC emulator parsing packets Bugs in emulation of virtual devices What could a successful exploit yield? Control Domain privileged userspace Pretty much control of the whole system CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 25 / 32
26 Security feature: Qemu stub domains What is a stub domain? Stub domain: a small service domain running just one application Qemu stub domain: run each Qemu in its own domain What could a successful exploit yield? Control only of the stub domain VM (which, if FLASK is employed, is a relatively small universe) You need to devise another attack entirely to do anything more significant CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 26 / 32
27 HowTo: Qemu stub domains Make sure that you have the PVgrub image: ioemu-$arch.gz Normally lives in /usr/lib/xen/boot Included in Fedora Xen packages On Debian (and offshoots), you will need to build it yourself Specify stub domains in your guest config device_model_stubdomain_override = 1 Model Stub Domains CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 27 / 32
28 Attack Surface: Xen Hypervisor itself Where might an exploit focus? On Paravirtualized (PV) Guests: PV Hypercalls On full Hardware Virtualized (HVM) Guests: HVM hypercalls (Subset of PV hypercalls) Instruction emulation (MMIO, shadow pagetables) Emulated platform devices: APIC, HPET, PIT Nested virtualization Security practice: Use PV VMs whenever possible CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 28 / 32
29 Security feature: FLASK example policy What is FLASK? Xen Security Module (XSM): Xen equivalent of LSM FLASK: Framework for XSM developed by NSA Xen equivalent of SELinux Uses same concepts and tools as SELinux Allows a policy to restrict hypercalls What can FLASK do? Basic: Restricts hypercalls to those needed by a particular guest Advanced: Allows more fine-grained granting of privileges FLASK example policy This contains example roles for the Control Domain (dom0), User/Guest Domain(domU), stub domains, driver domains, etc. CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 29 / 32
30 HowTo: Use the example FLASK policy Build Xen with XSM enabled Build the example policy Add the appropriate label to guest config files seclabel=[foo] stubdom label=[foo] Make sure you TEST the example policy in your environment BEFORE putting it into production! NOTE: As an example policy, it is not as rigorously tested as other parts of Xen during release, and it may not be suitable as-is if you are doing unusual things /Xen Security Modules : XSM-FLASK CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 30 / 32
31 ARM: Right solution for security Stays in ARM Hypervisor Mode The ARM architecture has separate Hypervisor and Kernel modes Because Xen s architecture maps so well to the ARM architecture, Xen never has to use Kernel mode Other hypervisors have to flip back and forth between modes If a hypervisor has to enter Kernel mode, it loses the security of running in a privileged mode, isolated from the rest of the system This is a non-issue with the Xen Hypervisor on ARM Does not need to use device emulation No emulation means a smaller attack surface for bad guys CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 31 / 32
32 For More Information... Details at Xen Thanks to George Dunlap for supplying much of the information presented here, and Stefano Stabellini for ARM information Check out our blog: Contact me at Thank You! CloudOpen North America 2013 Securing Your Cloud with Xen Project s Advanced Security Features 32 / 32
Performance tuning Xen
Performance tuning Xen Roger Pau Monné roger.pau@citrix.com Madrid 8th of November, 2013 Xen Architecture Control Domain NetBSD or Linux device model (qemu) Hardware Drivers toolstack netback blkback Paravirtualized
More informationXen Project 4.4: Features and Futures. Russell Pavlicek Xen Project Evangelist Citrix Systems
Xen Project 4.4: Features and Futures Russell Pavlicek Xen Project Evangelist Citrix Systems About This Release Xen Project 4.4.0 was released on March 10, 2014. This release is the work of 8 months of
More informationKVM Security Comparison
atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 Tel: 512-349-7525 Fax: 512-349-7933 www.atsec.com KVM Security Comparison a t s e c i n f o r m a t i o n s e c u
More informationVirtualization Technology. Zhiming Shen
Virtualization Technology Zhiming Shen Virtualization: rejuvenation 1960 s: first track of virtualization Time and resource sharing on expensive mainframes IBM VM/370 Late 1970 s and early 1980 s: became
More informationDate: December 2009 Version: 1.0. How Does Xen Work?
Date: December 2009 Version: 1.0 How Does Xen Work? Table of Contents Executive Summary... 3 Xen Environment Components... 3 Xen Hypervisor... 3... 4 Domain U... 4 Domain Management and Control... 6 Xend...
More informationVirtual machines and operating systems
V i r t u a l m a c h i n e s a n d o p e r a t i n g s y s t e m s Virtual machines and operating systems Krzysztof Lichota lichota@mimuw.edu.pl A g e n d a Virtual machines and operating systems interactions
More informationFull and Para Virtualization
Full and Para Virtualization Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF x86 Hardware Virtualization The x86 architecture offers four levels
More informationAttacking Hypervisors via Firmware and Hardware
Attacking Hypervisors via Firmware and Hardware Alex Matrosov (@matrosov), Mikhail Gorobets, Oleksandr Bazhaniuk (@ABazhaniuk), Andrew Furtak, Yuriy Bulygin (@c7zero) Advanced Threat Research Agenda Hypervisor
More informationKnut Omang Ifi/Oracle 19 Oct, 2015
Software and hardware support for Network Virtualization Knut Omang Ifi/Oracle 19 Oct, 2015 Motivation Goal: Introduction to challenges in providing fast networking to virtual machines Prerequisites: What
More information10 Years of Xen and beyond
10 Years of Xen and beyond Lars Kurth Xen Project Community Manager lars.kurth@xen.org @lars_kurth FREENODE: lars_kurth Xen.org becomes XenProject.org Teams aka sub-projects Hypervisor XAPI ARM Hypervisor
More informationXen: FOSS Hypervisor for the Cloud
Xen: FOSS Hypervisor for the Cloud Russell Pavlicek Xen Project Evangelist Russell.Pavlicek@XenProject.org @RCPavlicek So Who s the Fat Geek up Front? About the Speaker... Linux user since 1995; Linux
More informationCloud^H^H^H^H^H Virtualization Technology. Andrew Jones (drjones@redhat.com) May 2011
Cloud^H^H^H^H^H Virtualization Technology Andrew Jones (drjones@redhat.com) May 2011 Outline Promise to not use the word Cloud again...but still give a couple use cases for Virtualization Emulation it's
More informationVirtualization. Types of Interfaces
Virtualization Virtualization: extend or replace an existing interface to mimic the behavior of another system. Introduced in 1970s: run legacy software on newer mainframe hardware Handle platform diversity
More informationVirtual Machines. COMP 3361: Operating Systems I Winter 2015 http://www.cs.du.edu/3361
s COMP 3361: Operating Systems I Winter 2015 http://www.cs.du.edu/3361 1 Virtualization! Create illusion of multiple machines on the same physical hardware! Single computer hosts multiple virtual machines
More informationChapter 5 Cloud Resource Virtualization
Chapter 5 Cloud Resource Virtualization Contents Virtualization. Layering and virtualization. Virtual machine monitor. Virtual machine. Performance and security isolation. Architectural support for virtualization.
More informationAdvanced Computer Networks. Network I/O Virtualization
Advanced Computer Networks 263 3501 00 Network I/O Virtualization Patrick Stuedi Spring Semester 2014 Oriana Riva, Department of Computer Science ETH Zürich 1 Outline Last week: Today: Software Defined
More informationVirtualization in the Cloud: Featuring Xen and XCP
Virtualization in the Cloud: Featuring Xen and XCP Lars Kurth Xen Community Manager lars.kurth@xen.org FREENODE: lars_kurth @lars_kurth A Brief History of Xen in the Cloud Late 90s XenoServer Project A
More informationVirtual Switching Without a Hypervisor for a More Secure Cloud
ing Without a for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton) 1 Public Cloud Infrastructure Cloud providers offer computing resources
More informationVirtualization Technology
Virtualization Technology A Manifold Arms Race Michael H. Warfield Senior Researcher and Analyst mhw@linux.vnet.ibm.com 2008 IBM Corporation Food for Thought Is Virtual Reality an oxymoron or is it the
More informationNested Virtualization
Nested Virtualization Dongxiao Xu, Xiantao Zhang, Yang Zhang May 9, 2013 Agenda Nested Virtualization Overview Dive into Nested Virtualization Details Nested CPU Virtualization Nested MMU Virtualization
More informationKVM: A Hypervisor for All Seasons. Avi Kivity avi@qumranet.com
KVM: A Hypervisor for All Seasons Avi Kivity avi@qumranet.com November 2007 Virtualization Simulation of computer system in software Components Processor: register state, instructions, exceptions Memory
More informationIntel s Virtualization Extensions (VT-x) So you want to build a hypervisor?
Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Mr. Jacob Torrey February 26, 2014 Dartmouth College 153 Brooks Road, Rome, NY 315.336.3306 http://ainfosec.com @JacobTorrey
More informationEnterprise-Class Virtualization with Open Source Technologies
Enterprise-Class Virtualization with Open Source Technologies Alex Vasilevsky CTO & Founder Virtual Iron Software June 14, 2006 Virtualization Overview Traditional x86 Architecture Each server runs single
More informationVirtual Machine Security
Virtual Machine Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ 1 Operating System Quandary Q: What is the primary goal
More informationUses for Virtual Machines. Virtual Machines. There are several uses for virtual machines:
Virtual Machines Uses for Virtual Machines Virtual machine technology, often just called virtualization, makes one computer behave as several computers by sharing the resources of a single computer between
More informationThe QEMU/KVM Hypervisor
The /KVM Hypervisor Understanding what's powering your virtual machine Dr. David Alan Gilbert dgilbert@redhat.com 2015-10-14 Topics Hypervisors and where /KVM sits Components of a virtual machine KVM Devices:
More informationHow To Make A Minecraft Iommus Work On A Linux Kernel (Virtual) With A Virtual Machine (Virtual Machine) And A Powerpoint (Virtual Powerpoint) (Virtual Memory) (Iommu) (Vm) (
Operating System and Hypervisor Support for IOMMUs Muli Ben-Yehuda IBM Haifa Research Lab muli@il.ibm.com p. 1/3 Table of Contents The what and why of IOMMUs. How much does it cost? What can we do about
More informationRPM Brotherhood: KVM VIRTUALIZATION TECHNOLOGY
RPM Brotherhood: KVM VIRTUALIZATION TECHNOLOGY Syamsul Anuar Abd Nasir Fedora Ambassador Malaysia 1 ABOUT ME Technical Consultant for Warix Technologies - www.warix.my Warix is a Red Hat partner Offers
More informationCompromise-as-a-Service
ERNW GmbH Carl-Bosch-Str. 4 D-69115 Heidelberg 3/31/14 Compromise-as-a-Service Our PleAZURE Felix Wilhelm & Matthias Luft {fwilhelm, mluft}@ernw.de ERNW GmbH Carl-Bosch-Str. 4 D-69115 Heidelberg Agenda
More informationVirtualization. Pradipta De pradipta.de@sunykorea.ac.kr
Virtualization Pradipta De pradipta.de@sunykorea.ac.kr Today s Topic Virtualization Basics System Virtualization Techniques CSE506: Ext Filesystem 2 Virtualization? A virtual machine (VM) is an emulation
More informationKVM on S390x. Revolutionizing the Mainframe
KVM on S390x Revolutionizing the Mainframe Audience In depth technology High level overview Audience In depth technology High level overview Yes, you get both! S390x? Mainframe Highly available Highly
More informationCOS 318: Operating Systems. Virtual Machine Monitors
COS 318: Operating Systems Virtual Machine Monitors Kai Li and Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall13/cos318/ Introduction u Have
More informationVirtualization. Dr. Yingwu Zhu
Virtualization Dr. Yingwu Zhu What is virtualization? Virtualization allows one computer to do the job of multiple computers. Virtual environments let one computer host multiple operating systems at the
More informationPOACHER TURNED GATEKEEPER: LESSONS LEARNED FROM EIGHT YEARS OF BREAKING HYPERVISORS. Rafal Wojtczuk <rafal@bromium.com>
POACHER TURNED GATEKEEPER: LESSONS LEARNED FROM EIGHT YEARS OF BREAKING HYPERVISORS Rafal Wojtczuk Agenda About the speaker Types of hypervisors Attack surface Examples of past and
More informationHow to Install Windows on Xen TM 3.0
How to Install Windows on Xen TM 3.0 A XenSource Technical Note for the Windows 2003 Server Introduction This note describes how to install Windows 2003 Server on Xen. It provides an overview of the Linux
More informationHardware Based Virtualization Technologies. Elsie Wahlig elsie.wahlig@amd.com Platform Software Architect
Hardware Based Virtualization Technologies Elsie Wahlig elsie.wahlig@amd.com Platform Software Architect Outline What is Virtualization? Evolution of Virtualization AMD Virtualization AMD s IO Virtualization
More informationCloud Computing CS 15-319
Cloud Computing CS 15-319 Virtualization Case Studies : Xen and VMware Lecture 20 Majd F. Sakr, Mohammad Hammoud and Suhail Rehman 1 Today Last session Resource Virtualization Today s session Virtualization
More informationAttacking Hypervisors via Firmware and Hardware
Attacking Hypervisors via Firmware and Hardware Mikhail Gorobets, Oleksandr Bazhaniuk, Alex Matrosov, Andrew Furtak, Yuriy Bulygin Advanced Threat Research Agenda Hypervisor based isolation Firmware rootkit
More informationNested Virtualization
Nested Virtualization State of the art and future directions Bandan Das Yang Z Zhang Jan Kiszka 2 Outline Introduction Changes and Missing Features for AMD Changes and Missing Features for Intel Working
More informationProfessional Xen Visualization
Professional Xen Visualization William von Hagen WILEY Wiley Publishing, Inc. Acknowledgments Introduction ix xix Chapter 1: Overview of Virtualization : 1 What Is Virtualization? 2 Application Virtualization
More informationBHyVe. BSD Hypervisor. Neel Natu Peter Grehan
BHyVe BSD Hypervisor Neel Natu Peter Grehan 1 Introduction BHyVe stands for BSD Hypervisor Pronounced like beehive Type 2 Hypervisor (aka hosted hypervisor) FreeBSD is the Host OS Availability NetApp is
More informationTom Eastep Linuxfest NW April 26-27, 2008 Bellingham, Washington
Tom Eastep Linuxfest NW April 26-27, 2008 Bellingham, Washington 1. Introduction to Virtualization Techniques 2. Pros and Cons 3. Where does KVM fit in 4. QEMU-kvm 5. Creating a virtual disk 6. Installing
More informationVirtualization for Cloud Computing
Virtualization for Cloud Computing Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF CLOUD COMPUTING On demand provision of computational resources
More informationPractical Applications of Virtualization. Mike Phillips <mpp@mit.edu> IAP 2008 SIPB IAP Series http://stuff.mit.edu/iap/ http://stuff.mit.
Practical Applications of Virtualization Mike Phillips IAP 2008 SIPB IAP Series http://stuff.mit.edu/iap/ http://stuff.mit.edu/sipb/ Some Guy Rambling About Virtualization Stuff He's Read
More informationSecurity Challenges in Virtualized Environments
Security Challenges in Virtualized Environments Joanna Rutkowska, Invisible Things Lab Confidence 2008, Krakow, Poland, May 15th, 2008 1 Virtualization-based MALWARE 2 Using Virtual Machines for ISOLATION
More informationVirtualization Technologies
12 January 2010 Virtualization Technologies Alex Landau (lalex@il.ibm.com) IBM Haifa Research Lab What is virtualization? Virtualization is way to run multiple operating systems and user applications on
More informationKVM: Kernel-based Virtualization Driver
KVM: Kernel-based Virtualization Driver White Paper Overview The current interest in virtualization has led to the creation of several different hypervisors. Most of these, however, predate hardware-assisted
More informationVirtualization System Vulnerability Discovery Framework. Speaker: Qinghao Tang Title:360 Marvel Team Leader
Virtualization System Vulnerability Discovery Framework Speaker: Qinghao Tang Title:360 Marvel Team Leader 1 360 Marvel Team Established in May 2015, the first professional could computing and virtualization
More informationkvm: Kernel-based Virtual Machine for Linux
kvm: Kernel-based Virtual Machine for Linux 1 Company Overview Founded 2005 A Delaware corporation Locations US Office Santa Clara, CA R&D - Netanya/Poleg Funding Expertise in enterprise infrastructure
More informationXen and the Art of Virtualization
Xen and the Art of Virtualization Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauery, Ian Pratt, Andrew Warfield University of Cambridge Computer Laboratory, SOSP
More informationSUSE Virtualization Technologies Roadmap
SUSE Virtualization Technologies Roadmap Michal Svec Senior Product Manager msvec@suse.com Jason Douglas Senior Engineering Manager jdouglas@suse.com Agenda Virtualization @SUSE Enhancements in XEN/KVM
More informationKVM KERNEL BASED VIRTUAL MACHINE
KVM KERNEL BASED VIRTUAL MACHINE BACKGROUND Virtualization has begun to transform the way that enterprises are deploying and managing their infrastructure, providing the foundation for a truly agile enterprise,
More informationHypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:
Hypervisors Credits: P. Chaganti Xen Virtualization A practical handbook D. Chisnall The definitive guide to Xen Hypervisor G. Kesden Lect. 25 CS 15-440 G. Heiser UNSW/NICTA/OKL Virtualization is a technique
More informationBasics of Virtualisation
Basics of Virtualisation Volker Büge Institut für Experimentelle Kernphysik Universität Karlsruhe Die Kooperation von The x86 Architecture Why do we need virtualisation? x86 based operating systems are
More informationNetwork Functions Virtualization on top of Xen
Network Functions Virtualization on top of Xen Joao Martins*, Mohamed Ahmed*, Felipe Huici*, Costin Raiciu, Vladimir Olteanu, Michio Honda*, Roberto Bifulco*, Simon Kuenzer* * NEC Europe Ltd., Heidelberg,
More informationA quantitative comparison between xen and kvm
Home Search Collections Journals About Contact us My IOPscience A quantitative comparison between xen and kvm This content has been downloaded from IOPscience. Please scroll down to see the full text.
More informationEnabling Technologies for Distributed Computing
Enabling Technologies for Distributed Computing Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF Multi-core CPUs and Multithreading Technologies
More informationLinuxCon/CloudOpen 2015
LinuxCon/CloudOpen 2015 The Bare-Metal Hypervisor as a Platform for Innovation By Russell Pavlicek Xen Project Evangelist Russell.Pavlicek@XenProject.org @RCPavlicek About the Old, Fat Geek Up Front Linux
More informationModule I-7410 Advanced Linux FS-11 Part1: Virtualization with KVM
Bern University of Applied Sciences Engineering and Information Technology Module I-7410 Advanced Linux FS-11 Part1: Virtualization with KVM By Franz Meyer Version 1.0 February 2011 Virtualization Architecture
More informationXen in Embedded Systems. Ray Kinsella Senior Software Engineer Embedded and Communications Group Intel Corporation
Xen in Embedded Systems Ray Kinsella Senior Software Engineer Embedded and Communications Group Intel Corporation Legal Notices INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS.
More informationVIRTUALIZATION 101. Brainstorm Conference 2013 PRESENTER INTRODUCTIONS
VIRTUALIZATION 101 Brainstorm Conference 2013 PRESENTER INTRODUCTIONS Timothy Leerhoff Senior Consultant TIES 21+ years experience IT consulting 12+ years consulting in Education experience 1 THE QUESTION
More informationThe Microsoft Windows Hypervisor High Level Architecture
The Microsoft Windows Hypervisor High Level Architecture September 21, 2007 Abstract The Microsoft Windows hypervisor brings new virtualization capabilities to the Windows Server operating system. Its
More informationVirtualization. ! Physical Hardware. ! Software. ! Isolation. ! Software Abstraction. ! Encapsulation. ! Virtualization Layer. !
Starting Point: A Physical Machine Virtualization Based on materials from: Introduction to Virtual Machines by Carl Waldspurger Understanding Intel Virtualization Technology (VT) by N. B. Sahgal and D.
More informationBeyond the Hypervisor
Beyond the Hypervisor A Technical Roadmap for Open Virtualization, Linux, KVM Mike Day Distinguished Engineer, Chief Virtualization Architect, Open Systems Development Saturday, February 22, 2014 1 mdday@us.ibm.com
More informationXen Cloud Platform 0.1 User Security
1 Xen Cloud Platform 0.1 User Security 0.1 Published October 2009 1.0 Edition Xen Cloud Platform 0.1 User Security Xen Cloud Platform 0.1 User Security Published October 2009 Copyright 2009 Xen, XenSource,
More informationVirtualization and Performance NSRC
Virtualization and Performance NSRC Overhead of full emulation Software takes many steps to do what the hardware would do in one step So pure emulation (e.g. QEMU) is slow although much clever optimization
More information9/26/2011. What is Virtualization? What are the different types of virtualization.
CSE 501 Monday, September 26, 2011 Kevin Cleary kpcleary@buffalo.edu What is Virtualization? What are the different types of virtualization. Practical Uses Popular virtualization products Demo Question,
More informationVirtualization Management the ovirt way
ovirt introduction FOSDEM 2013 Doron Fediuck Red Hat What is ovirt? Large scale, centralized management for server and desktop virtualization Based on leading performance, scalability and security infrastructure
More informationVirtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University
Virtual Machine Monitors Dr. Marc E. Fiuczynski Research Scholar Princeton University Introduction Have been around since 1960 s on mainframes used for multitasking Good example VM/370 Have resurfaced
More informationStephen Coty Director, Threat Research
Emerging threats facing Cloud Computing Stephen Coty Director, Threat Research Cloud Environments 101 Cloud Adoption is Gaining Momentum Cloud market revenue will increase at a 36% annual rate Analyst
More informationOn the Feasibility of Software Attacks on Commodity Virtual Machine Monitors via Direct Device Assignment
On the Feasibility of Software Attacks on Commodity Virtual Machine Monitors via Direct Device Assignment Gábor Pék CrySyS Lab, BME Budapest, Hungary pek@crysys.hu Davide Balzarotti Eurecom Sophia Anitpolis,
More informationArchitecture of the Kernel-based Virtual Machine (KVM)
Corporate Technology Architecture of the Kernel-based Virtual Machine (KVM) Jan Kiszka, Siemens AG, CT T DE IT 1 Corporate Competence Center Embedded Linux jan.kiszka@siemens.com Copyright Siemens AG 2010.
More informationUsing Linux as Hypervisor with KVM
Using Linux as Hypervisor with KVM Qumranet Inc. Andrea Arcangeli andrea@qumranet.com (some slides from Avi Kivity) CERN - Geneve 15 Sep 2008 Agenda Overview/feature list KVM design vs other virtualization
More informationA technical review on comparison of Xen and KVM hypervisors: An analysis of virtualization technologies
ISSN (Online) : 2278-1021 A technical review on comparison of Xen and KVM hypervisors: An analysis of technologies Ms Jayshri Damodar Pagare 1, Dr. Nitin A Koli 2 Research Scholar, Sant Gadge Baba Amravati
More informationChapter 14 Virtual Machines
Operating Systems: Internals and Design Principles Chapter 14 Virtual Machines Eighth Edition By William Stallings Virtual Machines (VM) Virtualization technology enables a single PC or server to simultaneously
More information2972 Linux Options and Best Practices for Scaleup Virtualization
HP Technology Forum & Expo 2009 Produced in cooperation with: 2972 Linux Options and Best Practices for Scaleup Virtualization Thomas Sjolshagen Linux Product Planner June 17 th, 2009 2009 Hewlett-Packard
More informationIncreasing XenServer s VM density
Increasing XenServer s VM density Jonathan Davies, XenServer System Performance Lead XenServer Engineering, Citrix Cambridge, UK 24 Oct 2013 Jonathan Davies (Citrix) Increasing XenServer s VM density 24
More informationWindows Server Virtualization & The Windows Hypervisor
Windows Server Virtualization & The Windows Hypervisor Brandon Baker Lead Security Engineer Windows Kernel Team Microsoft Corporation Agenda - Windows Server Virtualization (WSV) Why a hypervisor? Quick
More informationHow To Create A Cloud Based System For Aaas (Networking)
1 3.1 IaaS Definition IaaS: Infrastructure as a Service Through the internet, provide IT server, storage, computing power and other infrastructure capacity to the end users and the service fee based on
More informationCPET 581 Cloud Computing: Technologies and Enterprise IT Strategies. Virtualization of Clusters and Data Centers
CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies Lecture 4 Virtualization of Clusters and Data Centers Text Book: Distributed and Cloud Computing, by K. Hwang, G C. Fox, and J.J. Dongarra,
More informationApplication Performance in the Cloud, and its Relationship to QoS
Application Performance in the Cloud, and its Relationship to QoS Fall 2010 First, Last Someone@my.csun.edu Student ID: xxxxxxxxx September 22, 2010 Committee Chair: Dr. Shan Barkataki Approved by: Committee
More informationEnabling Technologies for Distributed and Cloud Computing
Enabling Technologies for Distributed and Cloud Computing Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF Multi-core CPUs and Multithreading
More informationHybrid Virtualization The Next Generation of XenLinux
Hybrid Virtualization The Next Generation of XenLinux Jun Nakajima Principal Engineer Intel Open Source Technology Center Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL
More informationOS Virtualization Frank Hofmann
OS Virtualization Frank Hofmann OP/N1 Released Products Engineering Sun Microsystems UK Overview Different approaches to virtualization > Compartmentalization > System Personalities > Virtual Machines
More informationIntroduction to Virtualization & KVM
Introduction to Virtualization & KVM By Zahra Moezkarimi ICT Research Institute Software Platform Laboratory Outline Virtualization History Overview Advantages and Limitations Types of virtualization Virtualization
More informationVirtualization. Explain how today s virtualization movement is actually a reinvention
Virtualization Learning Objectives Explain how today s virtualization movement is actually a reinvention of the past. Explain how virtualization works. Discuss the technical challenges to virtualization.
More informationVirtualization System Security
Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation Overview Vulnerability disclosure analysis Vulnerability
More informationHow To Compare Performance Of A Router On A Hypervisor On A Linux Virtualbox 2.5 (Xen) To A Virtualbox 3.5.2 (Xeen) 2.2.5-Xen-Virtualization (X
Performance Evaluation of Virtual Routers in Para-virtual Environment 1. Abhishek Bajaj abhishek.bajaj@iiitb.net 2. Anargha Biswas anargha.biswas@iiitb.net 3. Ambarish Kumar ambarish.kumar@iiitb.net 4.
More informationKVM Architecture Overview
KVM Architecture Overview 2015 Edition Stefan Hajnoczi 1 Introducing KVM virtualization KVM hypervisor runs virtual machines on Linux hosts Mature on x86, recent progress on ARM and
More informationGUEST OPERATING SYSTEM BASED PERFORMANCE COMPARISON OF VMWARE AND XEN HYPERVISOR
GUEST OPERATING SYSTEM BASED PERFORMANCE COMPARISON OF VMWARE AND XEN HYPERVISOR ANKIT KUMAR, SAVITA SHIWANI 1 M. Tech Scholar, Software Engineering, Suresh Gyan Vihar University, Rajasthan, India, Email:
More informationMasters Project Proposal
Masters Project Proposal Virtual Machine Storage Performance Using SR-IOV by Michael J. Kopps Committee Members and Signatures Approved By Date Advisor: Dr. Jia Rao Committee Member: Dr. Xiabo Zhou Committee
More informationA Survey on Virtual Machine Security
A Survey on Virtual Machine Security Jenni Susan Reuben Helsinki University of Technology jreubens@cc.hut.fi Abstract Virtualization plays a major role in helping the organizations to reduce the operational
More informationwww.see-grid-sci.eu Regional SEE-GRID-SCI Training for Site Administrators Institute of Physics Belgrade March 5-6, 2009
SEE-GRID-SCI Virtualization and Grid Computing with XEN www.see-grid-sci.eu Regional SEE-GRID-SCI Training for Site Administrators Institute of Physics Belgrade March 5-6, 2009 Milan Potocnik University
More informationVirtual Machines. Virtual Machine (VM) Examples of Virtual Systems. Types of Virtual Machine
1 Virtual Machines Virtual Machine (VM) Layered model of computation Software and hardware divided into logical layers Layer n Receives services from server layer n 1 Provides services to client layer
More informationInstalling & Using KVM with Virtual Machine Manager COSC 495
Installing & Using KVM with Virtual Machine Manager COSC 495 1 Abstract:. There are many different hypervisors and virtualization software available for use. One commonly use hypervisor in the Linux system
More informationand Linux Virtualization Solutions
1Interoperability Between Windows and Linux Virtualization Solutions A Microsoft/Novell White Paper 1.1 Why You Should Read this White Paper Virtualization technology is a critically necessary solution
More informationVIRTUALIZATION INTROSPECTION SYSTEM ON KVM-BASED CLOUD COMPUTING PLATFORMS. 100356010@nccu.edu.tw Advisor: yuf@nccu.edu.tw Software Security Lab.
VIRTUALIZATION INTROSPECTION SYSTEM ON KVM-BASED CLOUD COMPUTING PLATFORMS 100356010@nccu.edu.tw Advisor: yuf@nccu.edu.tw Software Security Lab. Motivation The era of cloud computing Motivation In the
More informationVirtualization. P. A. Wilsey. The text highlighted in green in these slides contain external hyperlinks. 1 / 16
Virtualization P. A. Wilsey The text highlighted in green in these slides contain external hyperlinks. 1 / 16 Conventional System Viewed as Layers This illustration is a common presentation of the application/operating
More informationUsing IOMMUs for Virtualization in Linux
Using IOMMUs for Virtualization in Linux and Xen Muli Ben Yahuda, Jon Mason, Orran Krieger, Jimi Xenidis, Leendert Van Dorn, Asit Mallick, Jun Nakajima, Elsia Wahlig jdmason@us.ibm.com Where in the world
More informationThe NOVA Microhypervisor
The NOVA Microhypervisor Germany Microprocessor Lab, Intel Labs Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL
More information