Virtualisation Without a Hypervisor in Cloud Infrastructures: An Initial Analysis

Size: px
Start display at page:

Download "Virtualisation Without a Hypervisor in Cloud Infrastructures: An Initial Analysis"

Transcription

1 Virtualisation Without a Hypervisor in Cloud Infrastructures: An Initial Analysis William A. R. de Souza and Allan Tomlinson Information Security Group Royal Holloway, University of London Egham Hill, Egham, United Kingdom Abstract Virtualisation is a fundamental technology for data centres and cloud architectures. The central component of virtualisation is the hypervisor, which may be considered as a virtual machine with high privileges in the system that plays a fundamental role in the virtualised environment. In order to perform this role, a hypervisor is built as a complex and large piece of software. Because of this, it has a great surface of attack and it is a main target for attackers in virtualised environment. Many approaches have been presented to mitigate the threats against hypervisors, e.g. minimise its code, add extra code to verify its integrity and harden it. A NoHype architecture is a new approach to this problem that proposes simply eliminate the hypervisor. In this paper we do an initial analysis of this approach. We show that, although it is a feasible architecture that can be implemented with today's commodity hardware, it does not mitigate all the threats to the hypervisor, it introduces new threats and restrains scalability of cloud architecture. Keywords Virtualisation; hypervisor; cloud computing; security. I. INTRODUCTION Virtualisation is a technique used to simulate one or more computers in a single physical machine. By physical machine we mean a hardware device, such as a PC, a server or mobile device. It allows us to run several different environments with multiple operating systems (guest OS) on the same physical machine (host hardware). Two main components of a virtualised environment are the virtual machine (VM) and the virtual machine monitor (VMM) or hypervisor. A virtual machine is a software implementation that provides an isolated software container where an OS and its applications can run [1]. The same resources available in the underlying physical machine (although not necessarily the same amount) are available to the virtual machine. A hypervisor is a high privileged VM that manages all other virtual machines in the same virtualised environment [1]. It consists as a layer between the VMs and the hardware and controls the guest OSs access to the machine resources. Virtualisation is a central technology in data centres and has laid the foundation for advances in this kind of computer facility, enabling the cloud infrastructure and cloud computing [1]. The three main categories of virtualisation are: Full virtualisation, Paravirtualisation and Hardware-assisted virtualisation [1][18][19]. Full Virtualisation provides a complete abstraction of the guest OS, simulating the underlying hardware in such a manner that the guest OS is not aware about the virtualisation and has the impression that all hardware resources are allocated to it. This is achieved by a combination of binary translation and direct execution [18]. Binary translation is a technique that replaces non-virtualisable instructions with new sequences of instructions. In order to improve the performance, user level code is directly executed on the processor. No modifications are necessary neither the guest OS nor the underlying hardware. VMware s virtualization products and Microsoft Virtual Server are examples of full virtualisation [18]. Paravirtualisation address the non-virtualisable instructions problem by modifying the guest OS kernel and replacing these instructions with hypercalls that communicate directly with the virtualisation layer, which provides hypercall interfaces for other critical kernel operations [18]. Thus, the hypercall plays the same role in Paravirtualisation that binary translation plays in the Full virtualisation techniques. For instance, the instruction IOINSR, used when the guest software attempted to execute an I/O instruction, should be replace with a new sequence of instructions in binary translation or should be transformed in a hypercall if Paravirtualisation is being used. A hypercall is similar to a system call used in a OS, that is why in order to use Paravirtualisation it is necessary modify the guest OS. In this case, commodity OS cannot be used. The Citrix XenServer is a example of Paravirtualisation. Some OS as Ubuntu and Red Hat also offer support for Paravirtualisation. Hardware-assisted virtualisation is a set of features developed by hardware vendors in order to provide hardware mechanisms to simplify the use of virtualisation. It targets privileged instructions and includes a new CPU feature that allows the hypervisor to run in a new root mode below ring 0. Thus privileged and sensitive calls are set to automatically trap to the hypervisor, eliminating the need for either binary translation or hypercalls. Examples of this technology include Intel Virtualization Technology (VT-x) and AMD s AMD-V [18]. ISBN: PGNet

2 A cloud infrastructure provides a set of resources for customers to run their applications and store their information. By taking advantage of virtualisation, the cloud infrastructure allows several virtual machines, from different customers, to exist in the same physical machine permitting economies of scale and providing a dynamic and scalable set of resources at a cost affordable for customers. So, customers can purchase the amount of resources that they need for their applications. That main feature of cloud infrastructure is also the main concern for customers, since the sharing environment is suitable for a malicious party to attack the assets in the infrastructure [2] [3]. Thus, a malicious VM can attack another VM running on the same server, the hypervisor or the hardware infrastructure, potentially exploiting a wide range of vulnerabilities [4]. Some work has shown that this is possible, as in the case of a successful execution of code on the host from a guest OS in a VMware environment [5] and an exploitation of the Xen hypervisor that allows to include a backdoor functionality inside of it [6]. There are many approaches to mitigate those threats. One approach is adding extra code to the hypervisor in order to verify its integrity [7] [8]. Conversely, another approach is minimising the hypervisor [9] [10] in order to diminish the attack surface, leaving just the essential functionality in the hypervisor. The most common approach is hardening the hypervisor [11] [12] [13]. The 'no hypervisor' strategy [14] [15] proposes a radical new approach. Rather than defending the hypervisor, they remove the attack surface by getting rid of the hypervisor, but preserving the semantics of virtualisation. In those works, the authors present an architecture called NoHype that is focused on Cloud Computing. From this point, we will use the terms NoHype architecture or NoHype system, interchangeably. The NoHype architecture is built upon the Full virtualisation technique. Paravirtualisation and Hardwareassisted virtualisation are not directly considered in NoHype. However although not explicit in [14][15], it is clear that since NoHype eliminates the hypervisor then binary translation, or any other type of technique to address non-virtualisable instructions, is not needed after the disengagement stage. In this context, this work does an initial analysis of how much the no hypervisor strategy can help in a cloud computing infrastructure. Thus, we discuss how safe it can be, the threats that it can mitigate, the limitations of this model and most importantly, if it is introducing new threats in the cloud infrastructure. As we will see from the analysis, virtualisation without a hypervisor is a feasible architecture and can be implemented with today's commodities hardware. But, it does not mitigate all the threats posed by a hypervisor and introduces new threats. Besides, it restrains one important feature of cloud architecture: scalability. The remainder of this work is organised as follows. In Section 2 we discuss background on hypervisors. In Section 3 we explain the hypervisor attack surface. In Section 4 we present the no hypervisor architecture. We conduct a brief analysis of the no hypervisor architecture in Section 5 and present a conclusion and work in progress in Section 6. II. THE HYPERVISOR The hypervisor is a VM with elevated privileges and plays a main role in the virtualised environment. Among its tasks, we have management of VMs (the guest OSs), scheduling, memory management, maintaining VM state, creating partition to VM with isolation and so on. Some required features for a hypervisor are security, since it is a main target for attacks, and resource scalability on-the-fly, i.e., the hypervisor should be able to allocate more resources from the host system without stopping the VM that needs the resource. The performance and scalability of a hypervisor contributes to the quality of the virtualisation in a cloud infrastructure. There are two main types of hypervisors: bare-metal hypervisor (or type 1) and hosted hypervisor (type 2) [1]. The bare-metal hypervisor runs directly on the hardware platform and it is a kind of thin OS. It controls and handles the resources of the hardware, scheduling VM and the access to resources. Besides, it monitors the guests OS. The type 1 is preferred in environments that require high efficiency. Some examples of commercial type 1 hypervisors are VMware ESX, Citrix XenServer e Microsoft Hyper-V. The hosted hypervisor runs on top of an OS environment, as a process. In this sense, it manages and controls resources presented by the underlying OS. It is normally used in systems that require a variety of input/output devices and efficiency is not a critical factor. Some examples of commercial type 2 hypervisors are Parallels workstation, Microsoft virtual server, VMware server and VMware workstation. III. UNDERSTANDING THE HYPERVISOR ATTACK SURFACE A VM exit is a kind of trap-and-emulate virtualisation implementation and occurs when the guest VM s code tries executing a privileged instruction. This is an error since the VM is in user mode. So the guest VM s code is interrupted (trap) and the hypervisor code begins to execute to handle the privileged instruction (emulate) [1]. VM exits are rather frequent. For instance, in an idle VM running on top of Xen 4.0, the VM exits occur 600 times/s [15]. In [15] we can see a more detailed experiment on VM exits with Xen 4.0 hypervisor. This is the major entry point for attacks in the hypervisor, since a malicious VM could force a VM exit to occur, trying to simulate an execution of privileged instructions, and inject malicious code or cause a malfunction in the hypervisor. By Injecting code, a malicious VM can violate confidentiality, integrity and availability of other VMs and of the hypervisor. IV. NO HYPERVISOR ARCHITECTURE The main idea of the no hypervisor (NoHype) architecture, as proposed in [14] and [15], is eliminating the hypervisor attack surface altogether. In this way, there is no more need for the virtual machines to interact with the hypervisor when they are executing. However, in NoHype architecture the semantic of virtualisation is preserved, since it is possible to run and manage virtual machines as is done in the cloud infrastructures.

3 No special hardware is necessary to do this, so today s commodity hardware can be used to host NoHype architecture. Thus, getting rid of the hypervisor, one can get rid of the attacks that a hypervisor would be vulnerable. A. The Threat Model for NoHype Architecture The objective of NoHype is protecting the cloud infrastructure against attacks perpetrated through or against the hypervisor by the guest VMs. The idea is eliminating the interaction between VMs and hypervisor, preventing attacks. The threat model [16] of the NoHype architecture is shown in Fig. 1 as a Data Flow Diagram (DFD). In the threat model we can see that the cloud infrastructure provider, the cloud management software and the modified guest OS (key idea 3, below) are assumed not to be malicious and they are included in a "trust" boundary. The cloud provider modifies the guest OS, accordingly with NoHype requirements and make it available for customers. The process "Modify OS for NoHype" is responsible for this task. The cloud management software offers an interface for customers manage their VMs. The multiple process "Enable services on VMs" allows start, stop, migrate and all others services related to a VM. A VM starts a VM exit, as described in section 3, so the hypervisor identifies the exit type and executes the suitable action by means of the process "Emulate instructions". After completing the action, the hypervisor return the control of execution for the VM. It makes no assumption about the customer, other than the responsibility for protecting their applications in a VM. So, the customers are included in an "unknown" boundary. B. NoHype Key Ideas NoHype considers the main roles of a hypervisor in today's cloud infrastructure and provides the same functionality by another means; capitalizing on the cloud model and on the resources available in commodity hardware. Comparatively, the main resources managed by the hypervisor (its main role) are processor cores, memory, I/O devices and interrupts and timers. The key ideas of NoHype infrastructure are to preallocate memory and cores, use only virtualised I/O devices, short-circuit the system discovery process and avoid indirection. Fig. 1. DFD for the threat model for NoHype architecture. The key ideas are detailed below [14] [15]: 1) Key idea 1: Pre-allocate memory and cores. The hypervisor dynamically manages the memory and processor cores, so VMs can be promised more resources than are actually physically available. Since in cloud the customer specifies the resources needed before a VM is created, NoHype can pre-allocate processor cores and memory, enforcing memory isolation by means of hardware paging mechanisms. 2) Key idea 2: Use only virtualised I/O devices. Virtualisation software emulates I/O devices. NoHype dedicates I/O devices to the guest VM, since the devices themselves are virtualised and there is just a few devices needed in the cloud infrastructure, as network connection (NIC), storage, and graphics card. 3) Key idea 3: Short-circuit the system discovery process. In order to run in a different kind of platform, an OS tries to discover the configuration of the host system. NoHype uses a temporary hypervisor and needs a modified guest OS (provided by the cloud infrastructure) in order to allow

4 hardware discovery only during the bootup and caching the system configuration data for later use. 4) Key idea 4: Avoid indirection. Hypervisors need to map the virtual view to real hardware (indirection). NoHype dedicates processor cores to a VM. So, a guest VM can access the real processor ID, eliminating the need for indirection. V. A INITIAL ANALYSIS OF THE NO HYPERVISOR ARCHITECTURE In [15] there is a security analysis of the NoHype architecture. We complement this analysis and add some new points of view related to the security and the operation of the cloud infrastructure using NoHype system, describing item by item identified, as showed below. A. System Management Software After implementing a NoHype system in a server, we need the system management software to perform some of the hypervisor tasks, as start, stop and migrates VMs. This is assumed to be secure in NoHype. However, since NoHype is intended to be used in a real world scenario, in a cloud environment using NoHype architecture, the system management software is still an important entry point and target for attacks, since it runs in privileged mode. It is noteworthy that there is no interaction between the system management software and the VM guest code in NoHype. The threats to the system management could come from the interaction with other components of the cloud infrastructure, such as the cloud management software, the cloud provider or the modified guest OS, which could be previously compromised by a malicious party. B. Temporary Hypervisor NoHype architecture proposes altogether to get rid of the hypervisor. But it still needs the hypervisor, even though it is just in the bootup process. Although the VM guest is disengaged from the temporary hypervisor before VM guest is able to execute its code, if the temporary hypervisor is compromised from a previous attack, all proposed security for NoHype system could be compromised. Moreover, the temporary hypervisor stays active for the whole lifetime of the system: this means that it remains a prime target for attacks. C. Data Cached from the System Discovery Process NoHype utilises a temporary hypervisor and a modified guest OS to perform the system discovery tasks. This is an important feature of OSs that allows them to run in different hardware platforms. In order to avoid the need for a hypervisor during the lifetime of the guest VM, the data collected during the system discovery process is cached; then a guest VM can query the data as often as it needs. The problem is to guarantee that this data cached will not be modified by another malicious VM. It is probably done by the same memory protection mechanisms, as EPT, depends on the memory region where the data is cached. D. Kill VM Routine The kill VM routine is a NoHype piece of code that is triggered any time a VM does some illegal action and consequently causes a VM exit, as implemented in NoHype system. Thus, a VM exit is illegal in the system. But, since NoHype needs a temporary hypervisor, a VM exit is not always illegal. As soon as the guest VM is disengaged, a flag in the memory is set, indicating the illegal condition of the VM exits. Since is not clear where in the memory this flag is and what part of the architecture is responsible for managing this flag, we cannot know how hard is, for an attacker, to change this flag. So, an attacker could just change this flag to allow VM exit and compromise the system. Also, the kill VM routine must be protected itself. E. Denial of Service by Means of IPI In the NoHype system, a VM can send interprocessor interupts (IPI) to other cores, as much as it wishes. As a consequence, a malicious VM can send several IPI for a core where a target VM is running or for the core 0, where the system management software is running, as defined by NoHype system. In order to mitigate this threat, NoHype system uses a flag (for each type of IPI) in a shared region in the memory in a manner that a VM sending an IPI can set the flag and the VM receiving the IPI can check and clear the flag. So, a VM receiving an IPI can ignore this IPI, if the flag is not set. Allegedly the security of this process is based on the fact that "no VM can access memory of another VM", so an attacker will not be able to set the flags. But, it is not clear how a VM can differentiate a legal IPI from an IPI sent by an attacker and since an attacker can be a (malicious) VM, he can set his own flags and the VM receiving the IPI can do nothing about this, but receive the IPI. Besides, since the region in memory that holds the flag is shared, why wouldn't the attacker (a malicious VM) have access to it? An experiment performed by the authors in [15] has indicated that this is not a serious problem, since the ability to send IPI by a VM could not stop its targets. F. Hardware Dependency for Isolation The isolation in the NoHype system is dependent on hardware mechanisms. Especially in the case of memory, isolation heavily depends on the correct functioning and implementation of the extended page table (EPT) in order to guarantee confidentiality and integrity. Thus, the EPT is a critical point in the system and beyond the control of NoHype. It must be considered in the threat model and mitigated. G. Infrastructure Mapping Since NoHype eliminates the hypervisor, VMs are closer to the underlying hardware. Thus, a malicious VM could map the underlying hardware infrastructure and perform sidechannel attacks, as described in [17]. In this way, a malicious VM could identify where its target VM is performing in order to perpetrate an attack against it. Singly, it cannot be a problem in NoHype system. But, considering the possibility of previous attacks being successful, as suggested in the previous

5 sections, discovering where the target VM is running is an important task performed by an attacker in order to advance in his exploitation. H. Pre-allocation x scalability NoHype capitalises on the fact that customers need to determine the amount of resources they want for their applications, in a cloud environment. So, NoHype can assign cores and portions of memory for these customers in advance (pre-allocation), which is the basis of its operation. But, the ability to dynamically increase the amount of hardware resources for a customer is one of the main features in a cloud infrastructure and therefore a serious problem in the NoHype architecture. VI. CONCLUSION AND WORK IN PROGRESS The NoHype architecture proposes a radical new approach to address the matter of security involving the hypervisor: get rid of it! It presents four key ideas: pre-allocate memory and cores, use only virtualised I/O devices, short-circuit the system discovery process and avoid indirection. Basically, NoHype identifies the main roles of a hypervisor and searches for some other manner to do the same thing, in order to eliminate the hypervisor. Although the NoHype system is a feasible architecture that can be implemented with today's commodity hardware, it has a set of issues that could lead a cloud provider to stay with a traditional hypervisor infrastructure. For instance, it does not mitigate all the threats posed by a hypervisor, it introduces new threats to the virtualised environment and it restrains scalability, which is one important feature of cloud architecture. Our work is establishing an extended threat model for the NoHype architecture and identifying entry points in the architecture which can be attacked or can enable attacks. Using Data Flow Diagrams in deeper levels, we will investigate the data flows within the system, the processes transforming these data, the components involved and the types of boundaries in NoHype and in the cloud. Ultimately our goal is to accurately identify the entry points and threats to this architecture with a view to mitigating any vulnerabilities. REFERENCES [1] A. Silberschatz, P. Galvin, and G. Gagne, Operating System Concepts, 9th ed. Hoboken, NJ: Wiley, [2] M. Christodorescu, R. Sailer, D.L. Schales, D. Sgandurra, and D. Zamboni, D, "Cloud security is not (just) virtualization security: a short paper," Proceedings of the 2009 ACM workshop on Cloud computing security, ACM, 2009, [3] A.S. Ibrahim, J.H. Harris, and J. Grundy, "Emerging Security Challenges of Cloud Virtual Infrastructure," in Proceedings of APSEC 2010, Cloud Workshop, Sidney, Australia, 20 nov2010. [4] D. Shackleford, Virtualization Security: Protecting Virtualized Environments. Indianapolis, IN: Sybex, [5] K. Kortchinsky, Hacking 3D (and Breaking out of VMWare), BlackHat USA, [6] R. Wojtczuk, Subverting the Xen hypervisor, BlackHat USA, [7] A.M, Azab, P. Ning, E.C. Sezer, and X. Zhang, "HIMA: A Hypervisor- Based Integrity Measurement Agent," Proceedings of the 2009 Annual Computer Security Applications Conference, IEEE Computer Society, 2009, [8] A. M. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. C. Skalsky, "HyperSentry: Enabling stealthy in-context measurement of hypervisor integrity," in ACM Conference on Computer and Communications Security (CCS), pages 38 49, October [9] A. Seshadri, M. Luk, N. Qu, and A. Perrig, "SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes," SIGOPS Oper. Syst. Rev., 41(6): , December [10] J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig, "TrustVisor: Efficient TCB reduction and attestation," in IEEE Symposium on Security and Privacy, pages , May [11] C. Li, A. Raghunathan, and N. K. Jha, "Secure virtual machine execution under an untrusted management OS," in Proceedings of the Conference on Cloud Computing (CLOUD), July [12] R. Sailer, E. Valdez, T. Jaeger, R. Perez, L. V. Doorn, J. L. Griffin and G. S. Berger, "shype: Secure hypervisor approach to trusted virtualized systems," Technical Report RC23511, IBM Research, [13] U. Steinberg and B. Kauer, "NOVA: A microhypervisor-based secure virtualization architecture," in European Conference on Computer Systems, April [14] E. Keller, J. Szefer, J. Rexford, and R. B. Lee, "NoHype: Virtualized cloud infrastructure without the virtualization," in International Symposium on Computer Architecture (ISCA), June [15] J. Szefer, E. Keller, R.B. Lee, and J. Rexford, "Eliminating the hypervisor attack surface for a more secure cloud," in Proceedings of the 18th ACM conference on Computer and communications security, ACM, 2011, [16] F. Swiderski and W. Snyder, Threat Modeling. Redmond, WA: Microsoft Press, [17] T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, "Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds," in ACM Conference on Computer and Communications Security (CCS), November [18] VMware. Understanding Full Virtualization, Paravirtualization, and Hardware Assist Accessed in 20/03/2013. [19] Shackleford, D. Virtualization Security: Protecting Virtualized Environments Sybex, 2013.

A Threat Model for a Cloud Infrastructure with no Hypervisor

A Threat Model for a Cloud Infrastructure with no Hypervisor A Threat Model for a Cloud Infrastructure with no Hypervisor William A. R. de Souza, Allan Tomlinson Information Security Group Royal Holloway, University of London Egham Hill, Egham, United Kingdom Abstract

More information

Full and Para Virtualization

Full and Para Virtualization Full and Para Virtualization Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF x86 Hardware Virtualization The x86 architecture offers four levels

More information

Server Virtualisation with VMware. Philipp Heckel, University of Mannheim, 4/12/08 1

Server Virtualisation with VMware. Philipp Heckel, University of Mannheim, 4/12/08 1 Server Virtualisation with VMware Philipp Heckel, University of Mannheim, 4/12/08 1 Virtualisation 1. Virtualisation Overview 2. Impact on Service Providers 3. Virtualisation Technology 4. VMware Infrastructure

More information

Virtualization. Pradipta De pradipta.de@sunykorea.ac.kr

Virtualization. Pradipta De pradipta.de@sunykorea.ac.kr Virtualization Pradipta De pradipta.de@sunykorea.ac.kr Today s Topic Virtualization Basics System Virtualization Techniques CSE506: Ext Filesystem 2 Virtualization? A virtual machine (VM) is an emulation

More information

Survey On Hypervisors

Survey On Hypervisors Survey On Hypervisors Naveed Alam School Of Informatics and Computing Indiana University Bloomington nalam@indiana.edu ABSTRACT Virtual machines are increasing in popularity and are being widely adopted.

More information

CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies. Virtualization of Clusters and Data Centers

CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies. Virtualization of Clusters and Data Centers CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies Lecture 4 Virtualization of Clusters and Data Centers Text Book: Distributed and Cloud Computing, by K. Hwang, G C. Fox, and J.J. Dongarra,

More information

Basics of Virtualisation

Basics of Virtualisation Basics of Virtualisation Volker Büge Institut für Experimentelle Kernphysik Universität Karlsruhe Die Kooperation von The x86 Architecture Why do we need virtualisation? x86 based operating systems are

More information

Compromise-as-a-Service

Compromise-as-a-Service ERNW GmbH Carl-Bosch-Str. 4 D-69115 Heidelberg 3/31/14 Compromise-as-a-Service Our PleAZURE Felix Wilhelm & Matthias Luft {fwilhelm, mluft}@ernw.de ERNW GmbH Carl-Bosch-Str. 4 D-69115 Heidelberg Agenda

More information

Cloud Computing CS 15-319

Cloud Computing CS 15-319 Cloud Computing CS 15-319 Virtualization Case Studies : Xen and VMware Lecture 20 Majd F. Sakr, Mohammad Hammoud and Suhail Rehman 1 Today Last session Resource Virtualization Today s session Virtualization

More information

Virtualization. Types of Interfaces

Virtualization. Types of Interfaces Virtualization Virtualization: extend or replace an existing interface to mimic the behavior of another system. Introduced in 1970s: run legacy software on newer mainframe hardware Handle platform diversity

More information

NoHype: Virtualized Cloud Infrastructure without the Virtualization

NoHype: Virtualized Cloud Infrastructure without the Virtualization NoHype: Virtualized Cloud Infrastructure without the Virtualization Eric Keller, Jakub Szefer, Jennifer Rexford, Ruby Lee Princeton University ISCA 2010 Virtualized Cloud Infrastructure Run virtual machines

More information

Hypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:

Hypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits: Hypervisors Credits: P. Chaganti Xen Virtualization A practical handbook D. Chisnall The definitive guide to Xen Hypervisor G. Kesden Lect. 25 CS 15-440 G. Heiser UNSW/NICTA/OKL Virtualization is a technique

More information

Virtualization Technologies

Virtualization Technologies 12 January 2010 Virtualization Technologies Alex Landau (lalex@il.ibm.com) IBM Haifa Research Lab What is virtualization? Virtualization is way to run multiple operating systems and user applications on

More information

SecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes!

SecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes! SecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes! Kun Sun, Jiang Wang, Fengwei Zhang, Angelos Stavrou! Center for Secure Information Systems! George Mason University!

More information

Virtualization. Jukka K. Nurminen 23.9.2015

Virtualization. Jukka K. Nurminen 23.9.2015 Virtualization Jukka K. Nurminen 23.9.2015 Virtualization Virtualization refers to the act of creating a virtual (rather than actual) version of something, including virtual computer hardware platforms,

More information

Distributed Systems. Virtualization. Paul Krzyzanowski pxk@cs.rutgers.edu

Distributed Systems. Virtualization. Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Virtualization Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. Virtualization

More information

Understanding Full Virtualization, Paravirtualization, and Hardware Assist. Introduction...1 Overview of x86 Virtualization...2 CPU Virtualization...

Understanding Full Virtualization, Paravirtualization, and Hardware Assist. Introduction...1 Overview of x86 Virtualization...2 CPU Virtualization... Contents Introduction...1 Overview of x86 Virtualization...2 CPU Virtualization...3 The Challenges of x86 Hardware Virtualization...3 Technique 1 - Full Virtualization using Binary Translation...4 Technique

More information

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Mr. Jacob Torrey February 26, 2014 Dartmouth College 153 Brooks Road, Rome, NY 315.336.3306 http://ainfosec.com @JacobTorrey

More information

VMware and CPU Virtualization Technology. Jack Lo Sr. Director, R&D

VMware and CPU Virtualization Technology. Jack Lo Sr. Director, R&D ware and CPU Virtualization Technology Jack Lo Sr. Director, R&D This presentation may contain ware confidential information. Copyright 2005 ware, Inc. All rights reserved. All other marks and names mentioned

More information

Virtualization Technology. Zhiming Shen

Virtualization Technology. Zhiming Shen Virtualization Technology Zhiming Shen Virtualization: rejuvenation 1960 s: first track of virtualization Time and resource sharing on expensive mainframes IBM VM/370 Late 1970 s and early 1980 s: became

More information

COS 318: Operating Systems. Virtual Machine Monitors

COS 318: Operating Systems. Virtual Machine Monitors COS 318: Operating Systems Virtual Machine Monitors Kai Li and Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall13/cos318/ Introduction u Have

More information

Virtualization System Security

Virtualization System Security Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation Overview Vulnerability disclosure analysis Vulnerability

More information

COM 444 Cloud Computing

COM 444 Cloud Computing COM 444 Cloud Computing Lec 3: Virtual Machines and Virtualization of Clusters and Datacenters Prof. Dr. Halûk Gümüşkaya haluk.gumuskaya@gediz.edu.tr haluk@gumuskaya.com http://www.gumuskaya.com Virtual

More information

Windows Server Virtualization & The Windows Hypervisor

Windows Server Virtualization & The Windows Hypervisor Windows Server Virtualization & The Windows Hypervisor Brandon Baker Lead Security Engineer Windows Kernel Team Microsoft Corporation Agenda - Windows Server Virtualization (WSV) Why a hypervisor? Quick

More information

Virtualization and the U2 Databases

Virtualization and the U2 Databases Virtualization and the U2 Databases Brian Kupzyk Senior Technical Support Engineer for Rocket U2 Nik Kesic Lead Technical Support for Rocket U2 Opening Procedure Orange arrow allows you to manipulate the

More information

Chapter 16: Virtual Machines. Operating System Concepts 9 th Edition

Chapter 16: Virtual Machines. Operating System Concepts 9 th Edition Chapter 16: Virtual Machines Silberschatz, Galvin and Gagne 2013 Chapter 16: Virtual Machines Overview History Benefits and Features Building Blocks Types of Virtual Machines and Their Implementations

More information

Microkernels, virtualization, exokernels. Tutorial 1 CSC469

Microkernels, virtualization, exokernels. Tutorial 1 CSC469 Microkernels, virtualization, exokernels Tutorial 1 CSC469 Monolithic kernel vs Microkernel Monolithic OS kernel Application VFS System call User mode What was the main idea? What were the problems? IPC,

More information

Networking for Caribbean Development

Networking for Caribbean Development Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g Virtualization: Architectural Considerations and Implementation Options Virtualization Virtualization is the

More information

Virtualization. Dr. Yingwu Zhu

Virtualization. Dr. Yingwu Zhu Virtualization Dr. Yingwu Zhu What is virtualization? Virtualization allows one computer to do the job of multiple computers. Virtual environments let one computer host multiple operating systems at the

More information

Enabling Technologies for Distributed Computing

Enabling Technologies for Distributed Computing Enabling Technologies for Distributed Computing Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF Multi-core CPUs and Multithreading Technologies

More information

Security Implications of Different Virtualization Approaches for Secure Cyber Architectures

Security Implications of Different Virtualization Approaches for Secure Cyber Architectures Security Implications of Different Virtualization Approaches for Secure Cyber Architectures Sanaz Rahimi and Mehdi Zargham Department of Computer Science Southern Illinois University Carbondale, IL Email:

More information

Virtualization Technologies (ENCS 691K Chapter 3)

Virtualization Technologies (ENCS 691K Chapter 3) Virtualization Technologies (ENCS 691K Chapter 3) Roch Glitho, PhD Associate Professor and Canada Research Chair My URL - http://users.encs.concordia.ca/~glitho/ The Key Technologies on Which Cloud Computing

More information

9/26/2011. What is Virtualization? What are the different types of virtualization.

9/26/2011. What is Virtualization? What are the different types of virtualization. CSE 501 Monday, September 26, 2011 Kevin Cleary kpcleary@buffalo.edu What is Virtualization? What are the different types of virtualization. Practical Uses Popular virtualization products Demo Question,

More information

Survey on virtual machine security

Survey on virtual machine security Survey on virtual machine security Bright Prabahar P Post Graduate Scholar Karunya university Bijolin Edwin E Assistant professor Karunya university Abstract Virtualization takes a major role in cloud

More information

Virtual machines and operating systems

Virtual machines and operating systems V i r t u a l m a c h i n e s a n d o p e r a t i n g s y s t e m s Virtual machines and operating systems Krzysztof Lichota lichota@mimuw.edu.pl A g e n d a Virtual machines and operating systems interactions

More information

Enabling Technologies for Distributed and Cloud Computing

Enabling Technologies for Distributed and Cloud Computing Enabling Technologies for Distributed and Cloud Computing Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF Multi-core CPUs and Multithreading

More information

A Survey on Virtual Machine Security

A Survey on Virtual Machine Security A Survey on Virtual Machine Security Jenni Susan Reuben Helsinki University of Technology jreubens@cc.hut.fi Abstract Virtualization plays a major role in helping the organizations to reduce the operational

More information

Virtual Machine Security

Virtual Machine Security Virtual Machine Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ 1 Operating System Quandary Q: What is the primary goal

More information

Basics in Energy Information (& Communication) Systems Virtualization / Virtual Machines

Basics in Energy Information (& Communication) Systems Virtualization / Virtual Machines Basics in Energy Information (& Communication) Systems Virtualization / Virtual Machines Dr. Johann Pohany, Virtualization Virtualization deals with extending or replacing an existing interface so as to

More information

Uses for Virtual Machines. Virtual Machines. There are several uses for virtual machines:

Uses for Virtual Machines. Virtual Machines. There are several uses for virtual machines: Virtual Machines Uses for Virtual Machines Virtual machine technology, often just called virtualization, makes one computer behave as several computers by sharing the resources of a single computer between

More information

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University Virtual Machine Monitors Dr. Marc E. Fiuczynski Research Scholar Princeton University Introduction Have been around since 1960 s on mainframes used for multitasking Good example VM/370 Have resurfaced

More information

The Xen of Virtualization

The Xen of Virtualization The Xen of Virtualization Assignment for CLC-MIRI Amin Khan Universitat Politècnica de Catalunya March 4, 2013 Amin Khan (UPC) Xen Hypervisor March 4, 2013 1 / 19 Outline 1 Introduction 2 Architecture

More information

Hypervisors and Virtual Machines

Hypervisors and Virtual Machines Hypervisors and Virtual Machines Implementation Insights on the x86 Architecture DON REVELLE Don is a performance engineer and Linux systems/kernel programmer, specializing in high-volume UNIX, Web, virtualization,

More information

Hypervisor Software and Virtual Machines. Professor Howard Burpee SMCC Computer Technology Dept.

Hypervisor Software and Virtual Machines. Professor Howard Burpee SMCC Computer Technology Dept. Hypervisor Software and Virtual Machines Learning Objectives Understand the common features of today s desktop virtualization products Select and implement a desktop virtualization option on a Linux, Mac,

More information

Virtualization. Jia Rao Assistant Professor in CS http://cs.uccs.edu/~jrao/

Virtualization. Jia Rao Assistant Professor in CS http://cs.uccs.edu/~jrao/ Virtualization Jia Rao Assistant Professor in CS http://cs.uccs.edu/~jrao/ What is Virtualization? Virtualization is the simulation of the software and/ or hardware upon which other software runs. This

More information

Security technology of system virtualization platform

Security technology of system virtualization platform Security technology of system virtualization platform Dr. Qingni Shen Peking University Intel UPO Supported Main Points Security analysis of system virtualization platform Security architecture of VMM

More information

Chapter 2 Addendum (More on Virtualization)

Chapter 2 Addendum (More on Virtualization) Chapter 2 Addendum (More on Virtualization) Roch Glitho, PhD Associate Professor and Canada Research Chair My URL - http://users.encs.concordia.ca/~glitho/ More on Systems Virtualization Type I (bare metal)

More information

Cloud Computing #6 - Virtualization

Cloud Computing #6 - Virtualization Cloud Computing #6 - Virtualization Main source: Smith & Nair, Virtual Machines, Morgan Kaufmann, 2005 Today What do we mean by virtualization? Why is it important to cloud? What is the penalty? Current

More information

Hardware enhanced Security in Cloud Compu8ng. Cloud Compu8ng (Public IaaS)

Hardware enhanced Security in Cloud Compu8ng. Cloud Compu8ng (Public IaaS) Hardware enhanced Security in Cloud Compu8ng Ruby B. Lee Princeton University ARO workshop on Cloud Security, March 11, 2013 Cloud Compu8ng (Public IaaS) End Users Cloud Provider Guest VMs Cloud Customer

More information

CSE 501 Monday, September 09, 2013 Kevin Cleary kpcleary@buffalo.edu

CSE 501 Monday, September 09, 2013 Kevin Cleary kpcleary@buffalo.edu CSE 501 Monday, September 09, 2013 Kevin Cleary kpcleary@buffalo.edu What is Virtualization? Practical Uses What can be virtualized Popular virtualization products Demo Question, answer, discussion Can

More information

SURVEY ON VIRTUALIZATION VULNERABILITIES

SURVEY ON VIRTUALIZATION VULNERABILITIES SURVEY ON VIRTUALIZATION VULNERABILITIES Indumathy M Department of MCA, Acharya Institute of Technology, Bangalore, (India) ABSTRACT Virtualization plays a major role in serving the organizations to reduce

More information

GUEST OPERATING SYSTEM BASED PERFORMANCE COMPARISON OF VMWARE AND XEN HYPERVISOR

GUEST OPERATING SYSTEM BASED PERFORMANCE COMPARISON OF VMWARE AND XEN HYPERVISOR GUEST OPERATING SYSTEM BASED PERFORMANCE COMPARISON OF VMWARE AND XEN HYPERVISOR ANKIT KUMAR, SAVITA SHIWANI 1 M. Tech Scholar, Software Engineering, Suresh Gyan Vihar University, Rajasthan, India, Email:

More information

Virtualization. Michael Tsai 2015/06/08

Virtualization. Michael Tsai 2015/06/08 Virtualization Michael Tsai 2015/06/08 What is virtualization? Let s first look at a video from VMware http://bcove.me/x9zhalcl Problems? Low utilization Different needs DNS DHCP Web mail 5% 5% 15% 8%

More information

Distributed and Cloud Computing

Distributed and Cloud Computing Distributed and Cloud Computing K. Hwang, G. Fox and J. Dongarra Chapter 3: Virtual Machines and Virtualization of Clusters and datacenters Adapted from Kai Hwang University of Southern California March

More information

OS Virtualization. CSC 456 Final Presentation Brandon D. Shroyer

OS Virtualization. CSC 456 Final Presentation Brandon D. Shroyer OS Virtualization CSC 456 Final Presentation Brandon D. Shroyer Introduction Virtualization: Providing an interface to software that maps to some underlying system. A one-to-one mapping between a guest

More information

Virtual Machines. COMP 3361: Operating Systems I Winter 2015 http://www.cs.du.edu/3361

Virtual Machines. COMP 3361: Operating Systems I Winter 2015 http://www.cs.du.edu/3361 s COMP 3361: Operating Systems I Winter 2015 http://www.cs.du.edu/3361 1 Virtualization! Create illusion of multiple machines on the same physical hardware! Single computer hosts multiple virtual machines

More information

Introduction to Virtualization

Introduction to Virtualization Introduction to Virtualization Dr. Qingni Shen Peking University Intel UPO Supported Main Points Status and trends in data center Definition of virtualization Common types of virtualization Key technologies

More information

Outline. Outline. Why virtualization? Why not virtualize? Today s data center. Cloud computing. Virtual resource pool

Outline. Outline. Why virtualization? Why not virtualize? Today s data center. Cloud computing. Virtual resource pool Outline CS 6V81-05: System Security and Malicious Code Analysis Overview of System ization: The most powerful platform for program analysis and system security Zhiqiang Lin Department of Computer Science

More information

Lecture 2 Cloud Computing & Virtualization. Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu

Lecture 2 Cloud Computing & Virtualization. Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu Lecture 2 Cloud Computing & Virtualization Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu Outline Introduction to Virtualization The Major Approaches

More information

Intro to Virtualization

Intro to Virtualization Cloud@Ceid Seminars Intro to Virtualization Christos Alexakos Computer Engineer, MSc, PhD C. Sysadmin at Pattern Recognition Lab 1 st Seminar 19/3/2014 Contents What is virtualization How it works Hypervisor

More information

Implementing Security on virtualized network storage environment

Implementing Security on virtualized network storage environment International Journal of Education and Research Vol. 2 No. 4 April 2014 Implementing Security on virtualized network storage environment Benard O. Osero, David G. Mwathi Chuka University bosero@chuka.ac.ke

More information

Trusted Virtual Datacenter Radically simplified security management

Trusted Virtual Datacenter Radically simplified security management IBM T. J. Watson Research Center Trusted Virtual Datacenter Radically simplified security management Stefan Berger, Ramón Cáceres, Dimitrios Pendarakis, Reiner Sailer, Ray Valdez Secure Systems Department,

More information

Application Performance in the Cloud, and its Relationship to QoS

Application Performance in the Cloud, and its Relationship to QoS Application Performance in the Cloud, and its Relationship to QoS Fall 2010 First, Last Someone@my.csun.edu Student ID: xxxxxxxxx September 22, 2010 Committee Chair: Dr. Shan Barkataki Approved by: Committee

More information

PERFORMANCE ANALYSIS OF KERNEL-BASED VIRTUAL MACHINE

PERFORMANCE ANALYSIS OF KERNEL-BASED VIRTUAL MACHINE PERFORMANCE ANALYSIS OF KERNEL-BASED VIRTUAL MACHINE Sudha M 1, Harish G M 2, Nandan A 3, Usha J 4 1 Department of MCA, R V College of Engineering, Bangalore : 560059, India sudha.mooki@gmail.com 2 Department

More information

Towards Trustworthy Architectures for Secure Cloud Servers and End-User Devices

Towards Trustworthy Architectures for Secure Cloud Servers and End-User Devices Towards Trustworthy Architectures for Secure Cloud Servers and End-User Devices Jakub Szefer and Prof. Ruby B. Lee Princeton University http://palms.princeton.edu/ 2013-03-11 ARO Invitational Workshop

More information

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation Securing your Virtual Datacenter Part 1: Preventing, Mitigating Privilege Escalation Before We Start... Today's discussion is by no means an exhaustive discussion of the security implications of virtualization

More information

IOS110. Virtualization 5/27/2014 1

IOS110. Virtualization 5/27/2014 1 IOS110 Virtualization 5/27/2014 1 Agenda What is Virtualization? Types of Virtualization. Advantages and Disadvantages. Virtualization software Hyper V What is Virtualization? Virtualization Refers to

More information

Data Centers and Cloud Computing

Data Centers and Cloud Computing Data Centers and Cloud Computing CS377 Guest Lecture Tian Guo 1 Data Centers and Cloud Computing Intro. to Data centers Virtualization Basics Intro. to Cloud Computing Case Study: Amazon EC2 2 Data Centers

More information

Introduction to Virtualization & KVM

Introduction to Virtualization & KVM Introduction to Virtualization & KVM By Zahra Moezkarimi ICT Research Institute Software Platform Laboratory Outline Virtualization History Overview Advantages and Limitations Types of virtualization Virtualization

More information

Virtualization for Cloud Computing

Virtualization for Cloud Computing Virtualization for Cloud Computing Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF CLOUD COMPUTING On demand provision of computational resources

More information

Operating Systems Design 23. Virtualization

Operating Systems Design 23. Virtualization Operating Systems Design 23. Virtualization Paul Krzyzanowski pxk@cs.rutgers.edu 1 Virtualization Memory virtualization Process feels like it has its own address space Created by MMU, configured by OS

More information

CS 695 Topics in Virtualization and Cloud Computing. More Introduction + Processor Virtualization

CS 695 Topics in Virtualization and Cloud Computing. More Introduction + Processor Virtualization CS 695 Topics in Virtualization and Cloud Computing More Introduction + Processor Virtualization (source for all images: Virtual Machines: Versatile Platforms for Systems and Processes Morgan Kaufmann;

More information

KVM - The kernel-based virtual machine

KVM - The kernel-based virtual machine KVM - The kernel-based virtual machine Timo Hirt timohirt@gmx.de 13. Februar 2010 Abstract Virtualization has been introduced in the 1960s, when computing systems were large and expensive to operate. It

More information

Analysis on Virtualization Technologies in Cloud

Analysis on Virtualization Technologies in Cloud Analysis on Virtualization Technologies in Cloud 1 V RaviTeja Kanakala, V.Krishna Reddy, K.Thirupathi Rao 1 Research Scholar, Department of CSE, KL University, Vaddeswaram, India I. Abstract Virtualization

More information

Clouds, Virtualization and Security or Look Out Below

Clouds, Virtualization and Security or Look Out Below Clouds, Virtualization and Security or Look Out Below Lee Badger Hardware Virtualization (Box View) 1 2 dom0 HW type 1 Para-virtualization I/O Host HW type 2 dom0 HW type 1 Full virtualization I/O Host

More information

Introduction to Virtual Machines

Introduction to Virtual Machines Introduction to Virtual Machines Carl Waldspurger (SB SM 89, PhD 95), VMware R&D 2010 VMware Inc. All rights reserved Overview Virtualization and VMs Processor Virtualization Memory Virtualization I/O

More information

Virtualization with Windows

Virtualization with Windows Virtualization with Windows at CERN Juraj Sucik, Emmanuel Ormancey Internet Services Group Agenda Current status of IT-IS group virtualization service Server Self Service New virtualization features in

More information

Security Model for VM in Cloud

Security Model for VM in Cloud Security Model for VM in Cloud 1 Venkataramana.Kanaparti, 2 Naveen Kumar R, 3 Rajani.S, 4 Padmavathamma M, 5 Anitha.C 1,2,3,5 Research Scholars, 4Research Supervisor 1,2,3,4,5 Dept. of Computer Science,

More information

Virtualization and Cloud Computing

Virtualization and Cloud Computing Virtualization and Cloud Computing Security is a Process, not a Product Guillermo Macias CIP Security Auditor, Sr. Virtualization Purpose of Presentation: To inform entities about the importance of assessing

More information

Virtualization. P. A. Wilsey. The text highlighted in green in these slides contain external hyperlinks. 1 / 16

Virtualization. P. A. Wilsey. The text highlighted in green in these slides contain external hyperlinks. 1 / 16 Virtualization P. A. Wilsey The text highlighted in green in these slides contain external hyperlinks. 1 / 16 Conventional System Viewed as Layers This illustration is a common presentation of the application/operating

More information

Virtual Machines. Virtualization

Virtual Machines. Virtualization Virtual Machines Marie Roch Tanenbaum 8.3 contains slides from: Tanenbaum 3 rd ed. 2008 1 Virtualization Started with the IBM System/360 in the 1960s Basic concept simulate multiple copies of the underlying

More information

Virtual Switching Without a Hypervisor for a More Secure Cloud

Virtual Switching Without a Hypervisor for a More Secure Cloud ing Without a for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton) 1 Public Cloud Infrastructure Cloud providers offer computing resources

More information

System Virtual Machines

System Virtual Machines System Virtual Machines Introduction Key concepts Resource virtualization processors memory I/O devices Performance issues Applications 1 Introduction System virtual machine capable of supporting multiple

More information

3.1 IaaS Definition. IaaS: Infrastructure as a Service

3.1 IaaS Definition. IaaS: Infrastructure as a Service 1 3.1 IaaS Definition IaaS: Infrastructure as a Service Through the internet, provide IT server, storage, computing power and other infrastructure capacity to the end users and the service fee based on

More information

Anh Quach, Matthew Rajman, Bienvenido Rodriguez, Brian Rodriguez, Michael Roefs, Ahmed Shaikh

Anh Quach, Matthew Rajman, Bienvenido Rodriguez, Brian Rodriguez, Michael Roefs, Ahmed Shaikh Anh Quach, Matthew Rajman, Bienvenido Rodriguez, Brian Rodriguez, Michael Roefs, Ahmed Shaikh Introduction History, Advantages, Common Uses OS-Level Virtualization Hypervisors Type 1 vs. type 2 hypervisors

More information

VMware Server 2.0 Essentials. Virtualization Deployment and Management

VMware Server 2.0 Essentials. Virtualization Deployment and Management VMware Server 2.0 Essentials Virtualization Deployment and Management . This PDF is provided for personal use only. Unauthorized use, reproduction and/or distribution strictly prohibited. All rights reserved.

More information

Database Virtualization

Database Virtualization Database Virtualization David Fetter Senior MTS, VMware Inc PostgreSQL China 2011 Guangzhou Thanks! Jignesh Shah Staff Engineer, VMware Performance Expert Great Human Being Content Virtualization Virtualized

More information

Virtualization: What does it mean for SAS? Karl Fisher and Clarke Thacher, SAS Institute Inc., Cary, NC

Virtualization: What does it mean for SAS? Karl Fisher and Clarke Thacher, SAS Institute Inc., Cary, NC Paper 347-2009 Virtualization: What does it mean for SAS? Karl Fisher and Clarke Thacher, SAS Institute Inc., Cary, NC ABSTRACT SAS groups virtualization into four categories: Hardware Virtualization,

More information

Installing & Using KVM with Virtual Machine Manager COSC 495

Installing & Using KVM with Virtual Machine Manager COSC 495 Installing & Using KVM with Virtual Machine Manager COSC 495 1 Abstract:. There are many different hypervisors and virtualization software available for use. One commonly use hypervisor in the Linux system

More information

RPM Brotherhood: KVM VIRTUALIZATION TECHNOLOGY

RPM Brotherhood: KVM VIRTUALIZATION TECHNOLOGY RPM Brotherhood: KVM VIRTUALIZATION TECHNOLOGY Syamsul Anuar Abd Nasir Fedora Ambassador Malaysia 1 ABOUT ME Technical Consultant for Warix Technologies - www.warix.my Warix is a Red Hat partner Offers

More information

Attacking Hypervisors via Firmware and Hardware

Attacking Hypervisors via Firmware and Hardware Attacking Hypervisors via Firmware and Hardware Alex Matrosov (@matrosov), Mikhail Gorobets, Oleksandr Bazhaniuk (@ABazhaniuk), Andrew Furtak, Yuriy Bulygin (@c7zero) Advanced Threat Research Agenda Hypervisor

More information

SECURITY IN OPERATING SYSTEM VIRTUALISATION

SECURITY IN OPERATING SYSTEM VIRTUALISATION SECURITY IN OPERATING SYSTEM VIRTUALISATION February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in

More information

Virtualization. Introduction to Virtualization Virtual Appliances Benefits to Virtualization Example Virtualization Products

Virtualization. Introduction to Virtualization Virtual Appliances Benefits to Virtualization Example Virtualization Products Virtualization Originally prepared by Greg Bosch; last modified April 2012 by B. Davison I. Introduction to Virtualization II. Virtual Appliances III. Benefits to Virtualization IV. Example Virtualization

More information

Leveraging Thin Hypervisors for Security on Embedded Systems

Leveraging Thin Hypervisors for Security on Embedded Systems Leveraging Thin Hypervisors for Security on Embedded Systems Christian Gehrmann A part of Swedish ICT What is virtualization? Separation of a resource or request for a service from the underlying physical

More information

Cloud^H^H^H^H^H Virtualization Technology. Andrew Jones (drjones@redhat.com) May 2011

Cloud^H^H^H^H^H Virtualization Technology. Andrew Jones (drjones@redhat.com) May 2011 Cloud^H^H^H^H^H Virtualization Technology Andrew Jones (drjones@redhat.com) May 2011 Outline Promise to not use the word Cloud again...but still give a couple use cases for Virtualization Emulation it's

More information

State-of-the-Art of Virtualization, its Security Threats and Deployment Models

State-of-the-Art of Virtualization, its Security Threats and Deployment Models State-of-the-Art of Virtualization, its Security Threats and Deployment Models Fatma Bazargan, Chan Yeob Yeun, Mohamed Jamal Zemerly Electrical and Computer Engineering Department, Khalifa University of

More information

The Art of Virtualization with Free Software

The Art of Virtualization with Free Software Master on Free Software 2009/2010 {mvidal,jfcastro}@libresoft.es GSyC/Libresoft URJC April 24th, 2010 (cc) 2010. Some rights reserved. This work is licensed under a Creative Commons Attribution-Share Alike

More information

Secure Private Cloud Architecture for Mobile Infrastructure as a Service

Secure Private Cloud Architecture for Mobile Infrastructure as a Service 2012 IEEE Eighth World Congress on Services Secure Private Cloud Architecture for Mobile Infrastructure as a Service Susmita Horrow Department of mathematics IIT Roorkee, India hsusmita4@gmail.com Sanchika

More information

CIT 668: System Architecture

CIT 668: System Architecture CIT 668: System Architecture Cloud Security Topics 1. The Same Old Security Problems 2. Virtualization Security 3. New Security Issues and Threat Model 4. Data Security 5. Amazon Cloud Security Data Loss

More information

Jukka Ylitalo Tik-79.5401 TKK, April 24, 2006

Jukka Ylitalo Tik-79.5401 TKK, April 24, 2006 Rich Uhlig, et.al, Intel Virtualization Technology, Computer, published by the IEEE Computer Society, Volume 38, Issue 5, May 2005. Pages 48 56. Jukka Ylitalo Tik-79.5401 TKK, April 24, 2006 Outline of

More information