Privacy Protection in Virtualized Multi-tenant Cloud: Software and Hardware Approaches
|
|
- Gladys Chase
- 8 years ago
- Views:
Transcription
1 Privacy Protection in Virtualized Multi-tenant Cloud: Software and Hardware Approaches Haibo Chen Institute of Parallel and Distributed Systems Shanghai Jiao Tong University
2 A Review on a Keynote Speech by Justin Ratter in ISCA 2008
3 Integrated Approach to CA & OS?
4 This Talk Identify security issues with current cloud platform Describe two approaches to privacy protection of VMs Software approach: nested virtualization Hardware approach: secure processor A case of hybrid approach to systems research
5 Security Issues with Current Cloud Platform
6 Virtualization: enabling the cloud VM Image Control VM User VM User VM User VM User Auth. & Payment VMM
7 Can we simply believe in cloud? Is this bubble trustworthy?
8 Security Concerns in Cloud IDC Survey on Cloud 8
9 7 Threats of Cloud Security [Gartner 08] Privileged operator access Regulatory compliance Data location Data segregation Recovery Investigative support Long-term viability 9
10 Why we cannot trivially believe in multi-tenant cloud?
11 Reason#1: curious or malicious operators..., peeking in on s, chats and Google Talk call logs for several months
12 Reason#2: huge TCB for cloud KLOCs Xen Code Size Control VM Tools Kernel Guest VM VMM Trusted Compu-ng Base 0 VMM Dom0 Kernel Tools TCB The TCB is growing to 9 Million LOCs by 2011 One point of penetragon leads to full compromise 37 security issues are found in Xen and 53 in VMWare by Oct [CVE 12] The virtualiza-on stack should be untrusted
13 How Can You Break Virtualization Layer? Oper at or Management VM Kernel 2 Guest VM Guest VM Guest VM 1 at t ac ki ng s ur f ac e at t ac k VMM Hardware
14 Result: Limited Security Guarantees in Public Cloud Amazon AWS User Agreement, 2010 MicrosoB Windows Azure PlaJorm Privacy Statement, Mar 2011
15 Outline Overall Idea Software-based Protection CloudVisor: privacy protection of VMs in multi-tenant cloud with nested virtualization (SOSP 2011) Hardware-based Protection HyperCoffer: processor-rooted trust for guest VM protection (HPCA 2013)
16 A Design Principle Any problem in computer science can be solved with another level of indirection. David Wheeler in Butler Lampson s 1992 ACM Turing Award speech
17 Functionality of Virtualization- Layer Major functionality Resource management: manage memory, devices and CPU cores Multi-tenancy: multiplexing hardware resources to tenants, i.e., creating/running multiple VMs Cloud management: VM save, clone, migration Minor functionality Security protection (e.g., isolation, access control) Unfortunately, they are intertwined together in the same hypervisor-layer Forming a large trusted computing base (TCB)
18 Main Idea Minimize TCB (Trusted Computing Base) Privileged operator access is the top threat [Gartner 08] The hypervisor layer is getting more complex and vulnerable Add another layer of indirection Separate security protection from other main functionalities Software-based protection: nested virtualization Add one thin layer below the hypervisor: CloudVisor Hardware-based protection: reducing TCB to a secure processor Leverage a secure processor to do security and privacy protection 18
19 CloudVisor: Security Protection of Virtual Machines Using a Nested Hypervisor
20 Goal of CloudVisor Defend again curious or malicious cloud operators Ensure privacy and integrity of a tenant s VM Transparent with existing cloud infrastructure Little or no changes to virtualization stack (OS, VMM) Minimized TCB for cloud Easy to verify correctness (e.g., formal verification) Non-goals Side-channel attacks, exploiting a user-vm from network, Execution correctness of a VM
21 Observation and idea Key observation: protection logics for VMs are mostly fixed Idea: separate resource management from security protection CloudVisor: another layer of indirection Responsible for security protection of VMs (Unmodified) VMM VM multiplexing and management Result Minimized TCB VMM and CloudVisor separately designed and evolved
22 Architecture (logically) of CloudVisor
23 VM protection approach Bootstrap CPU states Memory Pages I/O data Intel TXT for late launch CloudVisor Hash of CloudVisor is stored in TPM Interpose control switches between VMM and VM (i.e., VMExit) Interpose address translagon from guest physical address to host physical address Transparent whole VM image encrypgon Decrypt/encrypt I/O data in CloudVisor See our paper for more details
24 Implementation Xen VMM Run unmodified Windows, Linux Virtual Machine 1 LOC change to Xen to late launch CloudVisor 100 LOCs patch to Xen to reduce VMExit (Optional) Run on SMP and support SMP VMs 5500 LOCs small TCB, might be suitable for formal verification
25 Performance Normalized Slowdown Compared to Xen % 0.2% 2.6% 1.9% 2.7% Xen CV 0 KBuild apache SPECjbb memcached Average Average slowdown 2.7%
26 Remaining Issues What if an adversary break into hardware?
27 Physical Threats can be Real Hardware Maintenance Thousands of machine failures per year [Schroeder et al, SIGMETRICS 09] in a datacenter Replacement of memory and disk has becomes daily routine Data Residual Memory bus sniffer Non-volatile memory Cold-boot attack [Halderman 09] Surveillance camera is NOT Enough! 27
28 HyperCoffer: Processor-Rooted Transparent Protection of VMs HyperCoffer
29 Goal: Minimalize TCB to Processor Trusted Untrusted Dom-0 VM-1 VM-2 Dom-0 VM-1 VM-2 Software Hypervisor Hypervisor Hardware CPU Memory Bus Sec-CPU Memory Bus Disk NIC Other Disk NIC Other Traditional System HyperCoffer Reduce TCB to only Secure Processor
30 Background: Secure Processor Previous Work on Secure Processor Data Privacy Data is encrypted outside CPU Data is decrypted only in cache Data Integrity Update hash tree at every write from cache to memory Check hash tree at every read from memory to cache Mainly used to protect application from Untrusted OS 30
31 Address-Independent Seed Encryption Address Data Cache Counter Cache Data (PlainText) Counter XOR PAD Encrypt VM- Key Secure Processor Data (CypherText) Counters 31
32 Secure Processor: Merkle Hash Tree Secure Processor Root Data (CypherText) Counters Hash 32
33 Secure Processor: Bonsai Merkle Tree Secure Processor Root Data (CypherText) Counters Hash 33
34 Prior Hardware Approaches Not really considers systems issues HyperWall (ASPLOS 12) requires an OS to specify which pages should be protected Ignore complex interactions between hypervisor and guest VM Not compatible with existing VM operations H-SVM (MICRO 11) Use microprogram to do memory isolation, no defense against hardware attacks Require OS to designate which memory is protected or not Most others focus on fine-grained protection of applications or app modules (e.g., SecureME, Bastion)
35 Challenges 1. Interaction between hypervisor and VMs Selectively expose fields of CPU context to the hypervisor Auxiliary info for instruction emulation (e.g. guest page table) I/O emulation for both disk and NIC 2. Backward compatibility with existing OS Minimize the cost of deployment 3. Supporting VM operations Not limited by data structure on the chip HyperCoffer Retains OS-transparency with VM-Shim
36 Design Overview VM-1 VM-2 App App Guest Mode OS OS Data Exchange Shim Mode Shim Shim Data Exchange Host Mode Hypervisor I/O Dev Memory Secure CPU 36
37 Design Overview 1. Complete Isolation VM-Table to support multiple VMs Tagged cache for different VMs Dedicated EPT memory 2. Controlled Interaction VM-Shim: Control Interposition Shim mode VM-Shim: Data Interaction 3 types of interactive data 37
38 STEP-1: COMPLETE ISOLATION 38
39 Leveraging Secure Processor Data Privacy: AISE All the data in VM is encrypted Different VM has different key VM-keys are saved in-chip Malicious hypervisor/hardware cannot read VM data Data Integrity: BMT BMT (Bonsai Merkel Tree) Root hash is saved in-chip Every memory read will check hash value Every memory write will update BMT 39
40 VM-Table VM-Table Contents Each running VM has one entry Each entry contains a K VM and vm_vector Kvm is used to encrypt VM, it is per-vm based vm_vector contains VM info for secure processor, used to verify a VM image E.g., the root hash of the BMT VM-Table is saved in a preserved memory region in encrypted form 40
41 BMT & AISE are NOT Enough 1. Inter-VM Remapping Attack Malicious hypervisor remaps VM-A s page to VM-B If the data of the page is in cache, then VM-B gets it VM- A EPT VM- B EPT CPU GPA Cache- line HPA Problem: data in cache is plaintext Memory Solution: tag cache-line with VMID 41
42 BMT & AISE are NOT Enough 2. Intra-VM Remapping Attack Malicious hypervisor remaps a VM s page-a to page-b If the data is in cache, then two pages are switched GPA A B A B HPA X Y X Y Solution: dedicated memory for EPT Flush cache when EPT is changed Optimization: lazy TLB flushing only at n-tlb missing 42
43 STEP-2: CONTROLLED INTERACTION 43
44 VM-Shim Mode VM-Shim A piece of code runs between hypervisor & VM Exchange data for the two VMExit VM Shim-Mode Shim-Mode can access VM s data VM cannot access Shim s data Shim 3 Hypervisor 44
45 VM-Shim: Data Interaction Specification of Interactive Data Describe the format of interactive data to store then Our implementation: use shim s memory Two New Instructions raw_st: store data without encryption raw_ld: load data without integrity check VM s Memory CPU Context Shim s Memory InteracGve Data Encrypted Plaintext 45
46 VM-Shim: Interactive Data Minimize Interactive Data Different for different VMEXITs Data Specification Communication protocol between hypervisor and shim CPU Context Disk I/O Network I/O Auxiliary Info Register value of guest VMs Meta- data of I/O operagons Both meta- data and I/O data E.g., page table entry, trapped instrucgon 46
47 Example: Trap & Emulate I/O Instruction: in %dx %eax Read from I/O port %dx and put value into %eax CPU VM %dx %eax Shim insn %dx %eax Shim s Memory Hypervisor I/O Dev 47
48 Example: DMA in Network I/O DMA in Network I/O Maintain states by interposition all I/O operations to device Use Shim s own memory as shadow buffer for DMA VM data VM s Memory Shim data Shim s Memory Hypervisor I/O Dev 48
49 On Emulator Based on Qemu Implementation On Real Machine Use hook of VMExit to implement VM-Shim Components User-level agent: 200 LOCs VM-Shim: 1100 LOCs Xen: 180 LOCs 49
50 Evaluation on Simulator Simulator Dinero-IV LLC: 8MB 8-way set-associative Counter Cache: 64KB and 8-way set-associative Cache using LRU replacement, 64-byte block Memory: 512 MB, with latency 350 cycles AES encryption: 80 cycles Virtualization Software Xen-4.0.1, domain-0 with Linux Virtual Machine One or more core, 1GB memory 20GB virtual disk, virtual NIC Unmodified Debian with kernel , x64 Windows XP SP2, x64 50
51 Evaluation on Simulator Normalized Slowdown with Xen (%) AISL+BMT AISL+BMT+Shim
52 Evaluation on Real-Machine Software Xen-4.0.1, domain-0 with Linux Hardware AMD quad-core CPU, 4GB memory 100Mb NIC, 320GB disk Virtual Machine One or more core, 1GB memory 20GB virtual disk, virtual NIC Unmodified Debian with kernel , x64 Windows XP SP2, x64 52
53 Evaluation on Real-Machine Performance Overhead over Xen (%) Single- core Qual- core kbuild dbench netperf memcached specjbb- xp 53
54 Summary Lack security guarantee in multi-tenant cloud A case on integrated approach to computer systems Two software/hardware systems to secure cloud CloudVisor: whole-vm protection with nested hypervisor HyperCoffer: hardware-rooted whole-system security See our papers for more detailed information
55 Thanks CloudVisor/Hypercoffer Ques]ons? One (small) ring to Rule them (cloud) all Institute of Parallel and Distributed Systems
Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?
Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Mr. Jacob Torrey February 26, 2014 Dartmouth College 153 Brooks Road, Rome, NY 315.336.3306 http://ainfosec.com @JacobTorrey
More informationVirtualization Technology. Zhiming Shen
Virtualization Technology Zhiming Shen Virtualization: rejuvenation 1960 s: first track of virtualization Time and resource sharing on expensive mainframes IBM VM/370 Late 1970 s and early 1980 s: became
More informationVirtual Switching Without a Hypervisor for a More Secure Cloud
ing Without a for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton) 1 Public Cloud Infrastructure Cloud providers offer computing resources
More informationMicrokernels, virtualization, exokernels. Tutorial 1 CSC469
Microkernels, virtualization, exokernels Tutorial 1 CSC469 Monolithic kernel vs Microkernel Monolithic OS kernel Application VFS System call User mode What was the main idea? What were the problems? IPC,
More informationFull and Para Virtualization
Full and Para Virtualization Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF x86 Hardware Virtualization The x86 architecture offers four levels
More informationWindows Server Virtualization & The Windows Hypervisor
Windows Server Virtualization & The Windows Hypervisor Brandon Baker Lead Security Engineer Windows Kernel Team Microsoft Corporation Agenda - Windows Server Virtualization (WSV) Why a hypervisor? Quick
More informationCOS 318: Operating Systems. Virtual Machine Monitors
COS 318: Operating Systems Virtual Machine Monitors Kai Li and Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall13/cos318/ Introduction u Have
More informationArchitectural Support for Secure Virtualization under a Vulnerable Hypervisor
Appears in the 44 th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO-44) Architectural Support for Secure Virtualization under a Vulnerable Hypervisor Seongwook Jin, Jeongseob Ahn,
More informationIntel Virtualization Technology Overview Yu Ke
Intel Virtualization Technology Overview Yu Ke SSG System Software Division Agenda Virtualization Overview Intel Virtualization Technology 2 What is Virtualization VM 0 VM 1 VM n Virtual Machines (VMs)
More informationNested Virtualization
Nested Virtualization Dongxiao Xu, Xiantao Zhang, Yang Zhang May 9, 2013 Agenda Nested Virtualization Overview Dive into Nested Virtualization Details Nested CPU Virtualization Nested MMU Virtualization
More informationCompromise-as-a-Service
ERNW GmbH Carl-Bosch-Str. 4 D-69115 Heidelberg 3/31/14 Compromise-as-a-Service Our PleAZURE Felix Wilhelm & Matthias Luft {fwilhelm, mluft}@ernw.de ERNW GmbH Carl-Bosch-Str. 4 D-69115 Heidelberg Agenda
More informationCloud^H^H^H^H^H Virtualization Technology. Andrew Jones (drjones@redhat.com) May 2011
Cloud^H^H^H^H^H Virtualization Technology Andrew Jones (drjones@redhat.com) May 2011 Outline Promise to not use the word Cloud again...but still give a couple use cases for Virtualization Emulation it's
More informationVirtualization. Types of Interfaces
Virtualization Virtualization: extend or replace an existing interface to mimic the behavior of another system. Introduced in 1970s: run legacy software on newer mainframe hardware Handle platform diversity
More informationVirtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University
Virtual Machine Monitors Dr. Marc E. Fiuczynski Research Scholar Princeton University Introduction Have been around since 1960 s on mainframes used for multitasking Good example VM/370 Have resurfaced
More informationUses for Virtual Machines. Virtual Machines. There are several uses for virtual machines:
Virtual Machines Uses for Virtual Machines Virtual machine technology, often just called virtualization, makes one computer behave as several computers by sharing the resources of a single computer between
More informationVirtual Machines. COMP 3361: Operating Systems I Winter 2015 http://www.cs.du.edu/3361
s COMP 3361: Operating Systems I Winter 2015 http://www.cs.du.edu/3361 1 Virtualization! Create illusion of multiple machines on the same physical hardware! Single computer hosts multiple virtual machines
More informationVirtualization. Dr. Yingwu Zhu
Virtualization Dr. Yingwu Zhu What is virtualization? Virtualization allows one computer to do the job of multiple computers. Virtual environments let one computer host multiple operating systems at the
More informationTaming Hosted Hypervisors with (Mostly) Deprivileged Execution
Taming Hosted Hypervisors with (Mostly) Deprivileged Execution Chiachih Wu, Zhi Wang *, Xuxian Jiang North Carolina State University, * Florida State University Virtualization is Widely Used 2 There are
More informationBasics in Energy Information (& Communication) Systems Virtualization / Virtual Machines
Basics in Energy Information (& Communication) Systems Virtualization / Virtual Machines Dr. Johann Pohany, Virtualization Virtualization deals with extending or replacing an existing interface so as to
More informationData Centers and Cloud Computing
Data Centers and Cloud Computing CS377 Guest Lecture Tian Guo 1 Data Centers and Cloud Computing Intro. to Data centers Virtualization Basics Intro. to Cloud Computing Case Study: Amazon EC2 2 Data Centers
More informationEnabling Technologies for Distributed and Cloud Computing
Enabling Technologies for Distributed and Cloud Computing Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF Multi-core CPUs and Multithreading
More informationVirtualization. Jukka K. Nurminen 23.9.2015
Virtualization Jukka K. Nurminen 23.9.2015 Virtualization Virtualization refers to the act of creating a virtual (rather than actual) version of something, including virtual computer hardware platforms,
More informationVirtualization. ! Physical Hardware. ! Software. ! Isolation. ! Software Abstraction. ! Encapsulation. ! Virtualization Layer. !
Starting Point: A Physical Machine Virtualization Based on materials from: Introduction to Virtual Machines by Carl Waldspurger Understanding Intel Virtualization Technology (VT) by N. B. Sahgal and D.
More informationChapter 5 Cloud Resource Virtualization
Chapter 5 Cloud Resource Virtualization Contents Virtualization. Layering and virtualization. Virtual machine monitor. Virtual machine. Performance and security isolation. Architectural support for virtualization.
More informationEnabling Technologies for Distributed Computing
Enabling Technologies for Distributed Computing Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF Multi-core CPUs and Multithreading Technologies
More informationHardware Based Virtualization Technologies. Elsie Wahlig elsie.wahlig@amd.com Platform Software Architect
Hardware Based Virtualization Technologies Elsie Wahlig elsie.wahlig@amd.com Platform Software Architect Outline What is Virtualization? Evolution of Virtualization AMD Virtualization AMD s IO Virtualization
More informationIntroduction to Virtual Machines
Introduction to Virtual Machines Carl Waldspurger (SB SM 89, PhD 95), VMware R&D 2010 VMware Inc. All rights reserved Overview Virtualization and VMs Processor Virtualization Memory Virtualization I/O
More informationComputer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk
About PaaS Security Donghoon Kim Henry E. Schaffer Mladen A. Vouk North Carolina State University, USA May 21, 2015 @ ICACON 2015 Outline Introduction Background Contribution PaaS Vulnerabilities and Countermeasures
More informationSecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes!
SecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes! Kun Sun, Jiang Wang, Fengwei Zhang, Angelos Stavrou! Center for Secure Information Systems! George Mason University!
More informationKnut Omang Ifi/Oracle 19 Oct, 2015
Software and hardware support for Network Virtualization Knut Omang Ifi/Oracle 19 Oct, 2015 Motivation Goal: Introduction to challenges in providing fast networking to virtual machines Prerequisites: What
More informationCloud Computing. Dipl.-Wirt.-Inform. Robert Neumann
Cloud Computing Dipl.-Wirt.-Inform. Robert Neumann Pre-Cloud Provisioning Provisioned IT Capacity Load Forecast IT Capacity Overbuy Underbuy Fixed Cost for Capacity Investment Hurdle Real Load Time 144
More informationCS 695 Topics in Virtualization and Cloud Computing and Storage Systems. Introduction
CS 695 Topics in Virtualization and Cloud Computing and Storage Systems Introduction Hot or not? source: Gartner Hype Cycle for Emerging Technologies, 2014 2 Source: http://geekandpoke.typepad.com/ 3 Cloud
More informationSurvey on virtual machine security
Survey on virtual machine security Bright Prabahar P Post Graduate Scholar Karunya university Bijolin Edwin E Assistant professor Karunya university Abstract Virtualization takes a major role in cloud
More informationSecuring your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation
Securing your Virtual Datacenter Part 1: Preventing, Mitigating Privilege Escalation Before We Start... Today's discussion is by no means an exhaustive discussion of the security implications of virtualization
More informationOutline. Outline. Why virtualization? Why not virtualize? Today s data center. Cloud computing. Virtual resource pool
Outline CS 6V81-05: System Security and Malicious Code Analysis Overview of System ization: The most powerful platform for program analysis and system security Zhiqiang Lin Department of Computer Science
More informationVirtualization. P. A. Wilsey. The text highlighted in green in these slides contain external hyperlinks. 1 / 16
Virtualization P. A. Wilsey The text highlighted in green in these slides contain external hyperlinks. 1 / 16 Conventional System Viewed as Layers This illustration is a common presentation of the application/operating
More informationLecture 2 Cloud Computing & Virtualization. Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu
Lecture 2 Cloud Computing & Virtualization Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu Outline Introduction to Virtualization The Major Approaches
More informationVirtualization. Pradipta De pradipta.de@sunykorea.ac.kr
Virtualization Pradipta De pradipta.de@sunykorea.ac.kr Today s Topic Virtualization Basics System Virtualization Techniques CSE506: Ext Filesystem 2 Virtualization? A virtual machine (VM) is an emulation
More informationSelf-service Cloud Computing
Self-service Cloud Computing Published in Proceedings of ACM CCS 12 Shakeel Butt shakeelb@cs.rutgers.edu Abhinav Srivastava abhinav@research.att.com H. Andres Lagar-Cavilla andres@lagarcavilla.org Vinod
More informationCloud Architecture and Virtualisation. Lecture 4 Virtualisation
Cloud Architecture and Virtualisation Lecture 4 Virtualisation TOC Introduction to virtualisation Layers and interfaces Virtual machines and virtual machine managers Hardware support Security 2 Virtualisation
More informationVirtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies
Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies Kurt Klemperer, Principal System Performance Engineer kklemperer@blackboard.com Agenda Session Length:
More informationVirtual machines and operating systems
V i r t u a l m a c h i n e s a n d o p e r a t i n g s y s t e m s Virtual machines and operating systems Krzysztof Lichota lichota@mimuw.edu.pl A g e n d a Virtual machines and operating systems interactions
More informationVirtualization System Vulnerability Discovery Framework. Speaker: Qinghao Tang Title:360 Marvel Team Leader
Virtualization System Vulnerability Discovery Framework Speaker: Qinghao Tang Title:360 Marvel Team Leader 1 360 Marvel Team Established in May 2015, the first professional could computing and virtualization
More informationVirtualization. Jia Rao Assistant Professor in CS http://cs.uccs.edu/~jrao/
Virtualization Jia Rao Assistant Professor in CS http://cs.uccs.edu/~jrao/ What is Virtualization? Virtualization is the simulation of the software and/ or hardware upon which other software runs. This
More informationVMware and CPU Virtualization Technology. Jack Lo Sr. Director, R&D
ware and CPU Virtualization Technology Jack Lo Sr. Director, R&D This presentation may contain ware confidential information. Copyright 2005 ware, Inc. All rights reserved. All other marks and names mentioned
More informationCOS 318: Operating Systems. Virtual Machine Monitors
COS 318: Operating Systems Virtual Machine Monitors Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall10/cos318/ Introduction Have been around
More informationVirtualization in Linux KVM + QEMU
CS695 Topics in Virtualization and Cloud Computing KVM + QEMU Senthil, Puru, Prateek and Shashank 1 Topics covered KVM and QEMU Architecture VTx support CPU virtualization in KMV Memory virtualization
More information9/26/2011. What is Virtualization? What are the different types of virtualization.
CSE 501 Monday, September 26, 2011 Kevin Cleary kpcleary@buffalo.edu What is Virtualization? What are the different types of virtualization. Practical Uses Popular virtualization products Demo Question,
More informationSUSE Linux Enterprise 10 SP2: Virtualization Technology Support
Technical White Paper LINUX OPERATING SYSTEMS www.novell.com SUSE Linux Enterprise 10 SP2: Virtualization Technology Support Content and modifications. The contents of this document are not part of the
More informationVMkit A lightweight hypervisor library for Barrelfish
Masters Thesis VMkit A lightweight hypervisor library for Barrelfish by Raffaele Sandrini Due date 2 September 2009 Advisors: Simon Peter, Andrew Baumann, and Timothy Roscoe ETH Zurich, Systems Group Department
More informationRPM Brotherhood: KVM VIRTUALIZATION TECHNOLOGY
RPM Brotherhood: KVM VIRTUALIZATION TECHNOLOGY Syamsul Anuar Abd Nasir Fedora Ambassador Malaysia 1 ABOUT ME Technical Consultant for Warix Technologies - www.warix.my Warix is a Red Hat partner Offers
More informationVirtualizing a Virtual Machine
Virtualizing a Virtual Machine Azeem Jiva Shrinivas Joshi AMD Java Labs TS-5227 Learn best practices for deploying Java EE applications in virtualized environment 2008 JavaOne SM Conference java.com.sun/javaone
More informationDistributed and Cloud Computing
Distributed and Cloud Computing K. Hwang, G. Fox and J. Dongarra Chapter 3: Virtual Machines and Virtualization of Clusters and datacenters Adapted from Kai Hwang University of Southern California March
More informationStephen Coty Director, Threat Research
Emerging threats facing Cloud Computing Stephen Coty Director, Threat Research Cloud Environments 101 Cloud Adoption is Gaining Momentum Cloud market revenue will increase at a 36% annual rate Analyst
More informationBasics of Virtualisation
Basics of Virtualisation Volker Büge Institut für Experimentelle Kernphysik Universität Karlsruhe Die Kooperation von The x86 Architecture Why do we need virtualisation? x86 based operating systems are
More informationVirtualization. P. A. Wilsey. The text highlighted in green in these slides contain external hyperlinks. 1 / 16
1 / 16 Virtualization P. A. Wilsey The text highlighted in green in these slides contain external hyperlinks. 2 / 16 Conventional System Viewed as Layers This illustration is a common presentation of the
More informationVirtual Machine Security
Virtual Machine Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ 1 Operating System Quandary Q: What is the primary goal
More informationThe Reduced Address Space (RAS) for Application Memory Authentication
The Reduced Address Space (RAS) for Application Memory Authentication David Champagne, Reouven Elbaz and Ruby B. Lee Princeton University, USA Introduction Background: TPM, XOM, AEGIS, SP, SecureBlue want
More informationChapter 16: Virtual Machines. Operating System Concepts 9 th Edition
Chapter 16: Virtual Machines Silberschatz, Galvin and Gagne 2013 Chapter 16: Virtual Machines Overview History Benefits and Features Building Blocks Types of Virtual Machines and Their Implementations
More informationXen and the Art of Virtualization
Xen and the Art of Virtualization Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauery, Ian Pratt, Andrew Warfield University of Cambridge Computer Laboratory, SOSP
More informationHardware enhanced Security in Cloud Compu8ng. Cloud Compu8ng (Public IaaS)
Hardware enhanced Security in Cloud Compu8ng Ruby B. Lee Princeton University ARO workshop on Cloud Security, March 11, 2013 Cloud Compu8ng (Public IaaS) End Users Cloud Provider Guest VMs Cloud Customer
More informationPerformance tuning Xen
Performance tuning Xen Roger Pau Monné roger.pau@citrix.com Madrid 8th of November, 2013 Xen Architecture Control Domain NetBSD or Linux device model (qemu) Hardware Drivers toolstack netback blkback Paravirtualized
More informationCOM 444 Cloud Computing
COM 444 Cloud Computing Lec 3: Virtual Machines and Virtualization of Clusters and Datacenters Prof. Dr. Halûk Gümüşkaya haluk.gumuskaya@gediz.edu.tr haluk@gumuskaya.com http://www.gumuskaya.com Virtual
More informationVirtualization Technology
Virtualization Technology A Manifold Arms Race Michael H. Warfield Senior Researcher and Analyst mhw@linux.vnet.ibm.com 2008 IBM Corporation Food for Thought Is Virtual Reality an oxymoron or is it the
More informationNested Virtualization
Nested Virtualization State of the art and future directions Bandan Das Yang Z Zhang Jan Kiszka 2 Outline Introduction Changes and Missing Features for AMD Changes and Missing Features for Intel Working
More informationCS 695 Topics in Virtualization and Cloud Computing. Introduction
CS 695 Topics in Virtualization and Cloud Computing Introduction This class What does virtualization and cloud computing mean? 2 Cloud Computing The in-vogue term Everyone including his/her dog want something
More informationNoHype: Virtualized Cloud Infrastructure without the Virtualization
NoHype: Virtualized Cloud Infrastructure without the Virtualization Eric Keller, Jakub Szefer, Jennifer Rexford, Ruby Lee Princeton University ISCA 2010 Virtualized Cloud Infrastructure Run virtual machines
More informationCloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems
Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems Lorenzo Martignoni, Pongsin Poosankam, y Matei Zaharia, Jun Han, y Stephen McCamant, Dawn Song, Vern Paxson, Adrian Perrig,
More informationGUEST OPERATING SYSTEM BASED PERFORMANCE COMPARISON OF VMWARE AND XEN HYPERVISOR
GUEST OPERATING SYSTEM BASED PERFORMANCE COMPARISON OF VMWARE AND XEN HYPERVISOR ANKIT KUMAR, SAVITA SHIWANI 1 M. Tech Scholar, Software Engineering, Suresh Gyan Vihar University, Rajasthan, India, Email:
More informationAre Cache Attacks on Public Clouds Practical?
Are Cache Attacks on Public Clouds Practical? Thomas Eisenbarth Joint work with Gorka Irazoqui, Mehmet Sinan Inci, Berk Gulmezoglu and Berk Sunar WPI - 10/19/2015 Outline Cloud Computing and Isolation
More informationLeveraging Thin Hypervisors for Security on Embedded Systems
Leveraging Thin Hypervisors for Security on Embedded Systems Christian Gehrmann A part of Swedish ICT What is virtualization? Separation of a resource or request for a service from the underlying physical
More informationIOS110. Virtualization 5/27/2014 1
IOS110 Virtualization 5/27/2014 1 Agenda What is Virtualization? Types of Virtualization. Advantages and Disadvantages. Virtualization software Hyper V What is Virtualization? Virtualization Refers to
More informationNetworked I/O for Virtual Machines
Networked I/O for Virtual Machines Approaches and Challenges Muli Ben-Yehuda, Ben-Ami Yassour, Orit Wasserman {muli,benami,oritw}@il.ibm.com IBM Haifa Research Lab Networked I/O for Virtual Machines p.
More informationSurvey On Hypervisors
Survey On Hypervisors Naveed Alam School Of Informatics and Computing Indiana University Bloomington nalam@indiana.edu ABSTRACT Virtual machines are increasing in popularity and are being widely adopted.
More informationApplication Performance in the Cloud, and its Relationship to QoS
Application Performance in the Cloud, and its Relationship to QoS Fall 2010 First, Last Someone@my.csun.edu Student ID: xxxxxxxxx September 22, 2010 Committee Chair: Dr. Shan Barkataki Approved by: Committee
More informationCS 695 Topics in Virtualization and Cloud Computing. More Introduction + Processor Virtualization
CS 695 Topics in Virtualization and Cloud Computing More Introduction + Processor Virtualization (source for all images: Virtual Machines: Versatile Platforms for Systems and Processes Morgan Kaufmann;
More informationThe NOVA Microhypervisor
The NOVA Microhypervisor Germany Microprocessor Lab, Intel Labs Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL
More informationControl your corner of the cloud.
Chapter 1 of 5 Control your corner of the cloud. From the halls of government to the high-rise towers of the corporate world, forward-looking organizations are recognizing the potential of cloud computing
More informationCPET 581 Cloud Computing: Technologies and Enterprise IT Strategies. Virtualization of Clusters and Data Centers
CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies Lecture 4 Virtualization of Clusters and Data Centers Text Book: Distributed and Cloud Computing, by K. Hwang, G C. Fox, and J.J. Dongarra,
More informationHow to Secure Infrastructure Clouds with Trusted Computing Technologies
How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science 2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3.
More informationPractical Protection of Kernel Integrity for Commodity OS from Untrusted Extensions
Practical Protection of Kernel Integrity for Commodity OS from Untrusted Extensions Xi Xiong The Pennsylvania State University xixiong@cse.psu.edu Donghai Tian The Pennsylvania State University Beijing
More informationIntro to Virtualization
Cloud@Ceid Seminars Intro to Virtualization Christos Alexakos Computer Engineer, MSc, PhD C. Sysadmin at Pattern Recognition Lab 1 st Seminar 19/3/2014 Contents What is virtualization How it works Hypervisor
More informationKVM: Kernel-based Virtualization Driver
KVM: Kernel-based Virtualization Driver White Paper Overview The current interest in virtualization has led to the creation of several different hypervisors. Most of these, however, predate hardware-assisted
More informationImproving the Security of Commodity Hypervisors for Cloud Computing
Improving the Security of Commodity Hypervisors for Cloud Computing Anh Nguyen 1, Himanshu Raj, Shravan Rayanchu 2, Stefan Saroiu, and Alec Wolman 1 UIUC, 2 U. of Wisconsin, and MSR Today s cloud computing
More informationHow To Make A Microvisor Fail Safe With Tinychecker
TinyChecker: Transparent Protection of VMs against Hypervisor Failures with Nested Virtualization Cheng Tan,, Yubin Xia, Haibo Chen, Binyu Zang Institute of Parallel and Distributed Systems, Shanghai Jiao
More informationUnderstanding Full Virtualization, Paravirtualization, and Hardware Assist. Introduction...1 Overview of x86 Virtualization...2 CPU Virtualization...
Contents Introduction...1 Overview of x86 Virtualization...2 CPU Virtualization...3 The Challenges of x86 Hardware Virtualization...3 Technique 1 - Full Virtualization using Binary Translation...4 Technique
More informationClouds Under the Covers. Elgazzar - CISC 886 - Fall 2014 1
Clouds Under the Covers KHALID ELGAZZAR GOODWIN 531 ELGAZZAR@CS.QUEENSU.CA Elgazzar - CISC 886 - Fall 2014 1 References Understanding Full Virtualization, Paravirtualization, and Hardware Assist White
More informationVirtualization Technologies
12 January 2010 Virtualization Technologies Alex Landau (lalex@il.ibm.com) IBM Haifa Research Lab What is virtualization? Virtualization is way to run multiple operating systems and user applications on
More informationStACC: St Andrews Cloud Computing Co laboratory. A Performance Comparison of Clouds. Amazon EC2 and Ubuntu Enterprise Cloud
StACC: St Andrews Cloud Computing Co laboratory A Performance Comparison of Clouds Amazon EC2 and Ubuntu Enterprise Cloud Jonathan S Ward StACC (pronounced like 'stack') is a research collaboration launched
More informationSecuring Your Cloud with Xen Project s Advanced Security Features
Securing Your Cloud with Xen Project s Advanced Security Features Russell Pavlicek, Xen Project Evangelist CloudOpen North America 2013 Who is the Old, Fat Geek Up Front? Xen Project Evangelist Employed
More informationA Survey on Virtual Machine Security
A Survey on Virtual Machine Security Jenni Susan Reuben Helsinki University of Technology jreubens@cc.hut.fi Abstract Virtualization plays a major role in helping the organizations to reduce the operational
More informationMulti-core Programming System Overview
Multi-core Programming System Overview Based on slides from Intel Software College and Multi-Core Programming increasing performance through software multi-threading by Shameem Akhter and Jason Roberts,
More informationVirtualization for Cloud Computing
Virtualization for Cloud Computing Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF CLOUD COMPUTING On demand provision of computational resources
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g Virtualization: Architectural Considerations and Implementation Options Virtualization Virtualization is the
More informationVirtualization and Cloud Computing
Virtualization and Cloud Computing Security is a Process, not a Product Guillermo Macias CIP Security Auditor, Sr. Virtualization Purpose of Presentation: To inform entities about the importance of assessing
More informationI/O Virtualization Using Mellanox InfiniBand And Channel I/O Virtualization (CIOV) Technology
I/O Virtualization Using Mellanox InfiniBand And Channel I/O Virtualization (CIOV) Technology Reduce I/O cost and power by 40 50% Reduce I/O real estate needs in blade servers through consolidation Maintain
More informationChapter 14 Virtual Machines
Operating Systems: Internals and Design Principles Chapter 14 Virtual Machines Eighth Edition By William Stallings Virtual Machines (VM) Virtualization technology enables a single PC or server to simultaneously
More informationVirtualization and the U2 Databases
Virtualization and the U2 Databases Brian Kupzyk Senior Technical Support Engineer for Rocket U2 Nik Kesic Lead Technical Support for Rocket U2 Opening Procedure Orange arrow allows you to manipulate the
More informationCloud Computing CS 15-319
Cloud Computing CS 15-319 Virtualization Case Studies : Xen and VMware Lecture 20 Majd F. Sakr, Mohammad Hammoud and Suhail Rehman 1 Today Last session Resource Virtualization Today s session Virtualization
More informationHypervisors and Virtual Machines
Hypervisors and Virtual Machines Implementation Insights on the x86 Architecture DON REVELLE Don is a performance engineer and Linux systems/kernel programmer, specializing in high-volume UNIX, Web, virtualization,
More information