Distributed System Monitoring and Failure Diagnosis using Cooperative Virtual Backdoors

Similar documents
Basics in Energy Information (& Communication) Systems Virtualization / Virtual Machines

Full and Para Virtualization

Virtualization. Types of Interfaces

Virtualization Technology. Zhiming Shen

Microkernels, virtualization, exokernels. Tutorial 1 CSC469

Virtualization. Pradipta De

Hypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:

x86 ISA Modifications to support Virtual Machines

Basics of Virtualisation

Virtual Machine Security

Uses for Virtual Machines. Virtual Machines. There are several uses for virtual machines:

nanohub.org An Overview of Virtualization Techniques

Virtualization for Cloud Computing

Compromise-as-a-Service

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?

Regional SEE-GRID-SCI Training for Site Administrators Institute of Physics Belgrade March 5-6, 2009

The Xen of Virtualization

Is Virtualization Killing SSI Research?

Introduction to Virtual Machines

Cloud Computing CS

kvm: Kernel-based Virtual Machine for Linux

Virtualization. Jukka K. Nurminen

Lecture 2 Cloud Computing & Virtualization. Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu

KVM: A Hypervisor for All Seasons. Avi Kivity avi@qumranet.com

CS 695 Topics in Virtualization and Cloud Computing. More Introduction + Processor Virtualization

Chapter 5 Cloud Resource Virtualization

Virtual Machines. COMP 3361: Operating Systems I Winter

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

Cloud Computing #6 - Virtualization

Is Virtualization Killing SSI Research?

Enabling Technologies for Distributed Computing

Virtualization. Dr. Yingwu Zhu

COS 318: Operating Systems. Virtual Machine Monitors

Chapter 14 Virtual Machines

MODULE 3 VIRTUALIZED DATA CENTER COMPUTE

Detection of virtual machine monitor corruptions

RPM Brotherhood: KVM VIRTUALIZATION TECHNOLOGY

The Art of Virtualization with Free Software

CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies. Virtualization of Clusters and Data Centers

Virtualization Technologies (ENCS 691K Chapter 3)

Virtual Machines.

Virtual Machines. Virtualization

Xen and the Art of. Virtualization. Ian Pratt

Example of Standard API

Enabling Technologies for Distributed and Cloud Computing

Virtualization. Introduction to Virtualization Virtual Appliances Benefits to Virtualization Example Virtualization Products

Virtual machines and operating systems

Distributed Systems. Virtualization. Paul Krzyzanowski

IOS110. Virtualization 5/27/2014 1

Virtualization and the U2 Databases

Models For Modeling and Measuring the Performance of a Xen Virtual Server

Knut Omang Ifi/Oracle 19 Oct, 2015

Virtualization: Concepts, Applications, and Performance Modeling

Hypervisors and Virtual Machines

VMware Server 2.0 Essentials. Virtualization Deployment and Management

Virtualization. ! Physical Hardware. ! Software. ! Isolation. ! Software Abstraction. ! Encapsulation. ! Virtualization Layer. !

Operating Systems Virtualization mechanisms

Chapter 2 Addendum (More on Virtualization)

Virtualization System Vulnerability Discovery Framework. Speaker: Qinghao Tang Title:360 Marvel Team Leader

COM 444 Cloud Computing

matasano Hardware Virtualization Rootkits Dino A. Dai Zovi

Understanding Full Virtualization, Paravirtualization, and Hardware Assist. Introduction...1 Overview of x86 Virtualization...2 CPU Virtualization...

Virtualization. Jia Rao Assistant Professor in CS

How do Users and Processes interact with the Operating System? Services for Processes. OS Structure with Services. Services for the OS Itself

Computing in High- Energy-Physics: How Virtualization meets the Grid

Introduction to Virtualization & KVM

Virtualization. Michael Tsai 2015/06/08

Jukka Ylitalo Tik TKK, April 24, 2006

Virtualization. Explain how today s virtualization movement is actually a reinvention

12. Introduction to Virtual Machines

BHyVe. BSD Hypervisor. Neel Natu Peter Grehan

Cloud Architecture and Virtualisation. Lecture 4 Virtualisation

Data Centers and Cloud Computing

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies

A Survey on Virtual Machine Security

CS5460: Operating Systems. Lecture: Virtualization 2. Anton Burtsev March, 2013

Virtual Servers. Virtual machines. Virtualization. Design of IBM s VM. Virtual machine systems can give everyone the OS (and hardware) that they want.

Multi-core Programming System Overview

Intro to Virtualization

OPEN SOURCE VIRTUALIZATION TRENDS. SYAMSUL ANUAR ABD NASIR Warix Technologies / Fedora Community Malaysia

The QEMU/KVM Hypervisor

Virtualization and Performance NSRC

Hybrid Virtualization The Next Generation of XenLinux

Distributed and Cloud Computing

Operating System Structures

Networking for Caribbean Development

FRONT FLYLEAF PAGE. This page has been intentionally left blank

Hardware Based Virtualization Technologies. Elsie Wahlig Platform Software Architect

Installing & Using KVM with Virtual Machine Manager COSC 495

Date: December 2009 Version: 1.0. How Does Xen Work?

OS Virtualization Frank Hofmann

2972 Linux Options and Best Practices for Scaleup Virtualization

Implementing and Managing Windows Server 2008 Hyper-V

Solaris Virtualization and the Xen Hypervisor Frank Hofmann

Transcription:

Distributed System Monitoring and Failure Diagnosis using Cooperative Virtual Backdoors Benoit Boissinot E.N.S Lyon directed by Christine Morin IRISA/INRIA Rennes Liviu Iftode Rutgers University Phenix Workshop December 2006

Outline 1 Introduction 2 Background 3 Virtual Backdoors 4 Distributed Virtual Backdoors 5 Related Work 6 Conclusion

Outline 1 Introduction 2 Background 3 Virtual Backdoors 4 Distributed Virtual Backdoors 5 Related Work 6 Conclusion

Robust Computing Achieving Robustness better programming execution monitoring

Robust Computing Achieving Robustness better programming execution monitoring Monitoring failures detection attacks detection management load balancing

Monitoring Principles Monitor Properties Non-intrusive: no need to modify the target OS

Monitoring Principles Monitor Properties Non-intrusive: no need to modify the target OS Tamper-proof: no possible intrusion

Monitoring Principles Monitor Properties Non-intrusive: no need to modify the target OS Tamper-proof: no possible intrusion Autonomous: no involvement of the target OS

Monitoring Principles Monitor Properties Non-intrusive: no need to modify the target OS Tamper-proof: no possible intrusion Autonomous: no involvement of the target OS Consistent view of the OS state

Monitoring Principles Monitor Properties Non-intrusive: no need to modify the target OS Tamper-proof: no possible intrusion Autonomous: no involvement of the target OS Consistent view of the OS state Programmable: for flexibility

Monitoring Principles Monitor Properties Non-intrusive: no need to modify the target OS Tamper-proof: no possible intrusion Autonomous: no involvement of the target OS Consistent view of the OS state Programmable: for flexibility Failsafe communications: reliable inter-monitor communications for distributed monitoring

Monitoring Principles (Autonomy) Two ways to obtain autonomy:

Monitoring Principles (Autonomy) Two ways to obtain autonomy: Hardware Isolation External programmable devices with access to the memory:

Monitoring Principles (Autonomy) Two ways to obtain autonomy: Hardware Isolation External programmable devices with access to the memory: PCI devices, Firewire

Monitoring Principles (Autonomy) Two ways to obtain autonomy: Hardware Isolation External programmable devices with access to the memory: PCI devices, Firewire Software Isolation Separate path of execution:

Monitoring Principles (Autonomy) Two ways to obtain autonomy: Hardware Isolation External programmable devices with access to the memory: PCI devices, Firewire Software Isolation Separate path of execution: Virtualization technology

Outline 1 Introduction 2 Background 3 Virtual Backdoors 4 Distributed Virtual Backdoors 5 Related Work 6 Conclusion

Friendly Backdoor Backdoor A hidden software or hardware mechanism, usually created for testing and troubleshooting. Original Implementation American National Standard for Telecommunications RDMA network card sitting on a PCI bus no overhead on the target CPU only memory is accessible remotely synchronization with the target OS is hard

Virtual Machines Definitions Virtual Machine (VM): Virtualized computer system, functional equivalent of the real machine. Virtual Machine Monitor (VMM): Software providing a virtualized environment to VMs.

Virtual Machines Definitions Virtual Machine (VM): Virtualized computer system, functional equivalent of the real machine. Virtual Machine Monitor (VMM): Software providing a virtualized environment to VMs. Technologies used Type I VMM

Virtual Machines Definitions Virtual Machine (VM): Virtualized computer system, functional equivalent of the real machine. Virtual Machine Monitor (VMM): Software providing a virtualized environment to VMs. Technologies used Type I VMM Type II VMM

Virtual Machines Definitions Virtual Machine (VM): Virtualized computer system, functional equivalent of the real machine. Virtual Machine Monitor (VMM): Software providing a virtualized environment to VMs. Technologies used Type I VMM Type II VMM x86 virtualization is not trivial:

Virtual Machines Definitions Virtual Machine (VM): Virtualized computer system, functional equivalent of the real machine. Virtual Machine Monitor (VMM): Software providing a virtualized environment to VMs. Technologies used Type I VMM Type II VMM x86 virtualization is not trivial: Emulation: VmWare

Virtual Machines Definitions Virtual Machine (VM): Virtualized computer system, functional equivalent of the real machine. Virtual Machine Monitor (VMM): Software providing a virtualized environment to VMs. Technologies used Type I VMM Type II VMM x86 virtualization is not trivial: Emulation: VmWare Paravirtualization: Xen

Virtual Machines Definitions Virtual Machine (VM): Virtualized computer system, functional equivalent of the real machine. Virtual Machine Monitor (VMM): Software providing a virtualized environment to VMs. Technologies used Type I VMM Type II VMM x86 virtualization is not trivial: Emulation: VmWare Paravirtualization: Xen New instruction set: Intel, AMD

Xen Virtual Machine Monitor Developed at the University of Cambridge. Xen VMM Open source technology

Xen Virtual Machine Monitor Developed at the University of Cambridge. Xen VMM Open source technology Paravirtualized

Xen Virtual Machine Monitor Developed at the University of Cambridge. Xen VMM Open source technology Paravirtualized Thin VMM, virtualization in a privileged VM (dom0)

Xen Virtual Machine Monitor Developed at the University of Cambridge. Xen VMM Open source technology Paravirtualized Thin VMM, virtualization in a privileged VM (dom0) Multiples OS s ported: Linux, *BSD, Minix

Xen Virtual Machine Monitor Developed at the University of Cambridge. Xen VMM Open source technology Paravirtualized Thin VMM, virtualization in a privileged VM (dom0) Multiples OS s ported: Linux, *BSD, Minix Hardware VT support

Outline 1 Introduction 2 Background 3 Virtual Backdoors 4 Distributed Virtual Backdoors 5 Related Work 6 Conclusion

Platform Choice Why a VM based backdoor? Run on common hardware Separate path of execution for each VM Control the VM Why Xen VMM? Thin means secure Fast Open source

Virtual Backdoor Design Where? VMM What? dedicated, privileged VM read/write a guest operating system memory extract state information from the guest operating system consistent view

Backdoor Programming Unix philosophy: everything is file

Backdoor Programming Unix philosophy: everything is file /dev/kmem: kernel virtual memory is a file

Backdoor Programming Unix philosophy: everything is file /dev/kmem: kernel virtual memory is a file /dev/domain mem: virtual memory of other VM target VM is selectable via an ioctl

Example

Memory Access Implementation Foreign Pages Mapping How to access a memory location from a remote VM? The VMM provides an interface to map a foreign page into the privileged VM address space. But we need the physical page frame number.

Memory Translation SoftMMU Software virtual address translation Page table walking Three pages mapping No swapping for the target kernel

Discovery of OS State How to make sense of the remote OS memory? We need to know the layout and the of each OS data structure Modified ELF parser to extract the debug informations from an object file Library to simplify the access to this information

Validation Experiment Process list walking Walk the linked list of the processes structures Output informations for each process Compare the output with ps

Outline 1 Introduction 2 Background 3 Virtual Backdoors 4 Distributed Virtual Backdoors 5 Related Work 6 Conclusion

Distributed Operating System Monitoring Single System Image Operating System Operating system running on multiples computer Provide a view of a unique operating system Need fault-tolerance, operating system consistency checks Example: Kerrighed

Distributed Monitoring: Cooperative Backdoors Network Block Device (nbd) Small modifications Server: export # of requests processed Client: export # of requests sent Cooperative Backdoor Backdoors retrieve the data exported Use the XML-RPC protocol One backdoor aggregate the data Record the timestamps when the # change Compute the end-to-end delay

Outline 1 Introduction 2 Background 3 Virtual Backdoors 4 Distributed Virtual Backdoors 5 Related Work 6 Conclusion

PCI based Backdoor Backdoor Architecture Work from the DiscoLab team Based on Myrinet networking cards with RDMA Access only to the memory Communicate with high-speed private network

Virtual Machine Based Intrusion Detection VMM Based Monitoring Plato/Revirt from the CoVirt group (U. of Michigan) Based on UMLinux (type II VMM), high virtualization overhead Interposition / Logging / Replay / Checkpoint Used for intrusion detection

Outline 1 Introduction 2 Background 3 Virtual Backdoors 4 Distributed Virtual Backdoors 5 Related Work 6 Conclusion

Contributions Propose a virtual backdoor architecture for remote monitoring Virtual backdoor designed, implemented and tested over Xen VMM Show how virtual backdoors can cooperate to monitor distributed state

Future Work Cache virtual addresses lookup Synchronization with the target OS Apply with a distributed operating systems

The End Thank you!