JingZheng Wu,Liping Ding,Yongji Wang,Wei Han

DOI: https://doi.org/10.1109/CLOUD.2011.10

2011-01-01

Abstract:Virtualization technology is the basis of cloud computing, and the most important property of virtualization is isolation. Isolation guarantees security between virtual machines. However, covert channel breaks the isolation and leaks sensitive message covertly. In this paper, we formally model the isolation into noninterference, and define that all the transmission channels violating noninterference are covert channels. With this definition, we present an identification method based on information flow. This method first compiles the source code into a more structured equivalent code with LLVM. And then a search algorithm is proposed to obtain the shared resources and the operational processes in the equivalent code. A new covert channel termed sharing memory covert timing channel (SMCTC) is identified from Xen source code. We construct channel scenario for SMCTC, and evaluate its threat with the metrics of channel capacity and transmission accuracy. The results show that SMCTC is much more threatened than CPU load based and cache based covert channels etc.

Ji-Ming Chen,Shi Chen,Xiang Wang,Lin,Li Wang

DOI: https://doi.org/10.1155/2021/2729949

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:With the rapid development of Internet of Things technology, a large amount of user information needs to be uploaded to the cloud server for computing and storage. Side-channel attacks steal the private information of other virtual machines by coresident virtual machines to bring huge security threats to edge computing. Virtual machine migration technology is currently the main way to defend against side-channel attacks. VM migration can effectively prevent attackers from realizing coresident virtual machines, thereby ensuring data security and privacy protection of edge computing based on the Internet of Things. This paper considers the relevance between application services and proposes a VM migration strategy based on service correlation. This strategy defines service relevance factors to quantify the degree of service relevance, build VM migration groups through service relevance factors, and effectively reduce communication overhead between servers during migration, design and implement the VM memory migration based on the post-copy method, effectively reduce the occurrence of page fault interruption, and improve the efficiency of VM migration.

Deshi Ye,Qinming He,Hua Chen,Jianhua Che

DOI: https://doi.org/10.1109/euc.2008.42

2008-01-01

Abstract:Virtualization technology becomes more and more important in area of compute science, such as data center and server consolidation. A large number of hypervisors are available to manage the virtualization either on bare hardware or on host operating systems. One of the important task for the designer is to measure and compare the performance overhead of given virtual machines. In this paper, we provide an analytic framework for the performance analyzing either without running a system or in a runnable real system. Meanwhile, analytic performance models that are based on the queue network theory are developed to study the designs of virtual machines. At the end, a case study of the mathematical models is given to illustrate the performance evaluation.

Weiwei Jia,Cheng Wang,Xusheng Chen,Jianchen Shan,Xiaowei Shang,Heming Cui,Xiaoning Ding,Luwei Cheng,Francis C. M. Lau,Yuexuan Wang,Yuangang Wang

2018-01-01

Abstract:In clouds where CPU cores are time-shared by virtual CPUs (vCPU), vCPUs are scheduled and descheduled by the virtual machine monitor (VMM) periodically. In each virtual machine (VM), when its vCPUs running I/O bound tasks are descheduled, no I/O requests can be made until the vCPUs are rescheduled. These inactivity periods of I/O tasks cause severe performance issues, one of them being the utilization of I/O resources in the guest OS tends to be low during I/O inactivity periods. Worse, the I/O scheduler in the host OS could suffer from low performance because the I/O scheduler assumes that I/O tasks make I/O requests constantly. Fairness among the VMs within a host can also be at stake. Existing works typically would adjust the time slices of vCPUs running I/O tasks, but vCPUs are still descheduled frequently and cause I/O inactivity.Our idea is that since each VM often has active vCPUs, we can migrate I/O tasks to active vCPUs, thus mitigating the I/O inactivity periods and maintaining the fairness. We present VMIGRATER, which runs in the user level of each VM. It incorporates new mechanisms to efficiently monitor active vCPUs and to accurately detect I/O bound tasks. Evaluation on diverse real-world applications shows that VMIGRATER can improve I/O performance by up to 4.42X compared with default Linux KVM. VMIGRATER can also improve I/O performance by 1.84X to 3.64X compared with two related systems.

Xiaoguang Wang,Yong Qi,Zhi Wang,Yue Chen,Yajin Zhou

DOI: https://doi.org/10.1109/tdsc.2017.2675991

2019-01-01

Abstract:The OS kernel is critical to the security of a computer system. Many systems have been proposed to improve its security. A fundamental weakness of those systems is that page tables, the data structures that control the memory protection, are not isolated from the vulnerable kernel, and thus subject to tampering. To address that, researchers have relied on virtualization for reliable kernel memory protection. Unfortunately, such memory protection requires to monitor every update to the guest's page tables. This fundamentally conflicts with the recent advances in the hardware virtualization support. In this paper, we propose SecPod, an extensible framework for virtualization-based security systems that can provide both strong isolation and the compatibility with modern hardware. SecPod has two key techniques: paging delegation delegates and audits the kernel's paging operations to a secure space; execution trapping intercepts the (compromised) kernel's attempts to subvert SecPod by misusing privileged instructions. We have implemented a prototype of SecPod based on KVM. Our experiments show that SecPod is both effective and efficient.

Jianhua Che,Qinming He,Qinghua Gao,Dawei Huang

DOI: https://doi.org/10.1109/euc.2008.127

2008-01-01

Abstract:With its growth and wide applications, virtualization has come through a revival in computer system community. Virtualization offers a lot of benefits including flexibility, security, ease to configuration and management, reduction of cost and so forth, but at the same time it also brings a certain degree of performance overhead. Furthermore, virtual machine monitor (VMM) is the core component of virtual machine (VM) system and its effectiveness greatly impacts the performance of whole system. In this paper, we measure and analyze the performance of two open source virtual machine monitors-Xen and KVM using LINPACK, LMbench and IOzone, and provide a quantitative and qualitative comparison of both virtual machine monitors.

Qingni Shen,Mian Wan,Zhuangzhuang Zhang,Zhi Zhang,Sihan Qing,Zhonghai Wu

DOI: https://doi.org/10.1007/978-3-319-02726-5_10

2013-01-01

Abstract:Covert channel between virtual machines is one of serious threats to cloud computing, since it will break the isolation of guest OSs. Even if a lot of work has been done to resist covert channels, new covert channels still emerge in various manners. In this paper, we introduce event channel mechanism in detail. Then we develop a covert channel called CCECS(Covert Channel using Event Channel State) and implement it on Xen hypervisor. Finally we quantitatively evaluate CCECS and discuss the possible mitigation methods. Results show that it can achieve larger bit rate than most existing covert channels.

Xiaoyu Ji,Juchuan Zhang,Shan Zou,Yichao Chen,Gang Qu,Wenyuan Xu

DOI: https://doi.org/10.1109/tmc.2023.3262400

IF: 6.075

2023-01-01

IEEE Transactions on Mobile Computing

Abstract:Air-gapped networks achieve security by using physical isolation to keep the computers and network from the Internet. However, magnetic covert channels based on CPU utilization have been proposed to help secret data to exfiltrate from the Faraday-cage and the air gap. Despite the success of such covert channels, they suffer from the high risk of being detected by the transmitter computer and the challenge of installing malware into such a computer. In this paper, we propose MagView++ , where sensitive information is embedded in other data such as video and can be transmitted over the internal network. When any computer uses the data such as playing the video, the sensitive information will leak through the magnetic signals. The “separation” of information embedding and leaking, combined with the fact that the data can be exfiltrated from any computer in a distributed manner, overcomes these limitations. We demonstrate that CPU utilization for video decoding can be effectively controlled by changing the video frame type, reducing the quantization parameter, and changing the timestamp of the frame, without video quality degradation. We prototype MagView++ and achieve 8.9 bps throughput with 0.0057 BER when using a smartphone as the receiver, and 59 bps throughput with 0.0025 BER when using a dedicated devices with high sampling rate as the receiver. Experiments under various environments are conducted to show the robustness of MagView++ . Limitations and possible countermeasures are also discussed.

Yuebin Bai,Cheng Luo,Cong Xu,Liang Zhang,Huiyong Zhang

DOI: https://doi.org/10.1007/978-3-642-13119-6_32

2010-01-01

Abstract:In virtualization technology domain, researches mainly focus on strengthening the isolation barrier between virtual machines (VMs) that are co-resident within a single physical machine At the same time, there are many kinds of communication intensive distributed applications such as web services, transaction processing, graphics rendering and high performance grid applications, which need to communicate with each other on the co-resident VMs Current inter-VM communication mechanisms can't adequately satisfy the requirement of such applications In this paper, we present the design and implementation of a high performance inter-VM communication mechanism called IVCOM in Xen virtual machine environment We propose IVCOM in para-virtualization and also extend for full-virtualization As a result of our survey, in Para-virtualization, there are mainly three kinds of overheads that contribute to the poor performance: the TCP/IP processing cost in each domain, page flipping overhead and long communication path between both sides of the socket IVCOM achieves high performance by bypassing protocol stacks, shunning page flipping and providing a direct and high performance communication path between VMs residing with the same physical machine And in Full-virtualization, frequent mode tuning between root mode and non-root mode import too much overhead IVCOM applies a direct communication channel between domain 0 and hardware virtual VM (HVM) and can greatly reduce the VM entry/exit operations which can improve the HVM performance In our evaluation, we observe that IVOCM can reduce the inter-VM round trip latency by up to 3 times and increase throughput by up to 3 times which prove the efficiency of IVCOM in para-virtualized environment In full-virtualized environment, IVCOM can greatly reduce mode tuning times in the communication between domain 0 and HVM.

Yangwei Li,Qingni Shen,Cong Zhang,Pengfei Sun,Ying Chen,Sihan Qing

DOI: https://doi.org/10.1109/waina.2012.103

2012-01-01

Abstract:The improvement in performance gained by the use of multi-core processors led to security problem. In this paper, we present a new covert channel which we called the "core-alternative channel". This covert channel could exist in most operating systems and virtualization platforms with multi-core processors. We have developed CCCA (Covert Channels using Core-alternation), a prototype that creates a core-alternative channel and communicates data secretly. We discuss how to mitigate and eliminate this channel. We quantitatively evaluate the threat of core-alternative channel both between processes on Linux and between virtual machines on the Xen hyper visor. We also measured the bandwidth and communication accuracy of this covert channel.

Martin Radev,Mathias Morbitzer

DOI: https://doi.org/10.48550/arXiv.2010.07094

2020-10-14

Abstract:Cloud computing is a convenient model for processing data remotely. However, users must trust their cloud provider with the confidentiality and integrity of the stored and processed data. To increase the protection of virtual machines, AMD introduced SEV, a hardware feature which aims to protect code and data in a virtual machine. This allows to store and process sensitive data in cloud environments without the need to trust the cloud provider or the underlying software. However, the virtual machine still depends on the hypervisor for performing certain activities, such as the emulation of special CPU instructions, or the emulation of devices. Yet, most code that runs in virtual machines was not written with an attacker model which considers the hypervisor as malicious. In this work, we introduce a new class of attacks in which a malicious hypervisor manipulates external interfaces of an SEV or SEV-ES virtual machine to make it act against its own interests. We start by showing how we can make use of virtual devices to extract encryption keys and secret data of a virtual machine. We then show how we can reduce the entropy of probabilistic kernel defenses in the virtual machine by carefully manipulating the results of the CPUID and RDTSC instructions. We continue by showing an approach for secret data exfiltration and code injection based on the forgery of MMIO regions over the VM's address space. Finally, we show another attack which forces decryption of the VM's stack and uses Return Oriented Programming to execute arbitrary code inside the VM. While our approach is also applicable to traditional virtualization environments, its severity significantly increases with the attacker model of SEV-ES, which aims to protect a virtual machine from a benign but vulnerable hypervisor.

Cryptography and Security

Youhui Zhang,Gelin Su,Liang Hong,Weimin Zheng

DOI: https://doi.org/10.1109/PACIIA.2008.251

2008-01-01

Abstract:Today Virtual Machine (VM) technologies play anactive role in some IT field. But few researches have beendone on the I/O performance of the OS running in VM. This paper deals with measurements and analysis of reading large files on Windows systems in VM. Compared with the system on hardware directly, OS in VM owns a more complicate storage hierarchy, which contains the OS cache, VM cache and disk buffer. For this case we implement an evaluation environment where many read tests with different configurations have been completed. The performance study shows an I/O throughput drop by a factor 2 depending on the request size and up to a factor 2 depending on the specified access mode. We evaluate and identify the key issues affecting the performance and a corresponding access model is constructed based on these results. Moreover, a unified VM cache is presented, which can support more than one VM synchronously in ahost. Tests show that it can improve the read performance because it avoids storing multi instances of shared data to increase the cache efficiency. Our work can be used to optimize the I/O strategy for a given application or design the VM with higher efficiency.

Rui Yang,Xiao Fu,Xiaojiang Du,Bin Luo

DOI: https://doi.org/10.4108/eai.18-6-2016.2264107

2016-01-01

Abstract:In IaaS (such as Amazon EC2 and Microsoft Azure), several VM (virtual-machine) instances usually run in one physical machine so as to improve resource utilization. However this also caused more attack opportunities. A typical example is a cross-VM timing channel. Recent studies show that this kind of covert channel can successfully steal private information (e.g. private key) from the co-resident VM instances. It brought great challenges to the security of the cloud and has absorbed more and more attention in recent years. But to our knowledge, there is still little work on detecting and investigating such covert channel. Therefore, we propose a behavior-based method to automatically detect and investigate the timing channel. First, in order to record the behavior of this covert channel, a page-level memory monitoring method is designed. Second, an automatic identification algorithm is proposed based on some memory activity signatures. Finally, in order to confirm the result, the memory dump will be obtained and the binary code of the suspicious process will be analyzed. We have implemented a prototype on Xen, and the experimental results show that all of these kinds of attacks can be detected even under the disturbance from normal processes.

Ruiqing Chi,Zhuzhong Qian,Sanglu Lu

DOI: https://doi.org/10.1109/padsw.2014.7097816

2014-01-01

Abstract:With the rapid development of virtualization techniques, modern data centers move into a new era of cloud in recent years. Despite numerous advantages such as high resource utilization and rapid service scalability, current virtualization techniques don't guarantee perfect performance isolation among virtual machines sharing the physical machine, which may lead to unstable and unpredictable user-perceived application performance in clouds. Therefore, understanding and modeling performance interference among collocated applications is of utmost importance. However, the hypervisor and guest OSes usually run independent resource schedulers and are invisible into each other, thereby making accurately characterizing performance interference a non-trivial work. In this paper, we first present a comprehensive experimental study on performance interference of different combinations of benchmarks, observing that virtual CPU floating overhead between multiple physical CPUs, and VMEXITs, i.e., the control transitions between the hypervisor and VMs, constitute the key source of performance interference. In order to characterize the performance interference effects, we measure both the application-level and VM-level characteristics from the collocated applications and then build a novel interference prediction framework based on kernel canonical correlation analysis. Our evaluations first show the practicability of KCCA in finding reliable correlation, and further confirm the high accuracy and great applicability of our interference model with a low prediction error of no more than 7.9%.

Qun Huang,Patrick P. C. Lee

DOI: https://doi.org/10.1145/2479942.2479948

2013-01-01

ACM SIGMETRICS Performance Evaluation Review

Abstract:In a consolidated virtualized environment, multiple virtual machines (VMs) are hosted atop a shared physical substrate. They share the underlying hardware resources as well as the software virtualization components. Thus, one VM can generate performance interference to another co-resident VM. This work explores the adverse impact of performance interference from a security perspective. We present a new class of attacks, namely the cascade attacks, in which an adversary seeks to generate performance interference using a malicious VM. One distinct property of the cascade attacks is that when the malicious VM exhausts one type of hardware resources, it will bring "cascading" interference to another type of hardware resources. We present four different implementations of cascade attacks and evaluate their effectiveness atop the Xen virtualization platform. We show that a victim VM can see significant performance degradation (e.g., throughput drops in network and disk I/Os) due to the cascade attacks.

Ziqi Wang,Rui Yang,Xiao Fu,Xiaojiang Du,Bin Luo

DOI: https://doi.org/10.1109/INFCOMW.2016.7562068

2016-01-01

Abstract:Cloud providers usually use virtualization to maximize the utilization of their computing resources, e.g. many virtual machines (VMs) run on a shared physical infrastructure. However co-residency with other VMs will cause high security risks, such as side channel attacks. This kind of attack is difficult to detect and prevent, so it's necessary to study it deeply. Recent research has shown attackers can build up cross-VM side channels to obtain sensitive information. However, due to the features of shared resources (e.g. CPU cache), the sensitive information obtained is usually limited and coarse-grained. In this paper, we present a novel side channel, which is based on shared physical memory and exploits the vulnerabilities of balloon driver. Balloon driver is a very popular mechanism used by current virtual machine managers (VMMs) to balance physical memory among several VMs. Because it is widely used in IaaS cloud, our side channel attack can achieve a high success rate. And compared with current cross-VM side channels, it can transmit more fine-grained data. Using Xen as a case study, we explore how to transmit data by this side channel.

Wenzhi Chen,Zhipeng Zhang,Jianhua Yang,Qinming He

DOI: https://doi.org/10.1007/s11859-010-0301-y

2010-01-01

Wuhan University Journal of Natural Sciences

Abstract:This paper presents vCerberus, a novel hypervisor to provide trusted and isolated code execution within virtual domains. vCerberus is considerably tiny, while allowing secure sensitive codes to be executed in an isolated circumstance from the virtual domain, and can be attested by a remote party in an efficient way. These properties will be guaranteed even if the guest operating system is malicious. This protects the secure sensitive codes against the malicious codes in the Guest OS, e.g., the kernel rootkits. We present an approach to dynamically measure and isolate the launch environment on the virtual machines based on the para-virtualization technology and a novel virtualization of trusted platform module (TPM). Our performance experiment result shows that the overhead introduced by vCerberus is minimized; the performance of the launch environment in vCerberus is as competitive as the guest OS running on mainstream hypervisors.

Diming Zhang,Fei Xue,Hao Huang,Shaodi You

DOI: https://doi.org/10.1007/s11704-017-6466-1

IF: 2.6688

2018-01-01

Frontiers of Computer Science

Abstract:Barely acceptable block I/O performance prevents virtualization from being widely used in the High-Performance Computing field. Although the virtio paravirtual framework brings great I/O performance improvement, there is a sharp performance degradation when accessing high-performance NAND-flash-based devices in the virtual machine due to their data parallel design. The primary cause of this fact is the deficiency of block I/O parallelism in hypervisor, such as KVM and Xen. In this paper, we propose a novel design of block I/O layer for virtualization, named VBMq. VBMq is based on virtio paravirtual I/O model, aiming to solve the block I/O parallelism issue in virtualization. It uses multiple dedicated I/O threads to handle I/O requests in parallel. In the meanwhile, we use polling mechanism to alleviate overheads caused by the frequent context switches of the VM’s notification to and from its hypervisor. Each dedicated I/O thread is assigned to a non-overlapping core to improve performance by avoiding unnecessary scheduling. In addition, we configure CPU affinity to optimize I/O completion for each request. The CPU affinity setting is very helpful to reduce CPU cache miss rate and increase CPU efficiency. The prototype system is based on Linux 4.1 kernel and QEMU 2.3.1. Our measurements show that the proposed method scales graciously in the multi-core environment, and provides performance which is 39.6x better than the baseline at most, and approaches bare-metal performance.

Zhiming Wang,Jiangxing Wu,Zehua Guo,Guozhen Cheng,Hongchao Hu

DOI: https://doi.org/10.1109/INFCOMW.2016.7562061

2016-01-01

Abstract:Network virtualization is a double-edged sword that facilitates network innovation but may cause information leakage between virtual nodes coexisting on the same substrate node via covert channels. This paper represents the first attempt to consider risk-tolerant coexistence in virtual network embedding. We propose a secure virtual network embedding scheme to mitigate the risk of covert channel attacks. Simulation results show that our scheme improves the percentage of secure virtual nodes by 40%.

Kejiang Ye,Xiaohong Jiang,Siding Chen,Dawei Huang,Bei Wang

DOI: https://doi.org/10.1109/HPCC.2010.79

2010-01-01

Abstract:Virtualization technology is currently widely used due to its benefits on high resource utilization, flexible manageability and powerful system security. However, its use for high performance computing (HPC) is still not popular due to the unclearness of the virtualization overheads. It's worthy to evaluate the virtualization cost and to find the performance bottleneck when running HPC applications in virtual cluster. We first evaluate the basic performance overheads due to virtualization. Then we create a 16-node virtual cluster and perform a performance evaluation for both para-virtualization and full virtualization. After that, we evaluate the MPI (Message Passing Interface) scalability to investigate the impact of MPI and network communication between virtual machines. In addition to the macro assessment, we use the Oprofile/Xenoprof to investigate the architecture characterization like CPU cycle, L2 cache misses, DTLB misses and ITLB misses which is an auxiliary explanation to the performance bottleneck. Experimental results indicate that performance overheads of virtualization are acceptable for HPC, para-virtualization is very suitable for HPC due to the high virtualization efficiency and efficient inter-domain communication. Finally, we use the non-linear regression modeling technology to present a performance model for network latency and bandwidth to predict the performance in virtual cluster environment.