Jianhua Che,Qinming He,Qinghua Gao,Dawei Huang

DOI: https://doi.org/10.1109/euc.2008.127

2008-01-01

Abstract:With its growth and wide applications, virtualization has come through a revival in computer system community. Virtualization offers a lot of benefits including flexibility, security, ease to configuration and management, reduction of cost and so forth, but at the same time it also brings a certain degree of performance overhead. Furthermore, virtual machine monitor (VMM) is the core component of virtual machine (VM) system and its effectiveness greatly impacts the performance of whole system. In this paper, we measure and analyze the performance of two open source virtual machine monitors-Xen and KVM using LINPACK, LMbench and IOzone, and provide a quantitative and qualitative comparison of both virtual machine monitors.

Ping LI,Chao-Yuan CUI,Yong-Gang LI

DOI: https://doi.org/10.3969/j.issn.1003-3254.2015.07.035

2015-01-01

Abstract:The virtualization technology is one of the key technologies of the cloud computing. Meanwhile, monitoring virtual machine is an important function on the virtualization platform. In order to obtain the internal information of the virtual machine better, a lightweight virtual machine kernel module detection method (KMDM) is designed and implemented on the virtualization environment of Xen. The KMDM resides in the host machine and uses the virtual machine introspection mechanism to obtain the kernel module information of the virtual machine. The experimental results show that the KMDM can detect the kernel module information of the guest virtual machine, and the detection results are accurate and reliable.

Zhang Jisheng,Chen Xianglan,Zhou Xuehai

DOI: https://doi.org/10.3969/j.issn.1000-386X.2010.09.051

2010-01-01

Abstract:Currently,there are no utilities to manage Guest OS process efficiently and conveniently on VMM.In this paper,we implement a prototype of process level Guest OS management utility,named as GPMU,in an operation environment taking Lguest as VMM and Linux as Guest OS.With two prerequisites,to ensure no modification on the Guest OS and to minimise the performance degradation of VMM,the GPMU implements the process level Guest OS management via operating the process descriptors of Guest OS dynamically obtained from VMM directly and on demand.Our experiments demonstrate the correctness and effectiveness of the implementation of GPMU.We also analyse GPMU’s performance bottleneck and make some corresponding optimisations.As the result,the typical management operation time is reduced to 41% of the original implementation,the performance is improved dramatically.

陈文智,姚远,杨建华,何钦铭

DOI: https://doi.org/10.3724/sp.j.1016.2009.01311

2009-01-01

Chinese Journal of Computers

Abstract:With the rapidly development of personal computer hardware,to construct multiple isolated computing domains through virtualization technology has already become a future direction of PC. To avoid the difficulties caused by implementing VMM on traditional IA-32 architecture through software virtualization technology,the authors designed and implemented a VMM based on Intel VT-x technology — Pcanel/V2. Pcanel/V2 utilizes the latest hardware virtualization technology to configure a controllable virtual execution environment and run multiple operating systems directly without any modification of source code. While the accesses to hardware resources by the guest operating system are monitored,various sensitive situations which occur in the guest operating system can also be handled correspondingly by Pcanel/V2. Concurrent execution of Linux and VxWorks on Pcanel/V2 has been realized and corresponding evaluation results show that Pcanel/V2 architecture simplifies the complexity of the design process while increasing the overall performance by approximately 10% compared to software virtual technology.

Xian Chen,Wenzhi Chen,Peng Long,Zhongyong Lu,Zonghui Wang

DOI: https://doi.org/10.1109/cbd.2013.32

2013-01-01

Abstract:For the ability to explore the memory's fullest potential, memory de-duplication has been widely experimented with in current main stream virtualization platforms. A lot of work has been done to improve the efficiency of memory de-duplication, while too little attention was paid to the introduced security issues which have been proved by prior work. To deal with this security risk and efficiently manage the memory we start our work in this paper. We first conduct extensive experiments on different OS platforms to study the realistic situation of page sharing. By analyzing the results we find: 1) Page sharing is contributed mostly by self-sharing (nearly 90%), and the self-sharing rate varies significantly between Linux and Windows OS platforms. Compared with self-sharing the inter-VM sharing rate is extremely low, under 1% in most cases. 2) Page size has a larger influence on Linux platform than Windows platform, so sub-page de-duplication proposed in prior work may achieve better performance on Linux platform. On the basis of above findings we propose a group-based secure page sharing model (or GSKSM), in which we consider both VM processes and normal processes. We have successfully implemented it in Linux kernel 3.6.6, and the experiment results show it works well with negligible overhead. Finally based on GSKSM we further present an efficient memory management approach (or SEMMA), which combines GSKSM and balloon technique to efficiently manage the memory, and the preliminary experiment result is satisfactory.

ZHOU Ji-Dong,CUI Chao-Yuan,WANG Ru-Jing,CHEN Zhu-Hong

DOI: https://doi.org/10.3969/j.issn.1003-3254.2013.06.028

2013-01-01

Abstract:Xen Hardware-Assisted Virtualization(HVM) is a service that one can run a virtual machine which is a unmodified OS on Xen Hypervisor.HVM causes a loss of management of the process granularity for the reason of VMM's lack of interference and understanding of the guest OS.This paper presents a lightweight process trace method for Xen HVM named Xen HPT.With the assistance of guest OS register information(mainly the ESP) collected by VMM,Xen HPT can implicitly capture the real-time process information of target guest OS outside on Domain0 with little effect on guest OS.Xen HPT has been tested by Linux guest OS and result shows that the method is effective.

Liang Zhang,Yuebin Bai,Xin Wei

DOI: https://doi.org/10.1007/978-3-642-13119-6_34

2010-01-01

Abstract:Recently, multicore processor and virtualization become popular in research and application And an even newer tendency is to deploy virtualization on multicore processor platform This means on a physical server, several isolated and high performance virtual environments are provided, and concurrent program has a chance to run in a multicore virtualized environment But most virtual processor (VCPU) scheduler in VMM is not efficient in scheduling concurrent program with synchronization And we have developed a VMM with a new VCPU scheduler to reduce the synchronization cost in some scenarios As a component of this VMM, we need an approach to trace the processes migration in virtual machine and the mapping relationship between VCPUs and cores of physical processor to verify whether the new scheduler is effective and consistent with our initial idea In this paper, we present such an approach and a demo Process Migration Tracing Engine for monitoring the migration of process on VCPU(s) and VCPU(s) on the cores of physical processor based on Linux 2.6 and Xen 3.2 We evaluate the impact of the engine on system performance and the results shows that this tracing approach and the tracing engine are effective and efficient.

Kejiang Ye,Xiaohong Jiang,Siding Chen,Dawei Huang,Bei Wang

DOI: https://doi.org/10.1109/HPCC.2010.79

2010-01-01

Abstract:Virtualization technology is currently widely used due to its benefits on high resource utilization, flexible manageability and powerful system security. However, its use for high performance computing (HPC) is still not popular due to the unclearness of the virtualization overheads. It's worthy to evaluate the virtualization cost and to find the performance bottleneck when running HPC applications in virtual cluster. We first evaluate the basic performance overheads due to virtualization. Then we create a 16-node virtual cluster and perform a performance evaluation for both para-virtualization and full virtualization. After that, we evaluate the MPI (Message Passing Interface) scalability to investigate the impact of MPI and network communication between virtual machines. In addition to the macro assessment, we use the Oprofile/Xenoprof to investigate the architecture characterization like CPU cycle, L2 cache misses, DTLB misses and ITLB misses which is an auxiliary explanation to the performance bottleneck. Experimental results indicate that performance overheads of virtualization are acceptable for HPC, para-virtualization is very suitable for HPC due to the high virtualization efficiency and efficient inter-domain communication. Finally, we use the non-linear regression modeling technology to present a performance model for network latency and bandwidth to predict the performance in virtual cluster environment.

Yong Gang Li,Chao Yuan Cui,Yun Wu,Bing Yu Sun

DOI: https://doi.org/10.12783/dtcse/iceiti2016/6143

2016-01-01

Abstract:Virtualization is increasing rapidly recent years. Virtual machines have become not only attack objects but also criminal tools for computer crimes. Memory forensics technology can collect the evidence of virtual machine crimes effectively. Traditional memory forensics tools are deployed into the host where attackers always try to hide or delete the data generated during attack process. As a result, they can be bypassed or cheated in virtual machines. Besides, to get the complete information traditional tools always expand the forensics scale leading to massive redundant information. For the sake of these problems, we propose a new method of virtual machine memory forensics based on event trigger mechanism named VMMF. The experiment results show that the new method can get the code section, data section, kernel stack content, dynamic-link library file, and execution path of the suspicious process in Linux. It just focuses on the suspicious process content reducing redundant information.

Disheng Su,Wenzhi Chen,Wei Huang,Haitao Shan,Yunhong Jiang

DOI: https://doi.org/10.1145/1519130.1519137

2009-01-01

Abstract:ABSTRACTEmbedded systems are making rapid changes and becoming increasingly sophisticated. To make full use of all the hardware resources on the system, multi OS environments and virtualization are both feasible ways but either needs lots of porting efforts or suffers performance degradation without hardware support for virtualization. We propose a virtualization platform for embedded system named the SmartVisor to provide a PC-compatible layer for guest OS, and it gains native-like performance while keeping zero-modification to guest OS by leveraging KVM and Intel's Atom embedded processor. SmartVisor realizes device pass-through by identity mapping of the guest memory and implements a Direct-Shadow mechanism to get rid of majority part of VMExit overhead. Measurement result shows the benefits of SmartVisor and deeper study of host-swapping reveals the potential advantages of SmartVisor on embedded systems.

Xiaolin Wang,Binbin Zhang,Haogang Chen,Xinxin Jin,Yingwei Luo,Xiaoming Li,Zhenlin Wang

DOI: https://doi.org/10.1109/CIT.2010.392

2010-01-01

Abstract:Intel and AMD have provided hardware support, VT and SVM, to support classical full virtualization. The hardware extensions help to implement a VMM without changing the guest OS or resorting to software binary translation. Ironically, a VMM using VT or SVM has not yet met performance expectation. One major reason is that there still exist too many VM exits that incur significant overhead. This paper proposed a novel method, Competition in Bucket Method (CBM), to track all VM exits efficiently. The analysis and experiments show that, CBM can find out hot VM exits efficiently.

Rui Wu,Ping Chen,Peng Liu,Bing Mao

DOI: https://doi.org/10.1109/DSN.2014.59

2014-01-01

Abstract:Existing VMI techniques have high overhead, and require customized introspection programs/tools for different guest OS versions - lack of generality. In this paper, we present Shadow Context, a system for close-to-real time manual-effort-free VMI. Shadow Context can meet several important real-world VMI needs which existing VMI techniques cannot. Compared to other automatic introspection tool generation techniques, Shadow Contexthas two merits: (1) Its overhead is significantly less. It achieves close-to-real time VMI. (2) It significantly improves the practical usefulness of introspection tools by allowing one introspection program to inspect a variety of guest OS versions. These merits are achieved via a new concept called \"Shadow Context\" which allows the guest OSessystem call code to be reused inside a \"shadowed\" portion of the context of the out-of-guest inspection program. Besides, Shadow Context is secure enough to defend against a variety of real world attacks. Shadow Context is designed, implemented and systematically evaluated. Experimental results show that the performance overhead is about 75%with a median initialization time of 0.117 milliseconds.

K. Suzaki,R. Ando,Kazushi Takahashi

DOI: https://doi.org/10.22667/JOWUA.2012.03.31.120

Abstract:Leveraging hypervisor for security purpose such as malware analysis has been well researched. There still remain two challenges for analyzing security incidents on virtual machine: real-time monitoring and semantic gap. First, current active monitoring methods need to be improved for real-time protection of virtual machine. Second, semantic gap between virtual machine and hypervisor poses a significant impediment on security analyst. In this paper, we propose an inter-domain communication protocol for real-time monitoring of virtual machine and bridging semantic gap. We have deployed the inter-domain communication module between a guest Windows OS and a hypervisor in two ways. While the one is a register based transfer using vCPU context, the other is a shared memory based communication. Our protocol is event driven, which makes the proposed system enable to monitor the file access of a guest Windows OS in real-time without suspending it. We have implemented our system on XEN virtual machine monitor and KVM (Kernel Virtual Machine). We have measured the resource utilization of these two systems in the case of decompressing files and receiving HTTP requests. On the guest OS, the KVM based system outperforms the processor idle time by about 30-50% in decompressing file and the memory usage by about 35% in receiving HTTP requests. We conclude that our system can monitor file access inside virtual machine without suspension and also with reasonable resource usage.

Computer Science

CUI Chao-yuan,WU Yun,LI Ping,ZHANG Xiao-ming

DOI: https://doi.org/10.11959/j.issn.1000-436x.2015103

2015-01-01

Abstract:Virtual machine introspection(VMI)has been widely used in areas such as intrusion detection and malware analysis.However,due to the existence of semantic gap,the generality and the efficiency of VMI were partly influenced while getting internal information of a virtual machine.By analyzing the deficiencies of existing technology of semantic gap restoration,a method called ModSG was proposed to bridge the semantic gap.ModSG was a modularity system,it divided semantic restoration into two parts.One was online phase that interact directly with user to construct semantic views,the other was offline phase that only interact with operating system to parse high-level semantic knowledge.Both were implemented via independent module,and the latter provided the former with necessary kernel information during semantic view construction.Experiments on different virtual machine states and different kernel versions show that the ModSG is accurate and efficient in narrowing semantic gap.The modular design and deployment also make ModSG easily to be extended to other operating systems and virtualization platforms.

靳辛欣,陈昊罡,汪小林,王振林,温翔,罗英伟,李晓明

DOI: https://doi.org/10.3778/j.issn.1673-9418.2010.01.004

2010-01-01

Abstract:This paper presents a cache partitioning approach which can be implemented in the VMM(virtual machine manager).This approach has been implemented in Xen VMM using the page coloring technique traditionally applied to the OS(operating system).The VMM-based implementation is fully transparent to the guest OS.It thus shows the advantages of simplicity and flexibility.The evaluation shows that this cache partitioning method can work efficiently and improve the performance of co-scheduled applications running within different VMs.In the concurrent workloads selected from the SPEC CPU 2006 benchmarks,the technique achieves a performance improvement by up to 19% for the most sensitive workloads.

Haibo Chen,Pengcheng Liu,Rong Chen,Binyu Zang

2007-01-01

Abstract:Processes in commodity operating systems are “wild” 1 in nature: They are usually granted with excessive privileges, yet can be easily compromised and abused. Unfortunately, since commodity operating systems are big, complex, thus inherently untrusted, monitoring process behaviors within them is inherently insecure and could be circumvented or tampered. In this paper, we present an approach, named VMM-based process shepherding, to prevent, detect and isolate harmful behaviors (e.g. intrusions) of wild processes. The key idea of our approach is using a virtual machine monitor (VMM) to shepherd all privileged operations made by a wild process, in terms of system calls. As a VMM can easily be adjusted to intercept all system calls from a process running within operating systems thereon, such interception is mandatory and can not be bypassed. Further, as our approach is completely implemented in VMMs, it can result in good operating system transparency and portability. We provide three techniques as building blocks to process shepherding. First, the VMM prohibits any unauthorized accesses to privileged resources (e.g. system configuration files) using policy-based system call auditing. Second, the VMM uses system call sequences to detect possible malicious behaviors. Unexpected system call sequences should be considered as evidences for misbehaving. Third, the VMM isolates all suspect operations and discard them once a wild process is identified as malicious. Based on the three techniques, our approach tends to be safe and non-intrusive, that is, it can isolate damages made by a wild process. We present Shepherd, a prototype system based on Xen VMM, and evaluate it against real-life applications. According to our evaluation, Shepherd is resistant against several recent real-life attacks. Performance measurements show that our implementation incurs only a small amount of performance overhead.

Xingguo Jia,Jin Zhang,Boshi Yu,Xingyue Qian,Zhengwei Qi,Haibing Guan

DOI: https://doi.org/10.1145/3505251

IF: 1.444

2022-01-01

ACM Transactions on Architecture and Code Optimization

Abstract:We present GiantVM,1 an open-source distributed hypervisor that provides the many-to-one virtualization to aggregate resources from multiple physical machines. We propose techniques to enable distributed CPU and I/O virtualization and distributed shared memory (DSM) to achieve memory aggregation. GiantVM is implemented based on the state-of-the-art type-II hypervisor QEMU-KVM, and it can currently host conventional OSes such as Linux. (1) We identify the performance bottleneck of GiantVM to be DSM, through a top-down performance analysis. Although GiantVM offers great opportunities for CPU-intensive applications to enjoy the aggregated CPU resources, memory-intensive applications could suffer from cross-node page sharing, which requires frequent DSM involvement and leads to performance collapse. We design the guest-level thread scheduler, DaS (DSM-aware Scheduler), to overcome the bottleneck. When benchmarking with NAS Parallel Benchmarks, the DaS could achieve a performance boost of up to 3.5×, compared to the default Linux kernel scheduler. (2) While evaluating DaS, we observe the advantage of GiantVM as a resource reallocation facility. Thanks to the SSI abstraction of GiantVM, migration could be done by guest-level scheduling. DSM allows standby pages in the migration destination, which need not be transferred through the network. The saved network bandwidth is 68% on average, compared to VM live migration. Resource reallocation with GiantVM increases the overall CPU utilization by 14.3% in a co-location experiment.

Jin Zhang,Zhuocheng Ding,Yu‐Bin Chen,Xingguo Jia,Boshi Yu,Zhengwei Qi,Haibing Guan

DOI: https://doi.org/10.1145/3381052.3381324

2020-01-01

Abstract:In recent years, since scale-up machines are not economical and may not be affordable for small businesses, scale-out has become the standard answer to data analysis, machine learning, and many other fields. However, these frameworks introduce complex programming models that put a burden on developers. Therefore, Single System Image (SSI), which means a cluster of machines that appears to be one single system, has been proposed to hide the complexity of distributed systems. Unfortunately, due to the mature ecosystem of current mainstream Operating Systems (OSes), it might be non-trivial and even unaffordable to modify the current OS to implement SSI. With the wide use of virtualization, we believe that it is appealing to support SSI at the hypervisor, without modifying guest OSes.

NIU Yan,Yansong Zheng,YANG Chun,Xu Cheng

2011-01-01

Abstract:The application performance is as important as the resource utilization when we allocate memory for guest operating systems in virtualized environments.This paper presents a memory-balancing method for virtual machines,named GOSBMB(Guest Operating System Behaviors based Memory Balancer).It aims to minimize the performance loss brought by balancing memory.The memory need of the guest operating system consists of two parts which respectively,cover the amount of the memory consumed by the process working sets,and the memory used as the page cache.GOSBMB estimates the memory need by observing VMM architecturally visible events transparently.Then it allocates the memory resource for the guest operating systems on demand.We have implemented a working prototype of GOSBMB on Xen platform.The memory can be saved up to 69.6% with only 7.6% performance loss when we use GOSBMB to balance memory dynamically.

Xinxin Jin,Haogang Chen,Xiaolin Wang,Zhenlin Wang,Xiang Wen,Yingwei Luo,Xiaoming Li

DOI: https://doi.org/10.1109/ISPA.2009.47

2009-01-01

Abstract:Virtualization is often used in systems for the purpose of offering isolation among applications running in separate virtual machines (VM). Current virtual machine monitors (VMMs) have done a decent job in resource isolation in memory, CPU and I/O devices. However, when looking further into the usage of lower-level shared cache, we notice that one virtual machinepsilas cache behavior may interfere with anotherpsilas due to the uncontrolled cache sharing. In this situation, performance isolation cannot be guaranteed. This paper presents a cache partitioning approach which can be implemented in the VMM. We have implemented this mechanism in Xen VMM using the page coloring technique traditionally applied to the OS. Our VMM-based implementation is fully transparent to the guest OSes. It thus shows the advantages of simplicity and flexibility. Our evaluation shows that our cache partitioning method can work efficiently and improve the performance of co-scheduled applications running within different VMs. In the concurrent workloads selected from the SPEC CPU 2006 benchmarks, our technique achieves a performance improvement by up to 19% for the most sensitive workloads.