Xian Chen,Wenzhi Chen,Peng Long,Zhongyong Lu,Zonghui Wang

DOI: https://doi.org/10.1109/cbd.2013.32

2013-01-01

Abstract:For the ability to explore the memory's fullest potential, memory de-duplication has been widely experimented with in current main stream virtualization platforms. A lot of work has been done to improve the efficiency of memory de-duplication, while too little attention was paid to the introduced security issues which have been proved by prior work. To deal with this security risk and efficiently manage the memory we start our work in this paper. We first conduct extensive experiments on different OS platforms to study the realistic situation of page sharing. By analyzing the results we find: 1) Page sharing is contributed mostly by self-sharing (nearly 90%), and the self-sharing rate varies significantly between Linux and Windows OS platforms. Compared with self-sharing the inter-VM sharing rate is extremely low, under 1% in most cases. 2) Page size has a larger influence on Linux platform than Windows platform, so sub-page de-duplication proposed in prior work may achieve better performance on Linux platform. On the basis of above findings we propose a group-based secure page sharing model (or GSKSM), in which we consider both VM processes and normal processes. We have successfully implemented it in Linux kernel 3.6.6, and the experiment results show it works well with negligible overhead. Finally based on GSKSM we further present an efficient memory management approach (or SEMMA), which combines GSKSM and balloon technique to efficiently manage the memory, and the preliminary experiment result is satisfactory.

Xinghui Zhu,Guang Lu,Fei Yu,Shuqiang Yang,Miaoliang Zhu

DOI: https://doi.org/10.1109/IMSCCS.2006.108

2006-01-01

Abstract:In today's operating system, memory management policies based on the data-copying and hidden mechanisms blocks the system performance which is far from expectation. This paper introduces an innovative memory management system powered by vertical architecture PVM. The paper first describes the model and architecture of PVM, followed by an analysis of lazy management of virtual address space and the management of two-layer-cached physical memory.

Xian Chen,Wenzhi Chen,Zhongyong Lu,Yu Zhang,Rui Chang,Mohammad Mehedi Hassan,Abdulhameed Alelaiwi,Yang Xiang

DOI: https://doi.org/10.1002/cpe.4028

2017-01-01

Abstract:SummaryWith the advantages of extremely high access speed, low energy consumption, nonvolatility, and byte addressability, nonvolatile memory (NVM) device has already been setting off a revolution in storage field. Conventional storage architecture needs to be optimized or even redesigned from scratch to fully explore the performance potential of NVM device. However, most previous NVM‐related works only explore its low access latency and low energy consumption. Few works have been done to explore the appropriate way to use NVM device for improving virtual machine's storage performance. In this paper, we comprehensively evaluate and analyze conventional virtual machine's storage architecture. We find that, even with cutting‐edge optimization technologies, virtual machine can only achieve 30% of NVM device's original performance. Based on this observation, we propose a memory bus–based storage architecture, which we named MBSA. Memory bus–based storage architecture can greatly shorten the length of virtual machine's storage input/output stack and improve NVM device's use flexibility. In addition, an efficient wear‐leveling algorithm is proposed to prolong NVM device's lifespan. To evaluate the new architecture, we implement it as well as the wear‐leveling algorithm on real hardware and software platform. Experimental results show that MBSA can provide a big performance improvement, about 2.55X, and the wear‐leveling algorithm can efficiently balance write operations on NVM device with a negligible performance overhead (no more than 3%).

Zhigang Wang,Xiaolin Wang,Fang Hou,Yingwei Luo,Zhenlin Wang

DOI: https://doi.org/10.1145/2851501

2016-01-01

Abstract:Allocating memory dynamically for virtual machines (VMs) according to their demands provides significant benefits as well as great challenges. Efficient memory resource management requires knowledge of the memory demands of applications or systems at runtime. A widely proposed approach is to construct a miss ratio curve (MRC) for a VM, which not only summarizes the current working set size (WSS) of the VM but also models the relationship between its performance and the target memory allocation size. Unfortunately, the cost of monitoring and maintaining the MRC structures is nontrivial. This article first introduces a low-cost WSS tracking system with effective optimizations on data structures, as well as an efficient mechanism to decrease the frequency of monitoring. We also propose a Memory Balancer (MEB), which dynamically reallocates guest memory based on the predicted WSS. Our experimental results show that our prediction schemes yield a high accuracy of 95.2p and low overhead of 2p. Furthermore, the overall system throughput can be significantly improved with MEB, which brings a speedup up to 7.4 for two to four VMs and 4.54 for an overcommitted system with 16 VMs.

Yuming Wu,Yutao Liu,Ruifeng Liu,Haibo Chen,Binyu Zang,Haibing Guan

DOI: https://doi.org/10.1109/HPCA.2018.00045

2018-01-01

Abstract:The confidentiality of tenant's data is confronted with high risk when facing hardware attacks and privileged malicious software. Hardware-based memory encryption is one of the promising means to provide strong guarantees of data security. Recently AMD has proposed its new memory encryption hardware called SME and SEV, which can selectively encrypt memory regions in a fine-grained manner, e.g., by setting the C-bits in the page table entries. More importantly, SEV further supports encrypted virtual machines. This, intuitively, has provided a new opportunity to protect data confidentiality in guest VMs against an untrusted hypervisor in the cloud environment. In this paper, we first provide a security analysis on the (in)security of SEV and uncover a set of security issues of using SEV as a means to defend against an untrusted hypervisor. Based on the study, we then propose a software-based extension to the SEV feature, namely Fidelius, to address those issues while retaining performance efficiency. Fidelius separates the management of critical resources from service provisioning and revokes the permissions of accessing specific resources from the un-trusted hypervisor. By adopting a sibling-based protection mechanism with non-bypassable memory isolation, Fidelius embraces both security and efficiency, as it introduces no new layer of abstraction. Meanwhile, Fidelius reuses the SEV API to provide a full VM life-cycle protection, including two sets of para-virtualized I/O interfaces to encode the I/O data, which is not considered in the SEV hardware design. A detailed and quantitative security analysis shows its effectiveness in protecting tenant's data from a variety of attack surfaces, and the performance evaluation confirms the performance efficiency of Fidelius.

Pengfei Zhang,Rui Chu,Huaimin Wang

DOI: https://doi.org/10.1109/icppw.2012.92

2012-01-01

Abstract:As an important aspect of the hardware resource consolidation in virtualization environment, memory consolidation and over-commitment has been motivated by the increasing elastic computing cloud platform. The most popular consolidation technology, Memory Balloon, might introduce serious performance penalty with thrashing when guest memory usage changes dramatically. In order to overcome the drawback of Memory Balloon and guarantee the system performance, we propose Mem Hole, which provides more guest physical memory than really allocated and makes the corresponding host physical mapping undetermined until accessed, to reduce the thrashing of guest memory paging. The prototype of Mem Hole has been implemented in Xen platform and the efficiency has been shown in the preliminary evaluation.

Yuxia Cheng,Qing Wu,Bei Wang,Wenzhi Chen

DOI: https://doi.org/10.1007/978-3-319-69471-9_4

2017-01-01

Abstract:Protecting data security and privacy is one of the top concerns in the public cloud. As the cloud infrastructure is complex, and it is difficult for cloud users to gain trust. Particularly, how to guarantee the confidentiality and integrity of in-memory user private data in untrusted cloud faces big challenges. The in-memory data is typically used for online processing that requires high performance and plaintext access in CPU, therefore simple data encryption is infeasible for in-memory data security protection. In this paper, we propose a secure in-memory data cache scheme based on the memcached key-value store system and leverage the new trusted Intel SGX processors to protect sensitive operations. Firstly, we build a secure enclave and design a trusted channel protocol using remote attestation mechanism. Secondly, we propose a cache server partitioning method that decouples the sensitive key-value operations with enclave protection. Thirdly, we implement a secure client library to maintain the original cache semantics for application compatibility. The experimental result showed that the proposed solutions achieves comparable performance with the traditional key-value store systems, while improves the level of data security in untrusted cloud.

Wei-Zhe Zhang,Hu-Cheng Xie,Ching-Hsien Hsu

DOI: https://doi.org/10.1109/tcc.2014.2378794

IF: 5.697

2017-01-01

IEEE Transactions on Cloud Computing

Abstract:Through virtualization, multiple virtual machines (VMs) can coexist and operate on one physical machine. When virtual machines compete for memory, the performances of applications deteriorate, especially those of memory-intensive applications. In this study, we aim to optimize memory control techniques using a balloon driver for server consolidation. Our contribution is three-fold: (1) We design and implement an automatic control system for memory based on a Xen balloon driver. To avoid interference with VM monitor operation, our system works in user mode; therefore, the system is easily applied in practice. (2) We design an adaptive global-scheduling algorithm to regulate memory. This algorithm is based on a dynamic baseline, which can adjust memory allocation according to the memory used by the VMs. (3) We evaluate our optimized solution in a real environment with 10 VMs and well-known benchmarks (DaCapo and Phoronix Test Suites). Experiments confirm that our system can improve the performance of memory-intensive and disk-intensive applications by up to 500 and 300 percent, respectively. This toolkit has been released for free download as a GNU General Public License v3 software.

Xiaolin Wang,Lingmei Weng,Zhenlin Wang,Yingwei Luo

DOI: https://doi.org/10.1007/978-3-642-45293-2_22

2013-01-01

Abstract:Despite of continuous efforts on reducing virtualization overhead, memory virtualization overhead remains significant for certain applications and often the last piece standing. Hardware vendors even dedicate hardware resources to help minimize this overhead. Each of the two typical approaches, shadow paging SP and hardware assisted paging HAP, has its own advantages and disadvantages. Hardware-dependent HAP eliminates most VM exits caused by page faults, but suffers from higher penalties of TLB misses. On the other hand, the software-only approach, SP, enjoys shorter page walk latencies while paying for the VM exits to maintain the consistency between the shadow page table and the guest page table. We observe that, although HAP and SP each holds its ground for a set of applications in a 32-bit virtual machine VM, SP almost always performs on a par with or better than HAP in a 64-bit system, which steadily gains its popularity. This paper examines the root cause of this inconsistency through a series of experiments and shows that the major overhead of shadow paging in a 32-bit system can be substantially reduced using a customized memory allocator. We conclude that memory virtualization overhead can be minimized with software-only approaches and therefore hardware-assisted paging might no longer be necessary.

Xiaolin Wang,Lingmei Weng,Zhenlin Wang,Yingwei Luo

DOI: https://doi.org/10.1145/2541228.2555304

IF: 1.444

2013-01-01

ACM Transactions on Architecture and Code Optimization

Abstract:With the evolvement of hardware, 64-bit Central Processing Units (CPUs) and 64-bit Operating Systems (OSs) have dominated the market. This article investigates the performance of virtual memory management of Virtual Machines (VMs) with a large virtual address space in 64-bit OSs, which imposes different pressure on memory virtualization than 32-bit systems. Each of the two conventional memory virtualization approaches, Shadowing Paging (SP) and Hardware-Assisted Paging (HAP), causes different overhead for different applications. Our experiments show that 64-bit applications prefer to run in a VM using SP, while 32-bit applications do not have a uniform preference between SP and HAP. In this article, we trace this inconsistency between 32-bit applications and 64-bit applications to its root cause through a systematic empirical study in Linux systems and discover that the major overhead of SP results from memory management in the 32-bit GNU C library (glibc). We propose enhancements to the existing memory management algorithms, which substantially reduce the overhead of SP. Based on the evaluations using SPEC CPU2006, Parsec 2.1, and cloud benchmarks, our results show that SP, with the improved memory allocators, can compete with HAP in almost all cases, in both 64-bit and 32-bit systems. We conclude that without a significant breakthrough in HAP, researchers should pay more attention to SP, which is more flexible and cost effective.

NIU Yan,Yansong Zheng,YANG Chun,Xu Cheng

2011-01-01

Abstract:The application performance is as important as the resource utilization when we allocate memory for guest operating systems in virtualized environments.This paper presents a memory-balancing method for virtual machines,named GOSBMB(Guest Operating System Behaviors based Memory Balancer).It aims to minimize the performance loss brought by balancing memory.The memory need of the guest operating system consists of two parts which respectively,cover the amount of the memory consumed by the process working sets,and the memory used as the page cache.GOSBMB estimates the memory need by observing VMM architecturally visible events transparently.Then it allocates the memory resource for the guest operating systems on demand.We have implemented a working prototype of GOSBMB on Xen platform.The memory can be saved up to 69.6% with only 7.6% performance loss when we use GOSBMB to balance memory dynamically.

Gangyong Jia,Guangjie Han,Hao Wang,Xuan Yang

DOI: https://doi.org/10.3390/s17050968

IF: 3.9

2017-01-01

Sensors

Abstract:In a cloud computing environment, the number of virtual machines (VMs) on a single physical server and the number of applications running on each VM are continuously growing. This has led to an enormous increase in the demand of memory capacity and subsequent increase in the energy consumption in the cloud. Lack of enough memory has become a major bottleneck for scalability and performance of virtualization interfaces in cloud computing. To address this problem, memory deduplication techniques which reduce memory demand through page sharing are being adopted. However, such techniques suffer from overheads in terms of number of online comparisons required for the memory deduplication. In this paper, we propose a static memory deduplication (SMD) technique which can reduce memory capacity requirement and provide performance optimization in cloud computing. The main innovation of SMD is that the process of page detection is performed offline, thus potentially reducing the performance cost, especially in terms of response time. In SMD, page comparisons are restricted to the code segment, which has the highest shared content. Our experimental results show that SMD efficiently reduces memory capacity requirement and improves performance. We demonstrate that, compared to other approaches, the cost in terms of the response time is negligible.

Yutao Liu,Tianyu Zhou,Kexin Chen,Haibo Chen,Yubin Xia

DOI: https://doi.org/10.1145/2810103.2813690

2015-01-01

Abstract:Exploiting memory disclosure vulnerabilities like the Heart Bleed bug may cause arbitrary reading of a victim's memory, leading to leakage of critical secrets such as crypto keys, personal identity and financial information. While isolating code that manipulates critical secrets into an isolated execution environment is a promising countermeasure, existing approaches are either too coarse-grained to prevent intra-domain attacks, or require excessive intervention from low-level software (e.g., hypervisor or OS), or both. Further, few of them are applicable to large-scale software with millions of lines of code.This paper describes a new approach, namely SeCage, which retrofits commodity hardware virtualization extensions to support efficient isolation of sensitive code manipulating critical secrets from the remaining code. SeCage is designed to work under a strong adversary model where a victim application or even the OS may be controlled by the adversary, while supporting large-scale software with small deployment cost. SeCage combines static and dynamic analysis to decompose monolithic software into several compartments, each of which may contain different secrets and their corresponding code. Following the idea of separating control and data plane, SeCage retrofits the VMFUNC mechanism and nested paging in Intel processors to transparently provide different memory views for different compartments, while allowing low-cost and transparent invocation across domains without hypervisor intervention.We have implemented SeCage in KVM on a commodity Intel machine. To demonstrate the effectiveness of SeCage, we deploy it to the Nginx and OpenSSH server with the OpenSSL library as well as CryptoLoop with small efforts. Security evaluation shows that SeCage can prevent the disclosure of private keys from HeartBleed attacks and memory scanning from rootkits. The evaluation shows that SeCage only incurs small performance and space overhead.

Liufeng Wang,Huaimin Wang,Lu Cai,Rui Chu,Pengfei Zhang,Lanzheng Liu

DOI: https://doi.org/10.1109/ICPADS.2011.67

2011-01-01

Abstract:Increasing Internet business and computing footprint motivate server consolidation in data centers. Through virtualization technology, server consolidation can reduce physical hosts and provide scalable services. However, the ineffective memory usage among multiple virtual machines (VMs) becomes the bottleneck in server consolidation environment. Because of inaccurate memory usage estimate and the lack of memory resource managements, there is much service performance degradation in data centers, even though they have occupied a large amount of memory. In order to improve this scenario, we first introduce VM's memory division view and VM's free memory division view. Based on them, we propose a hierarchal memory service mechanism. We have designed and implemented the corresponding memory scheduling algorithm to enhance memory efficiency and achieve service level agreement. The benchmark test results show that our implementation can save 30% physical memory with 1% to 5% performance degradation. Based on Xen virtualization platform and balloon driver technology, our works actually bring dramatic benefits to commercial cloud computing center which is providing more than 2,000 VMs' services to cloud computing users.

Pengfei Zhang,Rui Chu,Huaimin Wang

DOI: https://doi.org/10.1109/SOSE.2013.62

2013-01-01

Abstract:With the increasing number of Internet businesses put in the data center, the great importance of server consolidation and hardware integration are highlighted. Among common hardware resources, the consolidation of memory is one of the classic problems, which has been widely studied. Some of the consolidation technologies, such as memory balloon driver and inter-VM page sharing, have been exploited in commercial virtualization software. But even with the integration of these methods, frequent disk IO introduced by paging mechanism in guest VM might also bring serious performance penalty with thrashing when guest memory usage changes dramatically. In order to reduce this unnecessary overload and guarantee the system performance, this paper proposes Swap Cached, a backend swapped page caching method. Swap Cached is designed to be able to cache the pages swapped from guest VMs in host memory to reduce the disk IO operation as well as effectively balance the memory usage between guests and host. The prototype of Swap Cached has been implemented on Xen platform using the existing memory cache software and virtualization technology. The benchmark results show that this implementation can promote the performance of the whole platform between 10% and 80% under different types of guest applications.

Gangyong Jia,Guangjie Han,Joel J. P. C. Rodrigues,Jaime Lloret,Wei Li

DOI: https://doi.org/10.1109/tcc.2015.2511738

IF: 5.697

2015-01-01

IEEE Transactions on Cloud Computing

Abstract:Both limited main memory size and memory interference are considered as the major bottlenecks in virtualization environments. Memory deduplication, detecting pages with same content and being shared into one single copy, reduces memory requirements; memory partition, allocating unique colors for each virtual machine according to page color, reduces memory interference among virtual machines to improve performance. In this paper, we propose a coordinate memory deduplication and partition approach named CMDP to reduce memory requirement and interference simultaneously for improving performance in virtualization. Moreover, CMDP adopts a lightweight page behavior-based memory deduplication approach named BMD to reduce futile page comparison overhead meanwhile to detect page sharing opportunities efficiently. And a virtual machine based memory partition called VMMP is added into CMDP to reduce interference among virtual machines. According to page color, VMMP allocates unique page colors to applications, virtual machines and hypervisor. The experimental results show that CMDP can efficiently improve performance (by about 15.8 percent) meanwhile accommodate more virtual machines concurrently.

Jingyuan Hu,Xiaokuang Bai,Sai Sha,Yingwei Luo,Xiaolin Wang,Zhenlin Wang

DOI: https://doi.org/10.1145/3240302.3240420

2018-01-01

Abstract:Modern applications running on cloud data centers often consume a large amount of memory and their memory demands can vary during execution. Dynamic memory allocation is a necessity for high memory utilization. For a large dataset application, using hugepages instead of regular 4KB pages can efficiently reduce memory access and memory management overhead and improve overall performance. Virtualization, which is widely applied in data centers for server consolidation, brings new challenges to manage memory dynamically and effectively, especially for hugepages. In a virtualized system, ballooning is a popular mechanism used to dynamically adjust memory allocations for co-located virtual machines. We observe that the current Linux Kernel-Based Virtual Machine (KVM) does not support huge page ballooning. An application that can benefit from hugepages often loses its performance advantage when the guest OS experiences memory ballooning. This paper presents design and implementation of HUB, a HUgepage Ballooning mechanism in KVM which can dispatch memory in the granularity of hugepages. The experimental results show that our approach significantly reduces TLB misses and improves the overall performance for those applications with large memory demand.

Xiaolin Wang,Jiarui Zang,Zhenlin Wang,Yingwei Luo,Xiaoming Li

DOI: https://doi.org/10.1145/2007477.1952710

2011-01-01

Abstract:As virtualization becomes a key technique for supporting cloud computing, much effort has been made to reduce virtualization overhead, so a virtualized system can match its native performance. One major overhead is due to memory or page table virtualization. Conventional virtual machines rely on a shadow mechanism to manage page tables, where a shadow page table maintained by the VMM (Virtual Machine Monitor) maps virtual addresses to machine addresses while a guest maintains its own virtual to physical page table. This shadow mechanism will result in expensive VM exits whenever there is a page fault that requires synchronization between the two page tables. To avoid this cost, both Intel and AMD provide hardware assists, EPT (extended page table) and NPT (nested page table), to facilitate address translation. With the hardware assists, the MMU (Memory Management Unit) maintains an ordinary guest page table that translates virtual addresses to guest physical addresses. In addition, the extended page table as provided by EPT translates from guest physical addresses to host physical or machine addresses. NPT works in a similar style. With EPT or NPT, a guest page fault can be handled by the guest itself without triggering VM exits. However, the hardware assists do have their disadvantage compared to the conventional shadow mechanism -- the page walk yields more memory accesses and thus longer latency. Our experimental results show that neither hardware-assisted paging (HAP) nor shadow paging (SP) can be a definite winner. Despite the fact that in over half of the cases, there is no noticeable gap between the two mechanisms, an up to 34% performance gap exists for a few benchmarks. We propose a dynamic switching mechanism that monitors TLB misses and guest page faults on the fly, and dynam-ically switches between the two paging modes. Our experiments show that this new mechanism can match and, sometimes, even beat the better performance of HAP and SP.

Yang Dang,Liu Haikun,Jin Hai,Zhang Yu

DOI: https://doi.org/10.1007/s11432-019-2729-5

2021-01-01

Science China Information Sciences

Abstract:Emerging non-volatile memory(NVM) technologies promise high density, low cost and dynamic random access memory(DRAM)-like performance, at the expense of limited write endurance and high write energy consumption. It is more practical to use NVM combining with the traditional DRAM. However, the hybrid memory management such as page migration becomes more challenging in a virtualization environment because virtual machines(VMs) are unaware of the memory heterogeneity. In this paper, we propose HMvisor, a hypervisor and VM coordinated hybrid memory management mechanism to better utilize DRAM and NVM resources. HMvisor exposes the memory heterogeneity to VMs by mapping virtual NUMA nodes to different physical NUMA nodes. We propose a lightweight and efficient page migration mechanism by decoupling page hotness tracking from page migration. HMvisor performs those operations in the hypervisor and VMs separately, without disrupting the execution of VMs. We also propose a memory resource trading policy to adjust the capacity of DRAM and NVM for each VM, with the monetary cost unchanged. We implement our prototype system based on QEMU/KVM and evaluate it with several benchmarks. Experimental results show that HMvisor can reduce 50% of write traffic to NVM with less than 5% performance overhead. Moreover, the hybrid memory adjustment scheme in HMvisor can significantly improve application performance by up to 30×.

Sai Sha,Jing-Yuan Hu,Ying-Wei Luo,Xiao-Lin Wang,Zhenlin Wang

DOI: https://doi.org/10.1007/s11390-020-9693-0

IF: 1.871

2020-01-01

Journal of Computer Science and Technology

Abstract:With the rapid increase of memory consumption by applications running on cloud data centers,we need more efficient memory management in a virtualized environment.Exploiting huge pages becomes more critical for a virtual machine's performance when it runs large working set size programs.Programs with large working set sizes are more sensitive to memory allocation,which requires us to quickly adjust the virtual machine's memory to accommodate memory phase changes.It would be much more efficient if we could adjust virtual machines' memory at the granularity of huge pages.However,existing virtual machine memory reallocation techniques,such as ballooning,do not support huge pages.In addition,in order to drive effective memory reallocation,we need to predict the actual memory demand of a virtual machine.We find that traditional memory demand estimation methods designed for regular pages cannot be simply ported to a system adopting huge pages.How to adjust the memory of virtual machines timely and effectively according to the periodic change of memory demand is another challenge we face.This paper proposes a dynamic huge page based memory balancing system (HPMBS) for efficient memory management in a virtualized environment.We first rebuild the ballooning mechanism in order to dispatch memory in the granularity of huge pages.We then design and implement a huge page working set size estimation mechanism which can accurately estimate a virtual machine's memory demand in huge pages environments.Combining these two mechanisms,we finally use an algorithm based on dynamic programming to achieve dynamic memory balancing.Experiments show that our system saves memory and improves overall system performance with low overhead.