Abstract
Symbiotic virtualization is a new approach to system virtualization in which a guest OS targets the native hardware interface as in full system virtualization, but also optionally exposes a software interface that can be used by a VMM, if present, to increase performance and functionality. Neither the VMM nor the OS needs to support the symbiotic virtualization interface to function together, but if both do, both benefit. We describe the design and implementation of the SymCall symbiotic virtualization interface in our publicly available Palacios VMM for modern x86 machines. SymCall makes it possible for Palacios to make clean synchronous upcalls into a symbiotic guest, much like system calls. One use of symcalls is to allow synchronous collection of semantically rich guest data during exit handling in order to enable new VMM features. We describe the implementation of SwapBypass, a VMM service based on SymCall that reconsiders swap decisions made by a symbiotic Linux guest. Finally, we present a detailed performance evaluation of both SwapBypass and SymCall.
- KVM: Kernel-based virtualization driver. White Paper.Google Scholar
- Baiardi, F., and Sgandurra, D. Building trustworthy intrusion detection through vm introspection. In IAS '07: Proceedings of the Third International Symposium on Information Assurance and Security (Washington, DC, USA, 2007), IEEE Computer Society, pp. 209--214. Google Scholar
Digital Library
- Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., and Warfield, A. Xen and the art of virtualization. In 19th ACM Symposium on Operating Systems Principles (SOSP) (October 2003). Google Scholar
Digital Library
- Chen, P. M., and Noble, B. D. When virtual is better than real. In The 8th Workshop on Hot Topics in Operating Systems (HotOS-VIII) (2001). Google Scholar
Digital Library
- Chen, X., Garfinkel, T., Lewis, E. C., Subrahmanyam, P., Waldspurger, C. A., Boneh, D., Dwoskin, J., and Ports, D. R. K. Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '08) (Seattle, WA, USA, Mar. 2008). Google Scholar
Digital Library
- Clark, D. D. The structuring of systems using upcalls. In Proceedings of the tenth ACM symposium on Operating systems principles (SOSP) (1985). Google Scholar
Digital Library
- Garfinkel, T., and Rosenblum, M. A virtual machine introspection based architecture for intrusion detection. In Proc. Network and Distributed Systems Security Symposium (2003), pp. 191--206.Google Scholar
- Gupta, A. Black Box Methods for Inferring Parallel Applications Properties in Virtual Environments. PhD thesis, Northwestern University, Department of Electrical Engineering and Computer Science, March 2008. Google Scholar
Digital Library
- Jones, S. T., Arpaci-Dusseau, A. C., and Arpaci-Dusseau, R. H. Antfarm: tracking processes in a virtual machine environment. In ATEC '06: Proceedings of the annual conference on USENIX '06 Annual Technical Conference (Berkeley, CA, USA, 2006), USENIX Association, pp. 1--1. Google Scholar
Digital Library
- Jones, S. T., Arpaci-Dusseau, A. C., and Arpaci-Dusseau, R. H. Geiger: monitoring the buffer cache in a virtual machine environment. In ASPLOS-XII: Proceedings of the 12th international conference on Architectural support for programming languages and operating systems (2006), pp. 14--24. Google Scholar
Digital Library
- Jones, S. T., Arpaci-Dusseau, A. C., and Arpaci-Dusseau, R. H. Vmm-based hidden process detection and identification using lycosid. In VEE '08: Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments (2008), pp. 91--100. Google Scholar
Digital Library
- Joshi, A., King, S. T., Dunlap, G. W., and Chen, P. M. Detecting past and present intrusions through vulnerability-specific predicates. In SOSP '05: Proceedings of the twentieth ACM symposium on Operating systems principles (New York, NY, USA, 2005), ACM, pp. 91--104. Google Scholar
Digital Library
- Lange, J., Pedretti, K., Dinda, P., Bridges, P., Bae, C., Soltero, P., and Merritt, A. Minimal-overhead virtualization of a large scale supercomputer. In Proceedings of the 2011 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE 2011) (March 2011). Google Scholar
Digital Library
- Lange, J., Pedretti, K., Hudson, T., Dinda, P., Cui, Z., Xia, L., Bridges, P., Gocke, A., Jaconette, S., Levenhagen, M., and Brightwell, R. Palacios and Kitten: New high performance operating systems for scalable virtualized and native supercomputing. In Proceedings of the 24th IEEE International Parallel and Distributed Processing Symposium (IPDPS 2010) (April 2010).Google Scholar
Cross Ref
- Lange, J. R., and Dinda, P. A. Transparent network services via a virtual traffic layer for virtual machines. In In Proceedings of the 16th International Symposium on High Performance Distributed Computing (HPDC) (2007). Google Scholar
Digital Library
- Lange, J. R., Sundararaj, A. I., and Dinda, P. A. Automatic dynamic run-time optical network reservations. In In Proceedings of the 14th IEEE International Symposium on High Performance Distributed Computing (HPDC) (2005), pp. 255--264. Google Scholar
Digital Library
- LeVasseur, J., Uhlig, V., Chapman, M., Chubb, P., Leslie, B., and Heiser, G. Pre-virtualization: soft layering for virtual machines. Technical Report 2006-15, Fakultät für Informatik, Universität Karlsruhe (TH), July 2006.Google Scholar
- McCalpin, J. D. A survey of memory bandwidth and machine balance in current high performance computers. In Newsletter of the IEEE Technical Committee on Computer Architecture (TCCA) (December 1995).Google Scholar
- Parallels Corporation. http://www.parallels.com.Google Scholar
- Plimpton, S. J., Brightwell, R., Vaughan, C., Underwood, K., and Davis, M. A simple synchronous distributed-memory algorithm for the hpcc randomaccess benchmark. In Proceedngs of the IEEE International Conference on Cluster Computing (CLUSTER) (September 2006).Google Scholar
Cross Ref
- Qumranet Corporation. Kvm - kernel-based virtual machine. Tech. rep., 2006. KVM has been incorporated into the mainline Linux kernel codebase.Google Scholar
- Quynh, N. A., and Takefuji, Y. Towards a tamper-resistant kernel rootkit detector. In SAC '07: Proceedings of the 2007 ACM symposium on Applied computing (New York, NY, USA, 2007), ACM, pp. 276--283. Google Scholar
Digital Library
- Stricker, T., and Gross, T. Optimizing memory system performance for communication in parallel computers. In Proceedings of the 22nd annual international symposium on Computer architecture (ISCA) (1995). Google Scholar
Digital Library
- Sundararaj, A. I., Gupta, A., and Dinda, P. A. Increasing application performance in virtual environments through run-time inference and adaptation. In In Proceedings of the 14th IEEE International Symposium on High Performance Distributed Computing (HPDC) (2005). Google Scholar
Digital Library
- VirtualBox. http://www.virtualbox.org.Google Scholar
- Waldsburger, C. Memory resource management in vmware esx server. In Proceedings of the 2002 Symposium on Operating Systems Design and Implementation (OSDI) (2002). Google Scholar
Digital Library
- Whitaker, A., Shaw, M., and Gribble, S. D. Scale and performance in the denali isolation kernel. SIGOPS Oper. Syst. Rev. 36, SI (2002), 195--209. Google Scholar
Digital Library
- Yu, Y., Guo, F., Nanda, S., Lam, L.-c., and Chiueh, T.-c. A feather-weight virtual machine for windows applications. In VEE '06: Proceedings of the 2nd international conference on Virtual execution environments (New York, NY, USA, 2006), ACM, pp. 24--34. Google Scholar
Digital Library
Index Terms
SymCall: symbiotic virtualization through VMM-to-guest upcalls
Recommendations
SymCall: symbiotic virtualization through VMM-to-guest upcalls
VEE '11: Proceedings of the 7th ACM SIGPLAN/SIGOPS international conference on Virtual execution environmentsSymbiotic virtualization is a new approach to system virtualization in which a guest OS targets the native hardware interface as in full system virtualization, but also optionally exposes a software interface that can be used by a VMM, if present, to ...
Xen and the art of virtualization
SOSP '03Numerous systems have been designed which use virtualization to subdivide the ample resources of a modern computer. Some require specialized hardware, or cannot support commodity operating systems. Some target 100% binary compatibility at the expense of ...
Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems
ASPLOS '08Commodity operating systems entrusted with securing sensitive data are remarkably large and complex, and consequently, frequently prone to compromise. To address this limitation, we introduce a virtual-machine-based system called Overshadow that ...







Comments