Abstract

When considering a hypervisor, cloud providers must balance conflicting requirements for simple, secure code bases with more complex, feature-filled offerings. This paper introduces Dichotomy, a new two-layer cloud architecture in which the roles of the hypervisor are split. The cloud provider runs a lean hyperplexor that has the sole task of multiplexing hardware and running more substantial hypervisors (called featurevisors) that implement features. Cloud users choose featurevisors from a selection of lightly-modified hypervisors potentially offered by third-parties in an "as-a-service" model for each VM. Rather than running the featurevisor directly on the hyperplexor using nested virtualization, Dichotomy uses a new virtualization technique called eemeral virtualization which efficiently (and repeatedly) transfers control of a VM between the hyperplexor and featurevisor using memory mapping techniques. Nesting overhead is only incurred when the VM is accessed by the featurevisor. We have implemented Dichotomy in KVM/QEMU and demonstrate average switching times of 80 ms, two to three orders of magnitude faster than live VM migration. We show that, for the featurevisor applications we evaluated, VMs hosted in Dichotomy deliver up to 12% better performance than those hosted on nested hypervisors, and continue to show benefit even when the featurevisor applications run as often as every 2.5~seconds.
- AMD Virtualization (AMD-V). http://www.amd.com/us/solutions/servers/virtualization.Google Scholar
- A. Arcangeli, I. Eidus, and C. Wright. Increasing memory density by using ksm. In Proc. of Linux Symposium, Ottawa, Canada, July 2009.Google Scholar
- S. F. Barrett and D. J. Pack. Microcontrollers Fundamentals for Engineers and Scientists, chapter 4, pages 51--64. Morgan & Claypool Publishers, San Rafael, CA, July 2006.Google Scholar
- G. Belpaire and N.-T. Hsu. Formal properties of recursive virtual machine architectures. In Proc. of ACM SOSP, Austin, TX, pages 89--96, Nov. 1975.Google Scholar
Digital Library
- M. Ben-Yehuda, M. D. Day, Z. Dubitzky, M. Factor, N. Har'El, A. Gordon, A. Liguori, O. Wasserman, and B.-A. Yassour. The turtles project: Design and implementation of nested virtualization. In Proc. of USENIX OSDI, Vancouver, Canada, Oct. 2010.Google Scholar
Digital Library
- S. Butt, H. A. Lagar-Cavilla, A. Srivastava, and V. Ganapathy. Self-service cloud computing. In Proc. of ACM CCS, Raleigh, NC, pages 253--264, Oct. 2012.Google Scholar
Digital Library
- H. Chen, R. Chen, F. Zhang, B. Zang, and P. Yew. Live updating operating systems using virtualization. In Proc. of ACM VEE, Ottawa, Canada, June 2006.Google Scholar
Digital Library
- H. Chen, R. Chen, F. Zhang, B. Zang, and P.-C. Yew. Mercury: Combining performance with dependability using self-virtualization. In Proc. of IEEE ICPP, Xi'an, China, Sept. 2007.Google Scholar
Digital Library
- C. Clark, K. Fraser, S. Hand, J. G. Hansen, E. Jul, C. Limpach, I. Pratt, and A. Warfield. Live Migration of Virtual Machines. In Proc. of USENIX NSDI, Boston, MA, May 2005.Google Scholar
Digital Library
- P. Colp, M. Nanavati, J. Zhu, W. Aiello, G. Coker, T. Deegan, P. Loscocco, and A. Warfield. Breaking up is hard to do: Security and functionality in a commodity hypervisor. In Proc. of ACM SOSP, Cascais, Portugal, Oct. 2011.Google Scholar
Digital Library
- B. Cully, G. Lefebvre, D. Meyer, M. Feeley, N. Hutchinson, and A. Warfield. Remus: high availability via asynchronous virtual machine replication. In Proc. of USENIX NSDI, San Francisco, CA, Apr. 2008.Google Scholar
Digital Library
- A. Dinaburg, P. Royal, M. Sharif, and W. Lee. Ether: malware analysis via hardware virtualization extensions. In Proc. of ACM CCS, pages 51--62, 2008.Google Scholar
Digital Library
- G. W. Dunlap, S. T. King, S. Cinar, M. A. Basrai, and P. M. Chen. ReVirt: Enabling intrusion analysis through virtual-machine logging and replay. In Proc. of USENIX OSDI, Boston, MA, Dec. 2002.Google Scholar
Cross Ref
- B. Ford, M. Hibler, J. Lepreau, P. Tullmann, G. Back, and S. Clawson. Microkernels meet recursive virtual machines. In Proc. of USENIX OSDI, Seattle, WA, Oct. 1996.Google Scholar
- T. Garfinkel and M. Rosenblum. A virtual machine introspection based architecture for intrusion detection. In Proc. of NDSS Symposium, San Diego, CA, Feb. 2003.Google Scholar
- A. Graf and J. Roedel. Nesting the virtualized world. In Linux Plumbers Conference, Portland, OR, Sept. 2009.Google Scholar
- D. Gupta, S. Lee, M. Vrable, S. Savage, A. C. Snoeren, G. Varghese, G. M. Voelker, and A. Vahdat. Difference engine: Harnessing memory redundancy in virtual machines. In Proc. of USENIX OSDI, San Diego, CA, Dec. 2008.Google Scholar
Digital Library
- M. Hines and K. Gopalan. Post-copy based live virtual machine migration using adaptive pre-paging and dynamic self-ballooning. In Proc. of ACM VEE, Washington, DC, Mar. 2009.Google Scholar
Digital Library
- A. Ho, M. Fetterman, C. Clark, A. Warfield, and S. Hand. Practical taint-based protection using demand emulation. In Proc. of ACM EuroSys, Leuven, Belgium, Apr. 2006.Google Scholar
Digital Library
- Intel 64 and IA-32 Architectures. Software Developer's Manual, Combined Volumes: 1, 2A, 2B, 2C, 3A, 3B, 3C and 3D. http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf.Google Scholar
- A. Kivity, Y. Kamay, D. Laor, U. Lublin, and A. Liguori. KVM: the linux virtual machine monitor. In Proc. of Linux Symposium, Ottawa, Canada, June 2007.Google Scholar
- C. Kolivas. Kernbench: http://ck.kolivas.org/apps/kernbench/kernbench-0.50/.Google Scholar
- T. Kooburat and M. Swift. The best of both worlds with on-demand virtualization. In Proc. of USENIX HOTOS, Napa, CA, May 2011.Google Scholar
- K. Kourai and S. Chiba. HyperSpector: Virtual Distributed Monitoring Environments for Secure Intrusion Detection. In Proc. of ACM VEE, Chicago, IL, June 2005.Google Scholar
Digital Library
- J. Levon. OProfile: System-wide profiler for Linux systems, http://oprofile.sourceforge.net/about/.Google Scholar
- D. E. Lowell, Y. Saito, and E. J. Samberg. Devirtualizable virtual machines enabling general, single-node, online maintenance. In Proc. of ACM ASPLOS, Boston, MA, Oct. 2004.Google Scholar
Digital Library
- A. C. Macdonell. Shared-memory optimizations for virtual machines. D thesis, University of Alberta, Edmonton, Canada, 2011.Google Scholar
- D. G. Murray, G. Milos, and S. Hand. Improving xen security through disaggregation. In Proc. of ACM VEE, Seattle, WA, Mar. 2008.Google Scholar
Digital Library
- G. Natapov. Nested EPT to make nested VMX faster. In KVM Forum, Edinburgh, UK, Oct. 2013.Google Scholar
- Netperf. http://www.netperf.org/netperf/.Google Scholar
- D. L. Osisek, K. M. Jackson, and P. H. Gum. ESA/390 interpretive-execution architecture, foundation for VM/ESA. IBM Systems Journal, 30 (1): 34--51, Feb. 1991.Google Scholar
Digital Library
- B. D. Payne, M. Carbone, M. Sharif, and W. Lee. Lares: An architecture for secure active monitoring using virtualization. In IEEE Symposium on Security and Privacy, Oakland, CA, pages 233--247, May 2008.Google Scholar
Digital Library
- RedHat CloudForms. http://www.redhat.com/en/technologies/cloud-computing/cloudforms.Google Scholar
- R. Riley, X. Jiang, and D. Xu. Guest-transparent prevention of kernel rootkits with VMM-based memory shadowing. In Recent Advances in Intrusion Detection, Boston, MA, pages 1--20, Sept. 2008.Google Scholar
Cross Ref
- U. Steinberg and B. Kauer. Nova: A microhypervisor-based secure virtualization architecture. In Proc. of EuroSys, Paris, France, pages 209--222, 2010.Google Scholar
Digital Library
- S. Suneja, C. Isci, V. Bala, E. de Lara, and T. Mummert. Non-intrusive, out-of-band and out-of-the-box systems monitoring in the cloud. In SIGMETRICS'14, Austin, TX, 2014.Google Scholar
Digital Library
- uikys, and Ziberkas]toldinas2009rootkitJ. Toldinas, D. Rudzika, V.vStuikys, and G. Ziberkas. Rootkit detection experiment within a virtual environment. Electronics and Electrical Engineering--Kaunas: Technologija, (8): 104, 2009.Google Scholar
- R. Uhlig, G. Neiger, D. Rodgers, A. Santoni, F. Martins, A. Anderson, S. Bennett, A. Kagi, F. Leung, and L. Smith. Intel virtualization technology. Computer, 38 (5): 48--56, 2005.Google Scholar
Digital Library
- vmitools. https://code.google.com/p/vmitools/.Google Scholar
- VMware, Inc. Virtual Machine to ysical Machine Migration. http://www.vmware.com/support/v2p/doc/V2P_TechNote.pdf, 2004.Google Scholar
- VMware, Inc. VMware Converter User's Manual. http://www.vmware.com/pdf/VMware_Converter_manual.pdf, 2006.Google Scholar
- VMWare vRealize. https://www.vmware.com/products/vrealize-suite.Google Scholar
- Volatility Framework. http://code.google.com/p/volatility/.Google Scholar
- C. A. Waldspurger. Memory resource management in VMware ESX server. In Proc. of USENIX OSDI, Boston, MA, Dec. 2002.Google Scholar
Digital Library
- J. Wang, K.-L. Wright, and K. Gopalan. XenLoop: a transparent high performance inter-VM network loopback. In Proc. of ACM HPDC, Boston, MA, pages 109--118, June 2008.Google Scholar
Digital Library
- O. Wasserman. Nested Virtualization: Shadow Turtles. In KVM Forum, Edinburgh, UK, Oct. 2013.Google Scholar
- D. Williams, H. Jamjoom, and H. Weatherspoon. The Xen-Blanket: Virtualize once, run everywhere. In EuroSys, Bern, Switzerland, Apr. 2012.Google Scholar
Digital Library
- Xen Cloud Platform. http://wiki.xenproject.org/wiki/XCP\_Overview.Google Scholar
- F. Zhang, J. Chen, H. Chen, and B. Zang. CloudVisor: Retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In Proc. of ACM SOSP, Cascais, Portugal, Oct. 2011.Google Scholar
Digital Library
Index Terms
Enabling Efficient Hypervisor-as-a-Service Clouds with Ephemeral Virtualization
Recommendations
Enabling Efficient Hypervisor-as-a-Service Clouds with Ephemeral Virtualization
VEE '16: Proceedings of the12th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution EnvironmentsWhen considering a hypervisor, cloud providers must balance conflicting requirements for simple, secure code bases with more complex, feature-filled offerings. This paper introduces Dichotomy, a new two-layer cloud architecture in which the roles of the ...
Architectural support for hypervisor-secure virtualization
ASPLOS '12Virtualization has become a standard part of many computer systems. A key part of virtualization is the all-powerful hypervisor which manages the physical platform and can access all of its resources, including memory assigned to the guest virtual ...
Enabling Instantaneous Relocation of Virtual Machines with a Lightweight VMM Extension
CCGRID '10: Proceedings of the 2010 10th IEEE/ACM International Conference on Cluster, Cloud and Grid ComputingWe are developing an efficient resource management system with aggressive virtual machine (VM) relocation among physical nodes in a data center. Existing live migration technology, however, requires a long time to change the execution host of a VM, it ...







Comments