没有合适的资源?快使用搜索试试~ 我知道了~
1. Directvisor: Virtualization for Bare-metal Cloud 2. Lightweight Kernel Isolat
资源详情
资源评论
资源推荐
一、 系统虚拟化
1. Directvisor: Virtualization for Bare-metal Cloud
Abstract Bare-metal cloud platforms allow customers to rent remote physical servers and install their
preferred operating systems and software to make the best of servers’ raw hardware capabilities. However,
this quest for bare-metal performance compromises cloud manageability. To avoid overheads, cloud
operators cannot install traditional hypervisors that provide common manageability functions such as live
migration and introspection. We aim to bridge this gap between performance, isolation, and manageability
for bare-metal clouds. Traditional hypervisors are designed to limit and emulate hardware access by virtual
machines (VM). In contrast, we propose Directvisor – a hypervisor that maximizes a VM’s ability to
directly access hardware for near-native performance, yet retains hardware control and manageability.
Directvisor goes beyond traditional direct-assigned (passthrough) I/O devices by allowing VMs to directly
control and receive hardware timer interrupts and inter-processor interrupts (IPIs) besides eliminating most
VM exits. At the same time, Directvisor supports seamless (low-downtime) live migration and introspection
for such VMs having direct hardware access.
2. Lightweight Kernel Isolation with Virtualization and VM Functions
Abstract Commodity operating systems execute core kernel subsystems in a single address space along with
hundreds of dynamically loaded extensions and device drivers. Lack of isolation within the kernel implies
that a vulnerability in any of the kernel subsystems or device drivers opens a way to mount a successful
attack on the entire kernel. Historically, isolation within the kernel remained prohibitive due to the high cost
of hardware isolation primitives. Recent CPUs, however, bring a new set of mechanisms. Extended page-
table (EPT) switching with VM functions and memory protection keys (MPKs) provide memory isolation
and invocations across boundaries of protection domains with overheads comparable to system calls.
Unfortunately, neither MPKs nor EPT switching provide architectural support for isolation of privileged
ring 0 kernel code, i.e., control of privileged instructions and well-defined entry points to securely restore
state of the system on transition between isolated domains. Our work develops a collection of techniques for
lightweight isolation of privileged kernel code. To control execution of privileged instructions, we rely on a
minimal hypervisor that transparently deprivileges the system into a non-root VT-x guest. We develop a
new isolation boundary that leverages extended page table (EPT) switching with the VMFUNC instruction.
We define a set of invariants that allows us to isolate kernel components in the face of an intricate execution
model of the kernel, e.g., provide isolation of preemptable, concurrent interrupt handlers. To minimize
overheads of virtualization, we develop support for exitless interrupt delivery across isolated domains. We
evaluate our approach by developing isolated versions of several device drivers in the Linux kernel.
3. Learn-as-you-go with Megh: Efficient Live Migration of Virtual Machines
Abstract—Cloud providers leverage live migration of virtual machines to reduce energy consumption and
allocate resources efficiently in data centers. Each migration decision depends on three questions: when to
move a virtual machine, which virtual machine to move and where to move it? Dynamic, uncertain, and
heterogeneous workloads running on virtual machines make such decisions difficult. Knowledge-based and
heuristics-based algorithms are commonly used to tackle this problem. Knowledge-based algorithms, such
as MaxWeight scheduling algorithms, are dependent on the specifics and the dynamics of the targeted Cloud
architectures and applications. Heuristics-based algorithms, such as MMT algorithms, suffer from high
variance and poor convergence because of their greedy approach. We propose an online reinforcement
learning algorithm called Megh. Megh does not require prior knowledge of the workload rather learns the
dynamics of workloads as-it-goes. Megh models the problem of energy- and performance-efficient resource
management during live migration as a Markov decision process and solves it using a functional
approximation scheme. While several reinforcement learning algorithms are proposed to solve this problem,
these algorithms remain confined to the academic realm as they face the curse of dimensionality. They are
either not scalable in real-time, as it is the case of MadVM, or need an elaborate offline training, as it is the
case of Q-learning. These algorithms often incur execution overheads which are comparable with the
migration time of a VM. Megh overcomes these deficiencies. Megh uses a novel dimensionality reduction
scheme to project the combinatorially explosive state-action space to a polynomial dimensional space with a
sparse basis. Megh has the capacity to learn uncertain dynamics and the ability to work in real-time without
incurring significant execution overhead. Megh is both scalable and robust. We implement Megh using the
CloudSim toolkit and empirically evaluate its performance with the PlanetLab and the Google Cluster
workloads. Experiments validate that Megh is more cost-effective, converges faster, incurs smaller
execution overhead and is more scalable than MadVM and MMT. An empirical sensitivity analysis
explicates the choice of parameters in experiments.
4. Optimizing Live Migration of Multiple Virtual Machines
Abstract—The Cloud computing paradigm is enabling innovative and disruptive services by allowing
enterprises to lease computing, storage and network resources from physical infrastructure owners. This
shift in infrastructure management responsibility has brought new revenue models and new challenges to
Cloud providers. One of those challenges is to efficiently migrate multiple virtual machines (VMs) within
the hosting infrastructure with minimum service interruptions. In this paper we first present a live-migration
performance testing, captured on a production-level Linux-based virtualization platform, that motivates the
need for a better multi-VM migration strategy. We then propose a geometric programming model whose
goal is to optimize the bit rate allocation for the live-migration of multiple VMs and minimize the total
migration time, defined as a tradeoff cost function between user-perceived downtime and resource
utilization time. By solving our geometric program we gained qualitative and quantitative insights on the
design of more efficient solutions for multi-VM live migrations. We found that merely few transferring
rounds of dirty memory pages are enough to significantly lower the total migration time. We also
demonstrated that, under realistic settings, the proposed method converges sharply to an optimal bit rate
assignment, making our approach a viable solution for improving current live-migration implementations.
5. Scatter-Gather Live Migration of Virtual Machines
Abstract—We introduce a new metric for live migration of virtual machines (VM) called eviction time
defined as the time to evict the state of one or more VMs from the source host. Eviction time determines
how quickly the source can be taken offline or its resources repurposed for other VMs. In traditional live
migration, such as pre-copy and post-copy, eviction time equals the total migration time because the source
is tied up until the destination receives the entire VM. We present Scatter-Gather live migration which
decouples the source and destination during migration to reduce eviction time when the destination is slow.
The source scatters the memory of VMs to multiple nodes, including the destination and one or more
intermediaries. Concurrently, the destination gathers the VMs’ memory from the intermediaries and the
source. Thus eviction from the source is no longer bottlenecked by the reception speed of the destination.
We support simultaneous live eviction of multiple VMs and exploit deduplication to reduce network
overhead. Our Scatter-Gather implementation in the KVM/QEMU platform reduces the eviction time by up
to a factor of 6 against traditional pre-copy and post-copy while maintaining comparable total migration
time when the destination is slower than the source.
6. Securing Time in Untrusted Operating Systems with TimeSeal
Abstract—An accurate sense of elapsed time is essential for the safe and correct operation of hardware,
software, and networked systems. Unfortunately, an adversary can manipulate the system’s time and violate
causality, consistency, and scheduling properties of underlying applications. Although cryptographic
techniques are used to secure data, they cannot ensure time security as securing a time source is much more
challenging, given that the result of inquiring time must be delivered in a timely fashion. In this paper, we
first describe general attack vectors that can compromise a system’s sense of time. To counter these attacks,
we propose a secure time architecture, TIMESEAL that leverages a Trusted Execution Environment (TEE)
to secure time-based primitives. While CPU security features of TEEs secure code and data in protected
memory, we show that time sources available in TEE are still prone to OS attacks. TIMESEAL puts forward
a high-resolution time source that protects against the OS delay and scheduling attacks. Our TIMESEAL
prototype is based on Intel SGX and provides sub-millisecond (msec) resolution as compared to 1-second
resolution of SGX trusted time. It also securely bounds the relative time accuracy to msec under OS attacks.
In essence, TIMESEAL provides the capability of trusted timestamping and trusted scheduling to critical
applications in the presence of a strong adversary. It delivers all temporal use cases pertinent to secure
sensing, computing, and actuating in networked systems
7. Using Intel SGX to Protect Authentication Credentials in an Untrusted Operating System
Abstract—An important principle in computational security is to reduce the attack surface, by maintaining
the Trusted Computing Base (TCB) small. Even so, no security technique ensures full protection against any
adversary. Thus, sensitive applications should be designed with several layers of protection so that, even if a
layer might be violated, sensitive content will not be compromised. In 2015, Intel released the Software
Guard Extensions (SGX) technology in its processors. This mechanism allows applications to allocate
enclaves, which are private memory regions that can hold code and data. Other applications and even
privileged code, like the OS kernel and the BIOS, are not able to access enclaves’ contents. This paper
presents a novel password file protection scheme, which uses Intel SGX to protect authentication credentials
in the PAM authentication framework, commonly used in UNIX systems. We defined and implemented an
SGX-enabled version of the pam_unix.so authentication module, called UniSGX. This module uses an SGX
enclave to handle the credentials informed by the user and to check them against the password file. To add
an extra security layer, the password file is stored using SGX sealing. A threat model was proposed to assess
the security of the proposed solution. The obtained results show that the proposed solution is secure against
the threat model considered, and that its performance overhead is acceptable from the user point of view.
The scheme presented here is also suitable to other authentication frameworks.
8. Dynamic VM Scaling: Provisioning and Pricing through an Online Auction
Abstract—Today’s IaaS clouds allow dynamic scaling of VMs allocated to a user, according to real-time
demand of the user. There are two types of scaling: horizontal scaling (scale-out) by allocating more VM
instances to the user, and vertical scaling (scale-up) by boosting resources of VMs owned by the user. It has
been a daunting issue how to efficiently allocate the resources on physical servers to meet the scaling
demand of users on the go, which achieves the best server utilization and user utility. An accompanying
critical challenge is how to effectively charge the incremental resources, such that the economic benefits of
both the cloud provider and cloud users are guaranteed. There has been online auction design dealing with
dynamic VM provisioning, where the resource bids are not related to each other, failing to handle VM
scaling where later bids may rely on earlier bids of the same user. As the first in the literature, this paper
designs an efficient, truthful online auction for resource provisioning and pricing in the practical cases of
dynamic VM scaling, where: (i) users bid for customized VMs to use in future durations, and can bid again
in the following time to increase resources, indicating both scale-up and scale-out options; (ii) the cloud
provider packs the demanded VMs on heterogeneous servers for energy cost minimization on the go. We
carefully design resource prices maintained for each type of resource on each server to achieve threshold-
based online allocation and charging, as well as a novel competitive analysis technique based on
submodularity of the offline objective, to show a good competitive ratio is achieved. The efficacy of the
online auction is validated through solid theoretical analysis and trace-driven simulations.
9. A new cost-effective mechanism for VM-to-user mapping in cloud data centers
Attracting customers through reward programs is the primary key success for customer-oriented
organizations. One of the most famous customer reward programs is applying price discount. In our
negotiation-based cloud resource allocation problem, discount price is offered based on both status of a
provider and behavior (or loyalty class) of a customer. That is, a resource customer who has appropriate
buying behavior and negotiates for resource type instances with high necessity to sell is deserved to receive
high price discount from provider. To do this, first, three customer’s loyalty classes are defined and
customers are classified into theses classes in terms of their previous buying behavior using fuzzy system in
name FCLCDS. Second, another fuzzy system in name FNTSVMTDS is designed to determine the value of
necessity to sell resource type. The outputs of FCLCDS and FNTSVMTDS are called Loyalty Class (LC)
and Necessity to Sell VM Type (NtSVMT), respectively. Finally, a fuzzy system in name FDCDS is
proposed to determine the discount coefficient based on both LC and NtSVMT inputs. Furthermore,
appropriate times for calculating/re-calculating the discount coefficients that are applied by a resource
provider to relax its counter-offers are calculated. We perform extensive simulation experiments to compare
our designed negotiator in name FDMDA with MDA and FNSSA. The results show that our designed
FDMDA outperforms MDA and FNSSA.
10. CrashTuner: Detecting Crash-Recovery Bugs in Cloud Systems via Meta-Info Analysis
Abstract Crash-recovery bugs (bugs in crash-recovery-related mechanisms ) are among the most severe bugs
in cloud systems and can easily cause system failures. It is notoriously difficult to detect crash-recovery
bugs since these bugs can only be exposed when nodes crash under special timing conditions. This paper
presents CrashTuner, a novel fault-injection testing approach to combat crash-recovery bugs. The novelty of
CrashTuner lies in how we identify fault-injection points (crash points) that are likely to expose errors. We
observe that if a node crashes while accessing meta-info variables, i.e., variables referencing high-level
system state information (e.g., an instance of node or task), it often triggers crash-recovery bugs. Hence, we
identify crash points by automatically inferring meta-info variables via a log-based static program analysis.
Our approach is automatic and no manual specification is required. We have applied CrashTuner to five
representative distributed systems: Hadoop2/Yarn, HBase, HDFS, ZooKeeper, and Cassandra. CrashTuner
can finish testing each system in 17.39 hours, and reports 21 new bugs that have never been found before.
All new bugs are confirmed by the original developers and 16 of them have already been fixed (14 with our
patches). These new bugs can cause severe damages such as cluster down or start-up failures.
11. Model-Switching: Dealing with Fluctuating Workloads in Machine-Learning-as-a-Service
Systems
Machine learning (ML) based prediction models, and especially deep neural networks (DNNs) are
increasingly being served in the cloud in order to provide fast and accurate inferences. However, existing
service ML serving systems have trouble dealing with fluctuating workloads and either drop requests or
significantly expand hardware resources in response to load spikes. In this paper, we introduce Model-
Switching, a new approach to dealing with fluctuating workloads when serving DNN models. Motivated by
the observation that endusers of ML primarily care about the accuracy of responses that are returned within
the deadline (which we refer to as effective accuracy), we propose to switch from complex and highly
accurate DNN models to simpler but less accurate models in the presence of load spikes. We show that the
flexibility introduced by enabling online model switching provides higher effective accuracy in the presence
of fluctuating workloads compared to serving using any single model. We implement Model-Switching
within Clipper, a state-of-art DNN model serving system, and demonstrate its advantages over baseline
approaches.
12. Rethinking Isolation Mechanisms for Datacenter Multitenancy
In theory, trusted execution environments like SGX are promising approaches for isolating datacenter
tenants. In practice, the associated hardware primitives suffer from three major problems: side channels
induced by microarchitectural co-tenancy; weak guarantees for post-load software integrity; and opaque
hardware implementations which prevent third-party security auditing. We explain why these limitations are
so problematic for datacenters, and then propose a new approach for trusted execution. This approach, called
IME (Isolated Monitor Execution) provides SGX-style memory encryption, but strictly prevents
microarchitectural co-tenancy of secure and insecure code. IME also uses a separate, microarchitecturally-
isolated pipeline to run dynamic security checks on monitored code, enabling post-load monitoring for
security invariants like CFI or type safety. Finally, an IME processor exports a machine-readable description
of its microarchitectural implementation, allowing tenants to reason about the security properties of a
particular IME instance.
13. More IOPS for Less: Exploiting Burstable Storage in Public Clouds
Burstable storage is a public cloud feature that enhances cloud storage volumes with credits that can be used
to boost performance temporarily. These credits can be exchanged for increased storage throughput, for a
short period of time, and are replenished over time. We examine how burstable storage can be leveraged to
reduce cost and/or improve performance for three use cases with different data-longevity requirements:
traditional persistent storage, caching, and ephemeral storage. Although cloud storage volumes are typically
priced by capacity, we find that each AWS gp2 volume starts with the same number of burst credits.
Exploiting that fact, we find that aggressive interchanging of large numbers of small short-term volumes can
increase IOPS by up to 100× at a cost increase of only 10–40%. Compared to an AWS io1 volume
provisioned for the same performance, such interchanging reduces cost by 97.5%.
14. JACKPOT: Online Experimentation of Cloud Microservices
Online experimentation is an agile software development practice, which plays a central role in enabling
rapid innovation. It helps shorten code delivery cycles, which is critical for companies to survive in a
competitive software-driven market. Recent advances in cloud computing, including the maturity of
container-based technologies and cloud infrastructure, as well as the advent of service meshes, have created
an opportunity to broaden the scope of online experimentation and further increase developers’ agility. In
this paper, we propose a novel formulation for online experimentation of cloud applications which
generalizes traditional approaches applied to web and mobile applications by incorporating the unique
challenges posed by cloud environments. To enable practitioners to apply our formulation, we develop and
present JACKPOT, a system for online cloud experimentation in the presence of multiple interacting
microservices. We discuss an initial prototype of JACKPOT along with a preliminary evaluation of this
prototype based on experiments on a public container cloud.
剩余28页未读,继续阅读
英次
- 粉丝: 20
- 资源: 306
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 微信小程序实现MBTI职业性格测试、霍兰德职业兴趣测试
- 单片机C语言案例教程习题解答.doc
- 手势识别检测数据集VOC+YOLO格式778张7类别.zip
- python代码利用turtle库生成爱心代码
- 单片机与GPRS模块通讯开发的注意事项.doc
- 单片机其应用技术(C语言版)考试题二.doc
- 狗鼻子检测数据集VOC+YOLO格式3099张1类别.zip
- .arch4位0.36寸共阳数码管(带时钟点、不带小数点)引脚图-请忽略图中尺寸.jpg
- 基于单片机430采集电容极板的电容值,并通过蓝牙传输到安卓端,安卓端负责接收蓝牙数据及可视化显示(OpenGL ES)
- 2,标准例程-HAL库版本.zip
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论0