Label-based Defenses Against Side Channel Attacks in PaaS Cloud Infrastructure
|
|
- Jessica Austin
- 5 years ago
- Views:
Transcription
1 Label-based Defenses Against Side Channel Attacks in PaaS Cloud Infrastructure Read Sprabery, Konstantin Evchenko, Abhilash Raj*, Shivana Wanjara*, Sibin Mohan, Rakesh Bobba*, Roy H. Campbell University of Illinois at Urbana-Champaign *Oregon State University
2 Why do we care? Fi r st at t empt s t o ext r act sensi t i ve i nf or mat i on go back i n 2005 Thi s wor k has been ext ended i n many ways I n 2012, cache si de channel hel ped t o ext ract a secret key across VMs I n 2014, t he at t ack was successful l y demonst rat ed i n a publ i c cl oud 2
3 Focus CPU Cac he- based S a me - cor e Cr o s s - cor e No t CPU Ca c h e - based ( Ne t wo r k, Di sk, et c) Pr i me+pr obe Si de Channel s i n Cl oud 3
4 Background: Modern Cache Architecture Cor e 0 Cor e 1 Cor e 2 Cor e 3 L1- I L1- D L1- I L1- D L1- I L1- D L1- I L1- D L2 L2 L2 L2 CPU L3 L3 L2 L1 Li ne 1 Li ne 2 Li ne 3 Li ne 4 0x x4005A6 0x4005E6 0x Li ne N 0x Cache 64 Byt es Memor y 4
5 Background: Cache Allocation Technology Cache Li ne Cache Li ne Cache Li ne Cache Li ne Cache Set Cache Li ne Cache Li ne Cache Li ne Cache Li ne Cache Set Cache Li ne Cache Li ne Cache Li ne Cache Li ne Cache Set Cache Li ne Cache Li ne Cache Li ne Cache Li ne Cache Set Co r e 1 Co r e 2 Co r e 3 Cache Way Cache Way Cache Way Cache Way Mi s s CAT Partition CAT Partition Hi t 5
6 Background: Attack Example if (!key[i]) access( ) Core 1 (Victim) Core 2 (Attacker) if ( key[ i ] ) access( ) while (1) { access( ) //prime access( ) i dl e( ) //let victim run t i me_access( ) / / pr obe t i me_access( ) } Cache Set Cache Set Cache Set Cache Set Cache Set Cache Set Cache Set Cache Set LLC Memor y 6
7 Background: Linux Containers App App App App VM1 VM2 App App App Container 1 Container 2 Container 3 Hypervisor Linux OS Node Node Just a process within the kernel Isolated with cgroups and namespaces Scheduled by default Linux scheduler 7
8 Initial System Design Secure partition per core is expensive, stay tuned 8
9 Introducing labels Or gani zat i on 1 Organization 2 No t r ust Tr us t Tr us t Tr ust ed Ker nel 9
10 Mitigation: Naive Approach App 1 App 2 App 3 App 4 Co r e 1 Cache Par t i t i on 1 ( Shar ed) Ti me App 4 App 1 App 3 App 4 Co r e 2 Or gani zat i on 1 Ap p Or gani zat i on 2 Ap p Or gani zat i on 3 Ap p App 1 App 2 App 4 App 3 Co r e 3 Fl ushi ng t he cache el i mi nat es i nf or mat i on l eak By usi ng CAT we assi gn smal l er par t i t i on t o secur i t y- sensi t i ve apps Fl ushi ng smal l er par t i t i on r educes over head Cache Par t i t i on 2 ( Pr ot ect ed) Or gani zat i on 1 Ap p Or gani zat i on 2 Ap p Or gani zat i on 3 Ap p LLC Fl us h 10
11 Mitigation: Improved Approach Ti me App 1 App 2 App 3 App 4 App 2 App 3 App 4 Core 3 Core 4 Cache Par t i t i on 2 ( Pr ot ect ed) Organization 1 App Organization 2 App Organization 3 App LLC Flush Gang-schedule apps from the same organization Reduces the number of flushes Potentially increases idling (workload-dependent) 11
12 Implementation: Cgroup Hierarchy Root Cgr oup Or g Cgr oups Cont ai ner Cgr oups Ta s ks 12
13 Follow-the-leader Algorithm Ti me Cor e 1 ( Leader ) Cor e 2 ( Fol l ower ) Gang Or der Pick Gang Ker nel Round Over Ker nel LLC Flush Ac k New Round Pick Gang Ker nel Round Over Ker nel LLC Flush Ac k New Round Ker nel Pick Gang Ker nel Round Over Ker nel Ac k New Round 13
14 Challenges Reducing the idle time Minimizing flushing overhead Improving synchronization overhead Reducing amount of gang switches Improving fairness Scalability to the number of cores in secure partitions 14
15 Initial results 15
16 Complementary work Container Live Migration recently introduced by: Virtuozzo runc Jelastic Possible to combine the approach with Nomad 16
17 Future Work Improve the cost of synchronization Move to lazy-per-core gang changing Using advanced features of CAT Dynamically change cache partitions No leader is needed Significantly reduces synchronization Extend Docker framework for Flush+Reload mitigation Extensive performance evaluation 17
18 Discussion Pros Transparent to apps Non-secure apps are not affected (almost) Easy to deploy Secure by design (not probabilistic defense) Cons Requires the notion of organization Requires separating apps (secure/nonsecure) Requires CAT Potential overheads for secure apps 18
Cauldron: A Framework to Defend Against Cache-based Side-channel Attacks in Clouds
Cauldron: A Framework to Defend Against Cache-based Side-channel Attacks in Clouds Mohammad Ahmad, Read Sprabery, Konstantin Evchenko, Abhilash Raj, Dr. Rakesh Bobba, Dr. Sibin Mohan, Dr. Roy Campbell
More informationIBM Bluemix compute capabilities IBM Corporation
IBM Bluemix compute capabilities After you complete this section, you should understand: IBM Bluemix infrastructure compute options Bare metal servers Virtual servers IBM Bluemix Container Service IBM
More informationEE 660: Computer Architecture Cloud Architecture: Virtualization
EE 660: Computer Architecture Cloud Architecture: Virtualization Yao Zheng Department of Electrical Engineering University of Hawaiʻi at Mānoa Based on the slides of Prof. Roy Campbell & Prof Reza Farivar
More informationNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration
Nomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar Michael K. Reiter Co-residency side-channel attacks in clouds Stealing secrets (e.g., keys) VM VM
More informationVirtual Machines Disco and Xen (Lecture 10, cs262a) Ion Stoica & Ali Ghodsi UC Berkeley February 26, 2018
Virtual Machines Disco and Xen (Lecture 10, cs262a) Ion Stoica & Ali Ghodsi UC Berkeley February 26, 2018 Today s Papers Disco: Running Commodity Operating Systems on Scalable Multiprocessors, Edouard
More informationVirtual Machine Virtual Machine Types System Virtual Machine: virtualize a machine Container: virtualize an OS Program Virtual Machine: virtualize a process Language Virtual Machine: virtualize a language
More informationSecure Hierarchy-Aware Cache Replacement Policy (SHARP): Defending Against Cache-Based Side Channel Attacks
: Defending Against Cache-Based Side Channel Attacks Mengjia Yan, Bhargava Gopireddy, Thomas Shull, Josep Torrellas University of Illinois at Urbana-Champaign http://iacoma.cs.uiuc.edu Presented by Mengjia
More informationTEN LAYERS OF CONTAINER SECURITY. Kirsten Newcomer Security Strategist
TEN LAYERS OF CONTAINER SECURITY Kirsten Newcomer Security Strategist WHAT ARE CONTAINERS? Containers change how we develop, deploy and manage applications INFRASTRUCTURE Sandboxed application processes
More informationmapreduceclass.r carolinaalvesdelimasalge Fri Nov 18 15:42:
mapreduceclass.r carolinaalvesdelimasalge Fri Nov 18 15:42:46 2016 # cr eat e a li st of 10 i nt eger s i nt s
More informationvcache: Architectural Support for Transparent and Isolated Virtual LLCs in Virtualized Environments
vcache: Architectural Support for Transparent and Isolated Virtual LLCs in Virtualized Environments Daehoon Kim *, Hwanju Kim, Nam Sung Kim *, and Jaehyuk Huh * University of Illinois at Urbana-Champaign,
More informationNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration
Nomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar Michael K. Reiter Context: Infrastructure-as-a-Service Clouds Client API Cloud Controller Machine
More informationSOFT CONTAINER TOWARDS 100% RESOURCE UTILIZATION ACCELA ZHAO, LAYNE PENG
SOFT CONTAINER TOWARDS 100% RESOURCE UTILIZATION ACCELA ZHAO, LAYNE PENG 1 WHO ARE THOSE GUYS Accela Zhao, Technologist at EMC OCTO, active Openstack community contributor, experienced in cloud scheduling
More informationDeployment Patterns using Docker and Chef
Deployment Patterns using Docker and Chef Sandeep Chellingi Sandeep.chellingi@prolifics.com Agenda + + Rapid Provisioning + Automated and Managed Deployment IT Challenges - Use-cases What is Docker? What
More informationSystem-Level Protection Against Cache-Based Side Channel Attacks in the Cloud. Taesoo Kim, Marcus Peinado, Gloria Mainar-Ruiz
System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus Peinado, Gloria Mainar-Ruiz MIT CSAIL Microsoft Research Security is a big concern in cloud adoption Why
More informationParallels Virtuozzo Containers
Parallels Virtuozzo Containers White Paper More Efficient Virtualization Management: Templates www.parallels.com Version 2.0 Table of Contents Table of Contents... 2 OS, Middleware or VM Sprawl... 3 Why
More informationComputer Architecture Lecture 13: Virtual Memory II
18-447 Computer Architecture Lecture 13: Virtual Memory II Lecturer: Rachata Ausavarungnirun Carnegie Mellon University Spring 2014, 2/17/2014 (with material from Onur Mutlu, Justin Meza and Yoongu Kim)
More informationXen and the Art of Virtualization. CSE-291 (Cloud Computing) Fall 2016
Xen and the Art of Virtualization CSE-291 (Cloud Computing) Fall 2016 Why Virtualization? Share resources among many uses Allow heterogeneity in environments Allow differences in host and guest Provide
More informationWindows Azure Services - At Different Levels
Windows Azure Windows Azure Services - At Different Levels SaaS eg : MS Office 365 Paas eg : Azure SQL Database, Azure websites, Azure Content Delivery Network (CDN), Azure BizTalk Services, and Azure
More informationPrivate Cloud Database Consolidation Alessandro Bracchini Sales Consultant Oracle Italia
Private Cloud Database Consolidation Alessandro Bracchini Sales Consultant Oracle Italia Private Database Cloud Business Drivers Faster performance Resource management Higher availability Tighter security
More informationCopyright 2011, Oracle and/or its affiliates. All rights reserved.
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material,
More informationAdministrative Details. CS 140 Final Review Session. Pre-Midterm. Plan For Today. Disks + I/O. Pre-Midterm, cont.
Administrative Details CS 140 Final Review Session Final exam: 12:15-3:15pm, Thursday March 18, Skilling Aud (here) Questions about course material or the exam? Post to the newsgroup with Exam Question
More informationCSC 5930/9010 Cloud S & P: Virtualization
CSC 5930/9010 Cloud S & P: Virtualization Professor Henry Carter Fall 2016 Recap Network traffic can be encrypted at different layers depending on application needs TLS: transport layer IPsec: network
More informationDetection and Mitigation of Performance Attacks in Multi-Tenant Cloud Computing
Institute for Cyber Security Department of Computer Science Detection and Mitigation of Performance Attacks in Multi-Tenant Cloud Computing Carlos Cardenas and Rajendra V. Boppana Computer Science Department
More informationReal-Time Internet of Things
Real-Time Internet of Things Chenyang Lu Cyber-Physical Systems Laboratory h7p://www.cse.wustl.edu/~lu/ Internet of Things Ø Convergence of q Miniaturized devices: integrate processor, sensors and radios.
More informationPrivate Cloud Database Consolidation Name, Title
Private Cloud Database Consolidation Name, Title Agenda Cloud Introduction Business Drivers Cloud Architectures Enabling Technologies Service Level Expectations Customer Case Studies Conclusions
More informationVirtual Machines. Part 2: starting 19 years ago. Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.
Virtual Machines Part 2: starting 19 years ago Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved. Operating Systems In Depth IX 2 Copyright 2018 Thomas W. Doeppner.
More informationMultiLanes: Providing Virtualized Storage for OS-level Virtualization on Many Cores
MultiLanes: Providing Virtualized Storage for OS-level Virtualization on Many Cores Junbin Kang, Benlong Zhang, Tianyu Wo, Chunming Hu, and Jinpeng Huai Beihang University 夏飞 20140904 1 Outline Background
More informationViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project
ViryaOS RFC: Secure Containers for Embedded and IoT A proposal for a new Xen Project sub-project Stefano Stabellini @stabellinist The problem Package applications for the target Contain all dependencies
More informationVM Migration, Containers (Lecture 12, cs262a)
VM Migration, Containers (Lecture 12, cs262a) Ali Ghodsi and Ion Stoica, UC Berkeley February 28, 2018 (Based in part on http://web.eecs.umich.edu/~mosharaf/slides/eecs582/w16/021516-junchenglivemigration.pptx)
More informationPerformance Evaluation of Virtualization Technologies
Performance Evaluation of Virtualization Technologies Saad Arif Dept. of Electrical Engineering and Computer Science University of Central Florida - Orlando, FL September 19, 2013 1 Introduction 1 Introduction
More informationVirtualization. Michael Tsai 2018/4/16
Virtualization Michael Tsai 2018/4/16 What is virtualization? Let s first look at a video from VMware http://www.vmware.com/tw/products/vsphere.html Problems? Low utilization Different needs DNS DHCP Web
More informationContainer Adoption for NFV Challenges & Opportunities. Sriram Natarajan, T-Labs Silicon Valley Innovation Center
Container Adoption for NFV Challenges & Opportunities Sriram Natarajan, T-Labs Silicon Valley Innovation Center Virtual Machine vs. Container Stack KVM Container-stack Libraries Guest-OS Hypervisor Libraries
More informationTEN LAYERS OF CONTAINER SECURITY
TEN LAYERS OF CONTAINER SECURITY Tim Hunt Kirsten Newcomer May 2017 ABOUT YOU Are you using containers? What s your role? Security professionals Developers / Architects Infrastructure / Ops Who considers
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. reserved. Insert Information Protection Policy Classification from Slide 8
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material,
More informationNested Virtualization and Server Consolidation
Nested Virtualization and Server Consolidation Vara Varavithya Department of Electrical Engineering, KMUTNB varavithya@gmail.com 1 Outline Virtualization & Background Nested Virtualization Hybrid-Nested
More informationOS Virtualization. Linux Containers (LXC)
OS Virtualization Emulate OS-level interface with native interface Lightweight virtual machines No hypervisor, OS provides necessary support Referred to as containers Solaris containers, BSD jails, Linux
More informationDistributed Systems 27. Process Migration & Allocation
Distributed Systems 27. Process Migration & Allocation Paul Krzyzanowski pxk@cs.rutgers.edu 12/16/2011 1 Processor allocation Easy with multiprocessor systems Every processor has access to the same memory
More informationOctober 23, CERN, Switzerland. BOINC Virtual Machine Controller Infrastructure. David García Quintas. Introduction. Development (ie, How?
CERN, Switzerland October 23, 2009 Index What? 1 What? Why? Why? 2 3 4 Index What? 1 What? Why? Why? 2 3 4 What? What? Why?... are we looking for A means to interact with the system running inside a VM
More informationSecuring Containers Using a PNSC and a Cisco VSG
Securing Containers Using a PNSC and a Cisco VSG This chapter contains the following sections: About Prime Network Service Controllers, page 1 Integrating a VSG into an Application Container, page 4 About
More informationOPS-9: Fun With Virtualization. John Harlow. John Harlow. About John Harlow
OPS-9: Fun With Virtualization President, BravePoint, Inc. About Unix user since 1982 Progress developer since 1984 Linux Desktop and Server user since 1995 VMware user since earliest beta in 1999 Contact
More informationSecure Containers with EPT Isolation
Secure Containers with EPT Isolation Chunyan Liu liuchunyan9@huawei.com Jixing Gu jixing.gu@intel.com Presenters Jixing Gu: Software Architect, from Intel CIG SW Team, working on secure container solution
More informationSecuring Containers Using a PNSC and a Cisco VSG
Securing Containers Using a PNSC and a Cisco VSG This chapter contains the following sections: About Prime Network Service Controllers, page 1 Integrating a VSG into an Application Container, page 3 About
More informationCOMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy
COMPUTER ARCHITECTURE Virtualization and Memory Hierarchy 2 Contents Virtual memory. Policies and strategies. Page tables. Virtual machines. Requirements of virtual machines and ISA support. Virtual machines:
More informationHow Container Runtimes matter in Kubernetes?
How Container Runtimes matter in Kubernetes? Kunal Kushwaha NTT OSS Center About me Works @ NTT Open Source Software Center Contributes to containerd and other related projects. Docker community leader,
More informationLecture 09: VMs and VCS head in the clouds
Lecture 09: VMs and VCS head in the Hands-on Unix system administration DeCal 2012-10-29 1 / 20 Projects groups of four people submit one form per group with OCF usernames, proposed project ideas, and
More informationCategorizing container escape methodologies in multi-tenant environments
Categorizing container escape methodologies in multi-tenant environments Rik Janssen rik.janssen@os3.nl Research Project 1 MSc Security and Network Engineering (SNE/OS3) University of Amsterdam Supervisor:
More information[Docker] Containerization
[Docker] Containerization ABCD-LMA Working Group Will Kinard October 12, 2017 WILL Kinard Infrastructure Architect Software Developer Startup Venture IC Husband Father Clemson University That s me. 2 The
More informationDeploying Application and OS Virtualization Together: Citrix and Virtuozzo
White Paper Deploying Application and OS Virtualization Together: Citrix and Virtuozzo www.swsoft.com Version 1.0 Table of Contents The Virtualization Continuum: Deploying Virtualization Together... 3
More informationCloud & container monitoring , Lars Michelsen Check_MK Conference #4
Cloud & container monitoring 04.05.2018, Lars Michelsen Some cloud definitions Applications Data Runtime Middleware O/S Virtualization Servers Storage Networking Software-as-a-Service (SaaS) Applications
More informationDatabase Consolidation onto Private Cloud. Piotr Kołodziej, Oracle Polska
Database Consolidation onto Private Cloud Piotr Kołodziej, Oracle Polska WHAT IS CLOUD COMPUTING? NIST Definition of Cloud Computing v15 Cloud computing is a model for enabling convenient,
More information2017 Storage Developer Conference. Mellanox Technologies. All Rights Reserved.
Ethernet Storage Fabrics Using RDMA with Fast NVMe-oF Storage to Reduce Latency and Improve Efficiency Kevin Deierling & Idan Burstein Mellanox Technologies 1 Storage Media Technology Storage Media Access
More informationAmir Zipory Senior Solutions Architect, Redhat Israel, Greece & Cyprus
Amir Zipory Senior Solutions Architect, Redhat Israel, Greece & Cyprus amirz@redhat.com TODAY'S IT CHALLENGES IT is under tremendous pressure from the organization to enable growth Need to accelerate,
More informationVirtualization and memory hierarchy
Virtualization and memory hierarchy Computer Architecture J. Daniel García Sánchez (coordinator) David Expósito Singh Francisco Javier García Blas ARCOS Group Computer Science and Engineering Department
More informationA comparison of performance between KVM and Docker instances in OpenStack
A comparison of performance between KVM and Docker instances in OpenStack Wataru Takase High Energy Accelerator Research Organiza on (KEK), Japan HEPiX Fall 2015 Workshop at BNL 1 KEK site will become
More informationExam : Implementing a Cloud Based Infrastructure
Exam 70-414: Implementing a Cloud Based Infrastructure Course Overview This course teaches students about creating the virtualization infrastructure, planning and deploying virtual machines, monitoring,
More informationWhat s New in VMware vsphere 4.1 Performance. VMware vsphere 4.1
What s New in VMware vsphere 4.1 Performance VMware vsphere 4.1 T E C H N I C A L W H I T E P A P E R Table of Contents Scalability enhancements....................................................................
More informationAdaptive Runtime Support
Scalable Fault Tolerance Schemes using Adaptive Runtime Support Laxmikant (Sanjay) Kale http://charm.cs.uiuc.edu Parallel Programming Laboratory Department of Computer Science University of Illinois at
More informationAzure Administrator Role
Azure Administrator Role Azure Apps and Infrastructure Certification Fundamentals Expert Azure Solutions Architect Expert Azure Fundamentals (optional) Azure Administrator Azure Developer COMING SOON Azure
More informationinstruction is 6 bytes, might span 2 pages 2 pages to handle from 2 pages to handle to Two major allocation schemes
Allocation of Frames How should the OS distribute the frames among the various processes? Each process needs minimum number of pages - at least the minimum number of pages required for a single assembly
More informationAbstract. Testing Parameters. Introduction. Hardware Platform. Native System
Abstract In this paper, we address the latency issue in RT- XEN virtual machines that are available in Xen 4.5. Despite the advantages of applying virtualization to systems, the default credit scheduler
More informationIndustry-leading Application PaaS Platform
Industry-leading Application PaaS Platform Solutions Transactional Apps Digital Marketing LoB App Modernization Services Web Apps Web App for Containers API Apps Mobile Apps IDE Enterprise Integration
More informationVirtuozzo Hyperconverged Platform Uses Intel Optane SSDs to Accelerate Performance for Containers and VMs
Solution brief Software-Defined Data Center (SDDC) Hyperconverged Platforms Virtuozzo Hyperconverged Platform Uses Intel Optane SSDs to Accelerate Performance for Containers and VMs Virtuozzo benchmark
More informationCS 470 Spring Virtualization and Cloud Computing. Mike Lam, Professor. Content taken from the following:
CS 470 Spring 2018 Mike Lam, Professor Virtualization and Cloud Computing Content taken from the following: A. Silberschatz, P. B. Galvin, and G. Gagne. Operating System Concepts, 9 th Edition (Chapter
More informationDigital Backbone Project Overview Sony Pictures Technologies
Digital Backbone Project Overview Sony Pictures Technologies Digital Backbone Project Overview ghj / 2010.04a 1 Why a Digital Backbone? Digital Backbone Project Overview ghj / 2010.04a 2 End to End Digital
More informationFast and Easy Persistent Storage for Docker* Containers with Storidge and Intel
Solution brief Intel Storage Builders Storidge ContainerIO TM Intel Xeon Processor Scalable Family Intel SSD DC Family for PCIe*/NVMe Fast and Easy Persistent Storage for Docker* Containers with Storidge
More informationKnut Omang Ifi/Oracle 20 Oct, Introduction to virtualization (Virtual machines) Aspects of network virtualization:
Software and hardware support for Network Virtualization part 2 Knut Omang Ifi/Oracle 20 Oct, 2015 32 Overview Introduction to virtualization (Virtual machines) Aspects of network virtualization: Virtual
More informationParallels Virtuozzo Containers
Parallels Virtuozzo Containers White Paper Deploying Application and OS Virtualization Together: Citrix and Parallels Virtuozzo Containers www.parallels.com Version 1.0 Table of Contents The Virtualization
More informationVirtuozzo Containers
Parallels Virtuozzo Containers White Paper An Introduction to Operating System Virtualization and Parallels Containers www.parallels.com Table of Contents Introduction... 3 Hardware Virtualization... 3
More informationScalable Fault Tolerance Schemes using Adaptive Runtime Support
Scalable Fault Tolerance Schemes using Adaptive Runtime Support Laxmikant (Sanjay) Kale http://charm.cs.uiuc.edu Parallel Programming Laboratory Department of Computer Science University of Illinois at
More informationG-NET: Effective GPU Sharing In NFV Systems
G-NET: Effective Sharing In NFV Systems Kai Zhang*, Bingsheng He^, Jiayu Hu #, Zeke Wang^, Bei Hua #, Jiayi Meng #, Lishan Yang # *Fudan University ^National University of Singapore #University of Science
More informationCreating a Hybrid Gateway for API Traffic. Ed Julson API Platform Product Marketing TIBCO Software
Creating a Hybrid Gateway for API Traffic Ed Julson API Platform Product Marketing TIBCO Software Housekeeping Webinar Recording Today s webinar is being recorded and a link to the recording will be emailed
More informationOS Virtualization. Why Virtualize? Introduction. Virtualization Basics 12/10/2012. Motivation. Types of Virtualization.
Virtualization Basics Motivation OS Virtualization CSC 456 Final Presentation Brandon D. Shroyer Types of Virtualization Process virtualization (Java) System virtualization (classic, hosted) Emulation
More informationUsing Containers to Deliver an Efficient Private Cloud
Using Containers to Deliver an Efficient Private Cloud Software-Defined Servers Using Containers to Deliver an Efficient Private Cloud iv Contents 1 Solving the 3 Challenges of Containers 1 2 The Fit with
More informationMQ High Availability and Disaster Recovery Implementation scenarios
MQ High Availability and Disaster Recovery Implementation scenarios Sandeep Chellingi Head of Hybrid Cloud Integration Prolifics Agenda MQ Availability Message Availability Service Availability HA vs DR
More informationResource Containers. A new facility for resource management in server systems. Presented by Uday Ananth. G. Banga, P. Druschel, J. C.
Resource Containers A new facility for resource management in server systems G. Banga, P. Druschel, J. C. Mogul OSDI 1999 Presented by Uday Ananth Lessons in history.. Web servers have become predominantly
More informationReal-Time Cache Management for Multi-Core Virtualization
Real-Time Cache Management for Multi-Core Virtualization Hyoseung Kim 1,2 Raj Rajkumar 2 1 University of Riverside, California 2 Carnegie Mellon University Benefits of Multi-Core Processors Consolidation
More informationPageForge: A Near-Memory Content- Aware Page-Merging Architecture
PageForge: A Near-Memory Content- Aware Page-Merging Architecture Dimitrios Skarlatos, Nam Sung Kim, and Josep Torrellas University of Illinois at Urbana-Champaign MICRO-50 @ Boston Motivation: Server
More informationIntroduction to containers
Introduction to containers Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Plan Introduction Details : chroot, control groups, namespaces My first container Deploying a distributed application using containers
More informationWhat s Up Docker. Presented by Robert Sordillo Avada Software
What s Up Docker Presented by Robert Sordillo (rsordillo@avadasoftware.com) Avada Software What is Docker? Is a open source software Container platform. It s benefits are eliminating works on my machine
More informationDistributed File Systems Issues. NFS (Network File System) AFS: Namespace. The Andrew File System (AFS) Operating Systems 11/19/2012 CSC 256/456 1
Distributed File Systems Issues NFS (Network File System) Naming and transparency (location transparency versus location independence) Host:local-name Attach remote directories (mount) Single global name
More informationPaperspace. Architecture Overview. 20 Jay St. Suite 312 Brooklyn, NY Technical Whitepaper
Architecture Overview Copyright 2016 Paperspace, Co. All Rights Reserved June - 1-2017 Technical Whitepaper Paperspace Whitepaper: Architecture Overview Content 1. Overview 3 2. Virtualization 3 Xen Hypervisor
More informationMulti-tenancy Virtualization Challenges & Solutions. Daniel J Walsh Mr SELinux, Red Hat Date
Multi-tenancy Virtualization Challenges & Solutions Daniel J Walsh Mr SELinux, Red Hat Date 06.28.12 What is Cloud? What is IaaS? IaaS = Infrastructure-as-a-Service What is PaaS? PaaS = Platform-as-a-Service
More informationMemory Management. Disclaimer: some slides are adopted from book authors slides with permission 1
Memory Management Disclaimer: some slides are adopted from book authors slides with permission 1 CPU management Roadmap Process, thread, synchronization, scheduling Memory management Virtual memory Disk
More informationAn Analysis and Empirical Study of Container Networks
An Analysis and Empirical Study of Container Networks Kun Suo *, Yong Zhao *, Wei Chen, Jia Rao * University of Texas at Arlington *, University of Colorado, Colorado Springs INFOCOM 2018@Hawaii, USA 1
More informationJanus: A-Cross-Layer Soft Real- Time Architecture for Virtualization
Janus: A-Cross-Layer Soft Real- Time Architecture for Virtualization Raoul Rivas, Ahsan Arefin, Klara Nahrstedt UPCRC, University of Illinois at Urbana-Champaign Video Sharing, Internet TV and Teleimmersive
More informationLinux Containers Roadmap Red Hat Enterprise Linux 7 RC. Bhavna Sarathy Senior Technology Product Manager, Red Hat
Linux Containers Roadmap Red Hat Enterprise Linux 7 RC Bhavna Sarathy Senior Technology Product Manager, Red Hat Linda Wang Senior Eng. Manager, Red Hat Bob Kozdemba Principal Soln. Architect, Red Hat
More informationVirtual Memory. Daniel Sanchez Computer Science & Artificial Intelligence Lab M.I.T. November 15, MIT Fall 2018 L20-1
Virtual Memory Daniel Sanchez Computer Science & Artificial Intelligence Lab M.I.T. L20-1 Reminder: Operating Systems Goals of OS: Protection and privacy: Processes cannot access each other s data Abstraction:
More informationCS 326: Operating Systems. CPU Scheduling. Lecture 6
CS 326: Operating Systems CPU Scheduling Lecture 6 Today s Schedule Agenda? Context Switches and Interrupts Basic Scheduling Algorithms Scheduling with I/O Symmetric multiprocessing 2/7/18 CS 326: Operating
More informationNested Virtualization Friendly KVM
Nested Virtualization Friendly KVM Sheng Yang, Qing He, Eddie Dong 1 Virtualization vs. Nested Virtualization Single-Layer Virtualization Multi-Layer (Nested) Virtualization (L2) Virtual Platform (L1)
More informationIntel Virtualization Technology Roadmap and VT-d Support in Xen
Intel Virtualization Technology Roadmap and VT-d Support in Xen Jun Nakajima Intel Open Source Technology Center Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS.
More informationAltersgruppe: Grade 2 Virginia - Mathematics Standards of Learning (2009): 1.12, 1.16, Virginia - Mathematics Standards of Learning (2016): 3.12.
1 U n t er r ich t splan Classify Polygons Based on Vertices, Ed ges and Angles Altersgruppe: Grade 2 Virginia - Mathematics Standards of Learning (2009): 1.12, 1.16, 2.16, 3.14, 4.12a, 4.12b Virginia
More informationOperating system hardening
Operating system Comp Sci 3600 Security Outline 1 2 3 4 5 6 What is OS? Hardening process that includes planning, ation, uration, update, and maintenance of the operating system and the key applications
More informationSubject Name:Operating system. Subject Code:10EC35. Prepared By:Remya Ramesan and Kala H.S. Department:ECE. Date:
Subject Name:Operating system Subject Code:10EC35 Prepared By:Remya Ramesan and Kala H.S. Department:ECE Date:24-02-2015 UNIT 1 INTRODUCTION AND OVERVIEW OF OPERATING SYSTEM Operating system, Goals of
More informationTEN LAYERS OF CONTAINER SECURITY
TEN LAYERS OF CONTAINER SECURITY A Deeper Dive 2 WHAT ARE CONTAINERS? It depends on who you ask... INFRASTRUCTURE APPLICATIONS Sandboxed application processes on a shared Linux OS kernel Simpler, lighter,
More informationOverview of Container Management
Overview of Container Management Wyn Van Devanter @wynv Vic Kumar Agenda Why Container Management? What is Container Management? Clusters, Cloud Architecture & Containers Container Orchestration Tool Overview
More informationIntroduction to Virtualization
Introduction to Virtualization Module 2 You Are Here Course Introduction Introduction to Virtualization Creating Virtual Machines VMware vcenter Server Configuring and Managing Virtual Networks Configuring
More informationVMWare. Inc. 발표자 : 박찬호. Memory Resource Management in VMWare ESX Server
Author : Carl A. Waldspurger VMWare. Inc. 발표자 : 박찬호 Memory Resource Management in VMWare ESX Server Contents Background Motivation i and Overview Memory Virtualization Reclamation Mechanism Sharing Memory
More informationRED HAT CLOUD STRATEGY (OPEN HYBRID CLOUD) Ahmed El-Rayess Solutions Architect
RED HAT CLOUD STRATEGY (OPEN HYBRID CLOUD) Ahmed El-Rayess Solutions Architect AGENDA Cloud Concepts Market Overview Evolution to Cloud Workloads Evolution to Cloud Infrastructure CLOUD TYPES AND DEPLOYMENT
More informationLooking ahead with IBM i. 10+ year roadmap
Looking ahead with IBM i 10+ year roadmap 1 Enterprises Trust IBM Power 80 of Fortune 100 have IBM Power Systems The top 10 banking firms have IBM Power Systems 9 of top 10 insurance companies have IBM
More informationCHAPTER 16 - VIRTUAL MACHINES
CHAPTER 16 - VIRTUAL MACHINES 1 OBJECTIVES Explore history and bene ts of virtual machines. Discuss the various virtual machine technologies. Describe the methods used to implement virtualization. Show
More information