Unikernels as Processes
|
|
- Brent Benson
- 5 years ago
- Views:
Transcription
1 Unikernels as Processes Dan Williams, Ricardo Koller (IBM Research) Martin Lucina (robur.io/center for the Cultivation of Technology) Nikhil Prakash (BITS Pilani)
2 What is a unikernel? An application linked with library OS components Run on virtual hardware (like) abstraction VM Language-specific MirageOS (OCaml) IncludeOS (C++) Legacy-oriented Rumprun (NetBSD-based) Can run nginx, redis, node.js, python,etc.. 2
3 Why unikernels? Lightweight Only what the application needs Isolated VM-isolation is the gold standard Well suited for the cloud Microservices Serverless NFV VM 3
4 Virtualization is a mixed bag Good for isolation, but Tooling for VMs not designed for lightweight (e.g., lightvm) How do you debug black-box VMs? Poor VM performance due to vmexits Deployment issues on already-virtualized infrastructure 4
5 Why not run unikernels as processes? Unikernels are a single process anyway! Many benefits as a process Better performance Common tooling (gdb, perf, etc.) ASLR Memory sharing Architecture independence Isolation by limiting process interface to host 98% reduction in accessible kernel functions Process 5
6 Outline Introduction Where does unikernel isolation come from? Unikernels as processes Isolation evaluation Performance evaluation Summary 6
7 Isolation: definitions and assumptions Isolation: no cloud user can read/write state or modify its execution Focus on software deficiencies in the host Code reachable through interface is a metric for attack surface app We trust HW isolation (page tables, etc.) Host Kernel We do not consider covert channels, timing channels or resource starvation 7
8 Unikernel architecture ukvm unikernel monitor Userspace process Uses Linux/KVM monitor process (e.g., ukvm) Setup and loading Exit handling KVM Linux I/O devices VT-x 8
9 Unikernel architecture ukvm unikernel monitor Userspace process Uses Linux/KVM monitor process (e.g., ukvm) Setup Setup and loading Exit handling 1 Set up I/O fds KVM Linux I/O devices VT-x 9
10 Unikernel architecture Virtual CPU context ukvm unikernel monitor Userspace process Uses Linux/KVM monitor process (e.g., ukvm) Setup Setup and loading Exit handling 1 Set up I/O fds 2 Load unikernel KVM Linux I/O devices VT-x 1
11 Unikernel architecture Virtual CPU context ukvm unikernel monitor Userspace process Uses Linux/KVM monitor process (e.g., ukvm) Setup Exit handling Setup and loading Exit handling 1 Set up I/O fds 2 Load unikernel I/O KVM Linux I/O devices VT-x 11
12 Unikernel isolation comes from the interface 1 hypercalls 6 for I/O Network: packet level Storage: block level vs. >35 syscalls Hypercall walltime puts poll blkinfo blkwrite blkread netinfo netwrite netread halt 12
13 Observations Unikernels are not kernels! No page table management after setup No interrupt handlers: cooperative scheduling and poll The ukvm monitor doesn t do anything! One-to-one mapping between hypercalls and system calls Idea: maintain isolation by limiting syscalls available to process 13
14 Unikernel as process architecture Tender: modified ukvm unikernel monitor Userspace process Uses seccomp to restrict interface tender process Setup and loading Linux I/O devices 14
15 Unikernel as process architecture Tender: modified ukvm unikernel monitor Userspace process Uses seccomp to restrict interface tender process Setup Setup and loading 1 Set up I/O fds Linux I/O devices 15
16 Unikernel as process architecture Tender: modified ukvm unikernel monitor Userspace process Uses seccomp to restrict interface tender process Setup Setup and loading 1 Set up I/O fds 2 Load unikernel Linux I/O devices 16
17 Unikernel as process architecture Tender: modified ukvm unikernel monitor Userspace process Uses seccomp to restrict interface Setup and loading tender process 1 Set up I/O fds Setup 2 3 Configure seccomp Load unikernel Linux I/O devices 17
18 Unikernel as process architecture Tender: modified ukvm unikernel monitor Userspace process Uses seccomp to restrict interface Setup and loading Exit handling tender process 1 Set up I/O fds Setup 2 3 Load unikernel Exit handling Configure seccomp I/O Linux I/O devices 18
19 Unikernel isolation comes from the interface 1 hypercalls 6 for I/O Network: packet level Storage: block level vs. >35 syscalls Hypercall walltime puts poll blkinfo blkwrite blkread netinfo netwrite netread halt 19
20 Unikernel isolation comes from the interface Direct mapping between 1 hypercalls and system call/resource pairs Hypercall walltime puts poll System Call clock_gettime write ppoll Resource stdout net_fd 6 for I/O Network: packet level Storage: block level blkinfo blkwrite blkread netinfo netwrite pwrite64 pread64 write blk_fd blk_fd net_fd vs. >35 syscalls netread halt read exit_group net_fd 2
21 Implementation: nabla! Extended Solo5 unikernel ecosystem and ukvm Prototype supports: MirageOS IncludeOS Rumprun 21
22 Measuring isolation: common applications Code reachable through interface is a metric for attack surface Used kernel ftrace Results: Processes: 5-6x more VMs: 2-3x more Unique kernel functions accessed nginx nginx-large process ukvm nabla node-express redis-get redis-set 22
23 Measuring isolation: fuzz testing Used kernel ftrace Used trinity system call fuzzer to try to access more of the kernel Results: Nabla policy reduces by 98% over a normal process Unique kernel functions accept nabla block
24 Measuring performance: throughput Applications include: Web servers Python benchmarks Redis etc. Normalized throughput 2% 18% 16% 14% 12% 1% no I/O ukvm nabla QEMU/KVM with I/O 245 Results: 11%-245% higher throughput than ukvm 8% py_tornado py_chameleon node_fib mirage_http py_2to3 node_express nginx_large redis_get redis_set includeos_tcp nginx includeos_udp 24
25 Measuring performance: CPU utilization vmexits have an effect on instructions per cycle Experiment with MirageOS web server Results: 12% reduction in cpu utilization over ukvm (a) CPU % (b) VMexits/ms (c) IPC (ins/cycle) Requests/sec nabla ukvm 25
26 Measuring performance: startup time Startup time is important for serverless, NFV Results: Hello world Ukvm has 3-37% higher latency than nabla 15 1 QEMU/KVM 5 Mostly due avoiding KVM overheads HTTP POST Hello world HTTP Post ukvm nabla Number of cores process
27 Summary and Next Steps Unikernels should run as processes! Maintain isolation via thin interface Improve performance, etc. Process Next steps: can unikernels as processes be used to improve container isolation? Nabla containers 27
28 28
@amirmc UNIKERNELS WHERE ARE THEY NOW? AMIR CHAUDHRY. Open Source Summit NA 13 Sep 2017
@amirmc UNIKERNELS WHERE ARE THEY NOW? AMIR CHAUDHRY Open Source Summit NA 13 Sep 2017 OVERVIEW Unikernel refresher Status updates: MirageOS, IncludeOS, HaLVM, Solo5 Summary Questions? REFRESHER UNIKERNEL
More information64-bit ARM Unikernels on ukvm
64-bit ARM Unikernels on ukvm Wei Chen Senior Software Engineer Tokyo / Open Source Summit Japan 2017 2017-05-31 Thanks to Dan Williams, Martin Lucina, Anil Madhavapeddy and other Solo5
More informationUnikernels in Action
Unikernels in Action 28 January 2018, DevConf.cz, Brno Michael Bright, Developer Evangelist @ Slides online @ https://mjbright.github.io/talks/2018-jan-28_devconf.cz_unikernels 1 / 31 Agenda What are Unikernels?
More informationA Userspace Packet Switch for Virtual Machines
SHRINKING THE HYPERVISOR ONE SUBSYSTEM AT A TIME A Userspace Packet Switch for Virtual Machines Julian Stecklina OS Group, TU Dresden jsteckli@os.inf.tu-dresden.de VEE 2014, Salt Lake City 1 Motivation
More informationLISA The Next Generation Cloud: Unleashing the Power of the Unikernel. Russell Pavlicek Xen Project Evangelist
LISA 2015 The Next Generation Cloud: Unleashing the Power of the Unikernel Russell Pavlicek Xen Project Evangelist Russell.Pavlicek@XenProject.org About the Old, Fat Geek Up Front Linux user since 1995;
More informationSCONE: Secure Linux Container Environments with Intel SGX
SCONE: Secure Linux Container Environments with Intel SGX S. Arnautov, B. Trach, F. Gregor, Thomas Knauth, and A. Martin, Technische Universität Dresden; C. Priebe, J. Lind, D. Muthukumaran, D. O'Keeffe,
More informationSecure Containers with EPT Isolation
Secure Containers with EPT Isolation Chunyan Liu liuchunyan9@huawei.com Jixing Gu jixing.gu@intel.com Presenters Jixing Gu: Software Architect, from Intel CIG SW Team, working on secure container solution
More informationFlexSC. Flexible System Call Scheduling with Exception-Less System Calls. Livio Soares and Michael Stumm. University of Toronto
FlexSC Flexible System Call Scheduling with Exception-Less System Calls Livio Soares and Michael Stumm University of Toronto Motivation The synchronous system call interface is a legacy from the single
More informationKubernetes The Path to Cloud Native
Kubernetes The Path to Cloud Native Eric Brewer VP, Infrastructure @eric_brewer August 28, 2015 ACM SOCC Cloud Na*ve Applica*ons Middle of a great transition unlimited ethereal resources in the Cloud an
More informationUnikernels? Thomas [Twitter]
Unikernels? Thomas Gazagnaire @samoht [GitHub] @eriangazag [Twitter] http://gazagnaire.org/pub/2015.12.loops.pdf About me... PhD at INRIA in Distributed Systems Citrix on Xen/Xenserver OCamlPro on Opam
More informationVirtualization. Pradipta De
Virtualization Pradipta De pradipta.de@sunykorea.ac.kr Today s Topic Virtualization Basics System Virtualization Techniques CSE506: Ext Filesystem 2 Virtualization? A virtual machine (VM) is an emulation
More informationMy VM is Lighter (and Safer) than your Container
My VM is Lighter (and Safer) than your Container Filipe Manco, Florian Schmidt, Simon Kuenzer, Kenichi Yasukata, Sumit Sati, Costin Lupu*, Costin Raiciu*, Felipe Huici NEC Europe Ltd, *University Politehnica
More informationGraphene-SGX. A Practical Library OS for Unmodified Applications on SGX. Chia-Che Tsai Donald E. Porter Mona Vij
Graphene-SGX A Practical Library OS for Unmodified Applications on SGX Chia-Che Tsai Donald E. Porter Mona Vij Intel SGX: Trusted Execution on Untrusted Hosts Processing Sensitive Data (Ex: Medical Records)
More informationCourse Review. Hui Lu
Course Review Hui Lu Syllabus Cloud computing Server virtualization Network virtualization Storage virtualization Cloud operating system Object storage Syllabus Server Virtualization Network Virtualization
More informationContainer Adoption for NFV Challenges & Opportunities. Sriram Natarajan, T-Labs Silicon Valley Innovation Center
Container Adoption for NFV Challenges & Opportunities Sriram Natarajan, T-Labs Silicon Valley Innovation Center Virtual Machine vs. Container Stack KVM Container-stack Libraries Guest-OS Hypervisor Libraries
More informationIBM Research Report. A Comparison of Virtualization Technologies for Use in Cloud Data Centers
H-0330 (HAI1801-001) January 3, 2018 Computer Science IBM Research Report A Comparison of Virtualization Technologies for Use in Cloud Data Centers Joel Nider IBM Research Division Haifa Research Laboratory
More informationVirtualized Infrastructure Managers for edge computing: OpenVIM and OpenStack comparison IEEE BMSB2018, Valencia,
Virtualized Infrastructure Managers for edge computing: OpenVIM and OpenStack comparison IEEE BMSB2018, Valencia, 2018-06-08 Teodora Sechkova contact@virtualopensystems.com www.virtualopensystems.com Authorship
More informationHow Container Runtimes matter in Kubernetes?
How Container Runtimes matter in Kubernetes? Kunal Kushwaha NTT OSS Center About me Works @ NTT Open Source Software Center Contributes to containerd and other related projects. Docker community leader,
More informationVirtual Machines. Jinkyu Jeong Computer Systems Laboratory Sungkyunkwan University
Virtual Machines Jinkyu Jeong (jinkyu@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Today's Topics History and benefits of virtual machines Virtual machine technologies
More informationSuper Containers: Unikernels and Virtual Machines
Super Containers: Unikernels and Virtual Machines 14 th Annual IEEE/ACM IT Professional Conference at TCF (2019) Brad Whitehead, Chief Scientist Formularity Who is Brad Whitehead?!?! Former Partner and
More informationSpring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand
Introduction to Virtual Machines Nima Honarmand Virtual Machines & Hypervisors Virtual Machine: an abstraction of a complete compute environment through the combined virtualization of the processor, memory,
More informationLow overhead virtual machines tracing in a cloud infrastructure
Low overhead virtual machines tracing in a cloud infrastructure Mohamad Gebai Michel Dagenais Dec 7, 2012 École Polytechnique de Montreal Content Area of research Current tracing: LTTng vs ftrace / virtio
More informationAdvanced Systems Security: Virtual Machine Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationIntel Clear Containers. Amy Leeland Program Manager Clear Linux, Clear Containers And Ciao
Intel Clear Containers Amy Leeland Program Manager Clear Linux, Clear Containers And Ciao Containers are... Speedy Fast create, update and uninstall cycle. Request and provision in (milli)seconds Manageable
More informationLecture 09: VMs and VCS head in the clouds
Lecture 09: VMs and VCS head in the Hands-on Unix system administration DeCal 2012-10-29 1 / 20 Projects groups of four people submit one form per group with OCF usernames, proposed project ideas, and
More informationSLIPSTREAM: AUTOMATIC INTERPROCESS COMMUNICATION OPTIMIZATION. Will Dietz, Joshua Cranmer, Nathan Dautenhahn, Vikram Adve
SLIPSTREAM: AUTOMATIC INTERPROCESS COMMUNICATION OPTIMIZATION Will Dietz, Joshua Cranmer, Nathan Dautenhahn, Vikram Adve Introduction 2 Use of TCP is ubiquitous Widely Supported Location Transparency Programmer-friendly
More informationAchieve Low Latency NFV with Openstack*
Achieve Low Latency NFV with Openstack* Yunhong Jiang Yunhong.Jiang@intel.com *Other names and brands may be claimed as the property of others. Agenda NFV and network latency Why network latency on NFV
More informationMaking Cloud Easy: Components of a Distributed. Design Considerations and First. Operating System for Cloud
Making Cloud Easy: Design Considerations and First Components of a Distributed Operating System for Cloud James Kempf for the Nefele Development Team ER RACSP July 09, 2018 James Kempf ER RACSP 2018-07-09
More informationBackground. IBM sold expensive mainframes to large organizations. Monitor sits between one or more OSes and HW
Virtual Machines Background IBM sold expensive mainframes to large organizations Some wanted to run different OSes at the same time (because applications were developed on old OSes) Solution: IBM developed
More informationCOS 318: Operating Systems
COS 318: Operating Systems OS Structures and System Calls Jaswinder Pal Singh Computer Science Department Princeton University (http://www.cs.princeton.edu/courses/cos318/) Outline Protection mechanisms
More informationChap.6 Limited Direct Execution. Dongkun Shin, SKKU
Chap.6 Limited Direct Execution 1 Problems of Direct Execution The OS must virtualize the CPU in an efficient manner while retaining control over the system. Problems how can the OS make sure the program
More informationRECap: RunEscape Capsule for On-demand Managed Service Delivery in the Cloud
RECap: RunEscape Capsule for On-demand Managed Service Delivery in the Cloud Shripad J Nadgowda, Sahil Suneja, Canturk Isci IBM T J Watson Research Center Evolution of application runtimes (General-purpose
More informationScaling Up Performance Benchmarking
Scaling Up Performance Benchmarking -with SPECjbb2015 Anil Kumar Runtime Performance Architect @Intel, OSG Java Chair Monica Beckwith Runtime Performance Architect @Arm, Java Champion FaaS Serverless Frameworks
More informationData Path acceleration techniques in a NFV world
Data Path acceleration techniques in a NFV world Mohanraj Venkatachalam, Purnendu Ghosh Abstract NFV is a revolutionary approach offering greater flexibility and scalability in the deployment of virtual
More informationLecture 7. Xen and the Art of Virtualization. Paul Braham, Boris Dragovic, Keir Fraser et al. 16 November, Advanced Operating Systems
Lecture 7 Xen and the Art of Virtualization Paul Braham, Boris Dragovic, Keir Fraser et al. Advanced Operating Systems 16 November, 2011 SOA/OS Lecture 7, Xen 1/38 Contents Virtualization Xen Memory CPU
More informationLINUX CONTAINERS. Where Enterprise Meets Embedded Operating Environments WHEN IT MATTERS, IT RUNS ON WIND RIVER
Where Enterprise Meets Embedded Operating Environments WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Flexible and connected platforms are core components in leading computing fields, including
More informationUnikernels. No OS? No problem! Kevin Sapper ABSTRACT
Unikernels No OS? No problem! Kevin Sapper Hochschule RheinMain Unter den Eichen 5 Wiesbaden, Germany kevin.b.sapper@student.hs-rm.de ABSTRACT Unikernels aim to reduce the layers and dependencies modern
More informationCS-580K/480K Advanced Topics in Cloud Computing. VM Virtualization II
CS-580K/480K Advanced Topics in Cloud Computing VM Virtualization II 1 How to Build a Virtual Machine? 2 How to Run a Program Compiling Source Program Loading Instruction Instruction Instruction Instruction
More informationMicro VMMs and Nested Virtualization
Micro VMMs and Nested Virtualization For the TCE 4th summer school on computer security, big data and innovation Baruch Chaikin, Intel 9 September 2015 Agenda Virtualization Basics The Micro VMM Nested
More informationException-Less System Calls for Event-Driven Servers
Exception-Less System Calls for Event-Driven Servers Livio Soares and Michael Stumm University of Toronto Talk overview At OSDI'10: exception-less system calls Technique targeted at highly threaded servers
More informationAdvanced Systems Security: Virtual Machine Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationThe benefits and costs of writing a POSIX kernel in a high-level language
1 / 38 The benefits and costs of writing a POSIX kernel in a high-level language Cody Cutler, M. Frans Kaashoek, Robert T. Morris MIT CSAIL Should we use high-level languages to build OS kernels? 2 / 38
More informationVirtualization. ...or how adding another layer of abstraction is changing the world. CIS 399: Unix Skills University of Pennsylvania.
Virtualization...or how adding another layer of abstraction is changing the world. CIS 399: Unix Skills University of Pennsylvania April 6, 2009 (CIS 399 Unix) Virtualization April 6, 2009 1 / 22 What
More informationIsoStack Highly Efficient Network Processing on Dedicated Cores
IsoStack Highly Efficient Network Processing on Dedicated Cores Leah Shalev Eran Borovik, Julian Satran, Muli Ben-Yehuda Outline Motivation IsoStack architecture Prototype TCP/IP over 10GE on a single
More informationHypervisor security. Evgeny Yakovlev, DEFCON NN, 2017
Hypervisor security Evgeny Yakovlev, DEFCON NN, 2017 whoami Low-level development in C and C++ on x86 UEFI, virtualization, security Jetico, Kaspersky Lab QEMU/KVM developer at Virtuozzo 2 Agenda Why hypervisor
More informationInitial Evaluation of a User-Level Device Driver Framework
Initial Evaluation of a User-Level Device Driver Framework Stefan Götz Karlsruhe University Germany sgoetz@ira.uka.de Kevin Elphinstone National ICT Australia University of New South Wales kevine@cse.unsw.edu.au
More informationReal Safe Times in the Jailhouse Hypervisor Unrestricted Siemens AG All rights reserved
Siemens Corporate Technology Real Safe Times in the Jailhouse Hypervisor Real Safe Times in the Jailhouse Hypervisor Agenda Jailhouse introduction Safe isolation Architecture support Jailhouse application
More informationCOS 318: Operating Systems
COS 318: Operating Systems OS Structures and System Calls Prof. Margaret Martonosi Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall11/cos318/ Outline Protection
More informationFeature Comparison Summary
Feature Comparison Summary, and The cloud-ready operating system Thanks to cloud technology, the rate of change is faster than ever before, putting more pressure on IT. Organizations demand increased security,
More informationTCSS 422: OPERATING SYSTEMS
TCSS 422: OPERATING SYSTEMS fork() Process API, Limited Direct Execution Wes J. Lloyd Institute of Technology University of Washington - Tacoma Creates a new process - think of a fork in the road Parent
More informationCSE 120 Principles of Operating Systems
CSE 120 Principles of Operating Systems Spring 2018 Lecture 16: Virtual Machine Monitors Geoffrey M. Voelker Virtual Machine Monitors 2 Virtual Machine Monitors Virtual Machine Monitors (VMMs) are a hot
More informationWhat is KVM? KVM patch. Modern hypervisors must do many things that are already done by OSs Scheduler, Memory management, I/O stacks
LINUX-KVM The need for KVM x86 originally virtualization unfriendly No hardware provisions Instructions behave differently depending on privilege context(popf) Performance suffered on trap-and-emulate
More informationErlang on Rumprun Unikernel
Erlang on Rumprun Unikernel An Erlang/Elixir platform enabling the microservices architecture. Neeraj Sharma neeraj.sharma@alumni.iitg.ernet.in Special Thanks Antti Kantee Author of Rumprun Unikernel Fred
More informationAWS Lambda. 1.1 What is AWS Lambda?
Objectives Key objectives of this chapter Lambda Functions Use cases The programming model Lambda blueprints AWS Lambda 1.1 What is AWS Lambda? AWS Lambda lets you run your code written in a number of
More informationHardware OS & OS- Application interface
CS 4410 Operating Systems Hardware OS & OS- Application interface Summer 2013 Cornell University 1 Today How my device becomes useful for the user? HW-OS interface Device controller Device driver Interrupts
More informationOS Agnostic Sandboxing Using Virtual CPUs
Berlin Institute of Technology FG Security in Telecommunications OS Agnostic Sandboxing Using Virtual CPUs Spring 6 - SIDAR Graduierten-Workshop über Reaktive Sicherheit Weiss Matthias Lange, March 21st,
More informationInternational Journal of Advance Engineering and Research Development. DPDK-Based Implementation Of Application : File Downloader
Scientific Journal of Impact Factor (SJIF): 4.72 International Journal of Advance Engineering and Research Development Volume 4, Issue 3, March -2017 e-issn (O): 2348-4470 p-issn (P): 2348-6406 DPDK-Based
More informationOperating System Kernels
Operating System Kernels Presenter: Saikat Guha Cornell University CS 614, Fall 2005 Operating Systems Initially, the OS was a run-time library Batch ( 55 65): Resident, spooled jobs Multiprogrammed (late
More informationVirtual Machine Monitors!
ISA 673 Operating Systems Security Virtual Machine Monitors! Angelos Stavrou, George Mason University! Virtual Machine Monitors 2! Virtual Machine Monitors (VMMs) are everywhere! Industry commitment! Software:
More informationLightVMs vs. Unikernels
1. Introduction LightVMs vs. Unikernels Due to the recent developments in technology, present day computers are so powerful that they are often times under-utilized. With the advent of virtualization,
More informationAn Analysis and Empirical Study of Container Networks
An Analysis and Empirical Study of Container Networks Kun Suo *, Yong Zhao *, Wei Chen, Jia Rao * University of Texas at Arlington *, University of Colorado, Colorado Springs INFOCOM 2018@Hawaii, USA 1
More informationCloud-Native Applications. Copyright 2017 Pivotal Software, Inc. All rights Reserved. Version 1.0
Cloud-Native Applications Copyright 2017 Pivotal Software, Inc. All rights Reserved. Version 1.0 Cloud-Native Characteristics Lean Form a hypothesis, build just enough to validate or disprove it. Learn
More informationLecture 4: Mechanism of process execution. Mythili Vutukuru IIT Bombay
Lecture 4: Mechanism of process execution Mythili Vutukuru IIT Bombay Low-level mechanisms How does the OS run a process? How does it handle a system call? How does it context switch from one process to
More informationKVM CPU MODEL IN SYSCALL EMULATION MODE ALEXANDRU DUTU, JOHN SLICE JUNE 14, 2015
KVM CPU MODEL IN SYSCALL EMULATION MODE ALEXANDRU DUTU, JOHN SLICE JUNE 14, 2015 AGENDA Background & Motivation Challenges Native Page Tables Emulating the OS Kernel 2 KVM CPU MODEL IN SYSCALL EMULATION
More information6.828: OS/Language Co-design. Adam Belay
6.828: OS/Language Co-design Adam Belay Singularity An experimental research OS at Microsoft in the early 2000s Many people and papers, high profile project Influenced by experiences at
More informationPerformance Evaluation of Virtualization Technologies
Performance Evaluation of Virtualization Technologies Saad Arif Dept. of Electrical Engineering and Computer Science University of Central Florida - Orlando, FL September 19, 2013 1 Introduction 1 Introduction
More informationMulti-Hypervisor Virtual Machines: Enabling An Ecosystem of Hypervisor-level Services
Multi-Hypervisor Virtual Machines: Enabling An Ecosystem of Hypervisor-level s Kartik Gopalan, Rohith Kugve, Hardik Bagdi, Yaohui Hu Binghamton University Dan Williams, Nilton Bila IBM T.J. Watson Research
More informationCloud and Datacenter Networking
Cloud and Datacenter Networking Università degli Studi di Napoli Federico II Dipartimento di Ingegneria Elettrica e delle Tecnologie dell Informazione DIETI Laurea Magistrale in Ingegneria Informatica
More informationContainers for NFV Peter Willis March 2017
Containers for NFV Peter Willis March 2017 Content What is containers Fundamental Benefits Use Cases Virtual CPE in the network/cloud Network Slicing Service Protection & Energy saving At the Edge/Fog
More informationHW isolation for automotive environment BoF
HW isolation for automotive environment BoF Michele Paolino m.paolino@virtualopensystems.com AGL All Member Meeting 2016, 2016-09-07, Munich, Germany http://www.tapps-project.eu/ Authorship and sponsorship
More informationSFO17-403: Optimizing the Design and Implementation of KVM/ARM
SFO17-403: Optimizing the Design and Implementation of KVM/ARM Christoffer Dall connect.linaro.org Efficient, isolated duplicate of the real machine Popek and Golberg [Formal requirements for virtualizable
More informationMerging Enterprise Applications with Docker* Container Technology
Solution Brief NetApp Docker Volume Plugin* Intel Xeon Processors Intel Ethernet Converged Network Adapters Merging Enterprise Applications with Docker* Container Technology Enabling Scale-out Solutions
More informationEfficient and Large Scale Program Flow Tracing in Linux. Alexander Shishkin, Intel
Efficient and Large Scale Program Flow Tracing in Linux Alexander Shishkin, Intel 16.09.2013 Overview Program flow tracing - What is it? - What is it good for? Intel Processor Trace - Features / capabilities
More informationCLOUD-NATIVE APPLICATION DEVELOPMENT/ARCHITECTURE
JAN WILLIES Global Kubernetes Lead at Accenture Technology jan.willies@accenture.com CLOUD-NATIVE APPLICATION DEVELOPMENT/ARCHITECTURE SVEN MENTL Cloud-native at Accenture Technology ASG sven.mentl@accenture.com
More informationXen and the Art of Virtualization. CSE-291 (Cloud Computing) Fall 2016
Xen and the Art of Virtualization CSE-291 (Cloud Computing) Fall 2016 Why Virtualization? Share resources among many uses Allow heterogeneity in environments Allow differences in host and guest Provide
More informationInterrupt response times on Arduino and Raspberry Pi. Tomaž Šolc
Interrupt response times on Arduino and Raspberry Pi Tomaž Šolc tomaz.solc@ijs.si Introduction Full-featured Linux-based systems are replacing microcontrollers in some embedded applications for low volumes,
More informationIBM Bluemix compute capabilities IBM Corporation
IBM Bluemix compute capabilities After you complete this section, you should understand: IBM Bluemix infrastructure compute options Bare metal servers Virtual servers IBM Bluemix Container Service IBM
More informationSELLING NODE.JS TO YOUR COLLEAGUES
SELLING NODE.JS TO YOUR COLLEAGUES 2018 Contents About Node.js Developer Productivity DevEx Cost Reduction Performance 2 About Node.js Node.js is emerging as a universal development platform for digital
More informationEE 660: Computer Architecture Cloud Architecture: Virtualization
EE 660: Computer Architecture Cloud Architecture: Virtualization Yao Zheng Department of Electrical Engineering University of Hawaiʻi at Mānoa Based on the slides of Prof. Roy Campbell & Prof Reza Farivar
More informationVirtualization Device Emulator Testing Technology. Speaker: Qinghao Tang Title 360 Marvel Team Leader
Virtualization Device Emulator Testing Technology Speaker: Qinghao Tang Title 360 Marvel Team Leader 1 360 Marvel Team Established in May 2015, the first professional could computing and virtualization
More informationMurray Goldschmidt. Chief Operating Officer Sense of Security Pty Ltd. Micro Services, Containers and Serverless PaaS Web Apps? How safe are you?
Murray Goldschmidt Chief Operating Officer Sense of Security Pty Ltd Micro Services, Containers and Serverless PaaS Web Apps? How safe are you? A G E N D A 1 2 3 Serverless, Microservices and Container
More informationCOMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy
COMPUTER ARCHITECTURE Virtualization and Memory Hierarchy 2 Contents Virtual memory. Policies and strategies. Page tables. Virtual machines. Requirements of virtual machines and ISA support. Virtual machines:
More informationFakultät Informatik Institut für Systemarchitektur, Betriebssysteme THE NOVA KERNEL API. Julian Stecklina
Fakultät Informatik Institut für Systemarchitektur, Betriebssysteme THE NOVA KERNEL API Julian Stecklina (jsteckli@os.inf.tu-dresden.de) Dresden, 5.2.2012 00 Disclaimer This is not about OpenStack Compute.
More informationChapter 5 C. Virtual machines
Chapter 5 C Virtual machines Virtual Machines Host computer emulates guest operating system and machine resources Improved isolation of multiple guests Avoids security and reliability problems Aids sharing
More informationThe Price of Safety: Evaluating IOMMU Performance
The Price of Safety: Evaluating IOMMU Performance Muli Ben-Yehuda 1 Jimi Xenidis 2 Michal Ostrowski 2 Karl Rister 3 Alexis Bruemmer 3 Leendert Van Doorn 4 1 muli@il.ibm.com 2 {jimix,mostrows}@watson.ibm.com
More informationCSC 5930/9010 Cloud S & P: Virtualization
CSC 5930/9010 Cloud S & P: Virtualization Professor Henry Carter Fall 2016 Recap Network traffic can be encrypted at different layers depending on application needs TLS: transport layer IPsec: network
More informationBUD17-301: KVM/ARM Nested Virtualization. Christoffer Dall
BUD17-301: KVM/ARM Nested Virtualization Christoffer Dall Nested Virtualization VM VM VM App App App App App VM App Hypervisor Hypervisor Hardware Terminology Nested VM VM Nested VM L2 App App App App
More informationKVM Weather Report. Amit Shah SCALE 14x
KVM Weather Report amit.shah@redhat.com SCALE 14x Copyright 2016, Licensed under the Creative Commons Attribution-ShareAlike License, CC-BY-SA. Virtualization Stack Virtualization Stack 3 QEMU Creates
More informationDistribution Kernel Security Hardening with ftrace
Distribution Kernel Security Hardening with ftrace Because sometimes your OS vendor just doesn't have the security features that you want. Written by: Corey Henderson Exploit Attack Surface Hardening system
More informationPractical and Efficient Exploit Mitigation for Embedded Devices
Practical and Efficient Exploit Mitigation for Embedded Devices Matthias Neugschwandtner IBM Research, Zurich Collin Mulliner Northeastern University, Boston Qualcomm Mobile Security Summit 2015 1 Embedded
More informationCS140 Operating Systems Midterm Review. Feb. 5 th, 2009 Derrick Isaacson
CS140 Operating Systems Midterm Review Feb. 5 th, 2009 Derrick Isaacson Midterm Quiz Tues. Feb. 10 th In class (4:15-5:30 Skilling) Open book, open notes (closed laptop) Bring printouts You won t have
More informationLINUX KVM FRANCISCO JAVIER VARGAS GARCIA-DONAS CLOUD COMPUTING 2017
LINUX KVM FRANCISCO JAVIER VARGAS GARCIA-DONAS CLOUD COMPUTING 2017 LINUX KERNEL-BASED VIRTUAL MACHINE KVM (for Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware
More informationContainer Isolation at Scale (... and introducing gvisor) Dawn Chen and Zhengyu He
Container Isolation at Scale (... and introducing gvisor) Dawn Chen and Zhengyu He Containers are amazing! Year 2013: Docker Inc. released its container engine Million downloads and about 8,000 docker
More informationSCALE 14X. The Bare-Metal Hypervisor as a Platform for Innovation. By Russell Pavlicek Xen Project Evangelist
SCALE 14X The Bare-Metal Hypervisor as a Platform for Innovation By Russell Pavlicek Xen Project Evangelist rcpavlicek@yahoo.com @RCPavlicek About the Old, Fat Geek Up Front Linux user since 1995; became
More informationW4118 Operating Systems. Junfeng Yang
W4118 Operating Systems Junfeng Yang What is a process? Outline Process dispatching Common process operations Inter-process Communication What is a process Program in execution virtual CPU Process: an
More informationTowards Application Security on Untrusted Operating Systems
Towards Application Security on Untrusted Operating Systems Dan R. K. Ports MIT CSAIL & VMware Tal Garfinkel VMware Motivation Many applications handle sensitive data financial, medical, insurance, military...
More informationXen and the Art of Virtualization. Nikola Gvozdiev Georgian Mihaila
Xen and the Art of Virtualization Nikola Gvozdiev Georgian Mihaila Outline Xen and the Art of Virtualization Ian Pratt et al. I. The Art of Virtualization II. Xen, goals and design III. Xen evaluation
More informationThe Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36
The Challenges of X86 Hardware Virtualization GCC- Virtualization: Rajeev Wankar 36 The Challenges of X86 Hardware Virtualization X86 operating systems are designed to run directly on the bare-metal hardware,
More informationMeasuring zseries System Performance. Dr. Chu J. Jong School of Information Technology Illinois State University 06/11/2012
Measuring zseries System Performance Dr. Chu J. Jong School of Information Technology Illinois State University 06/11/2012 Outline Computer System Performance Performance Factors and Measurements zseries
More informationWORKLOAD CHARACTERIZATION OF INTERACTIVE CLOUD SERVICES BIG AND SMALL SERVER PLATFORMS
WORKLOAD CHARACTERIZATION OF INTERACTIVE CLOUD SERVICES ON BIG AND SMALL SERVER PLATFORMS Shuang Chen*, Shay Galon**, Christina Delimitrou*, Srilatha Manne**, and José Martínez* *Cornell University **Cavium
More information