Análisis de una plataforma para aplicaciones web con una arquitectura basada en contenedores para implementar servicios dirigidos a startups

Quispe Cieza, Francisco

27 February 2020

Cuando una startup sale al mercado, se enfoca en crecer exponencialmente, utilizando una idea innovadora y un presupuesto relativamente bajo. Este crecimiento exponencial se apoya en la tecnología, la cual debe manejar un rendimiento adecuado en los recursos de hardware para los servicios, acorde con el giro del negocio. El objetivo principal de este trabajo es realizar un análisis de una plataforma para aplicaciones web con una arquitectura basada en contenedores, que sea capaz de soportar el crecimiento exponencial de usuarios de sus servicios Web. Las arquitecturas tradicionales basadas en servidores físicos implican tiempos y costos de configuración, despliegue y mantenimiento que son altos. Cuando se hace necesario escalar, se requiere, normalmente, de más recursos de hardware y de tiempo para realizar las configuraciones necesarias. La flexibilidad que provee la virtualización de servidores agiliza los procedimientos de escalamiento y reduce considerablemente el tiempo y los costos, comparados con las soluciones basadas solamente en hardware. Sin embargo, para atender requerimientos más exigentes, la virtualización tiene una huella muy pesada y tiempos de despliegue todavía elevados. La tecnología de contenedores nos ofrece una plataforma liviana y eficiente. Un contenedor es un paquete ejecutable muy liviano que aísla una pieza de software, incluyendo todo lo necesario para ser ejecutado. Está claro que la velocidad y la eficiencia son las mayores necesidades para las startups, y Docker, uno de los líderes en el mercado de contenedores de software, es capaz de proporcionarlas de manera efectiva. Si bien es cierto no ha reemplazado a las máquinas virtuales, se está notando el potencial de Docker. Eso no quiere decir que las máquinas virtuales quedaran obsoletas, por el contrario, Docker y las máquinas virtuales coexistirán uno al lado del otro, dando a los startups más opciones para ejecutar sus aplicaciones en la nube. / When a startup goes to market, it focuses on growing exponentially, using an innovative idea and a relatively low budget. This exponential growth is supported by technology, which must handle adequate performance in the hardware resources for services, in accordance with the line of business. The main objective of this work is to carry out an analysis of a platform for web applications with a container-based architecture, which is capable of supporting the exponential growth of users of its Web services. Traditional physical server-based architectures involve high configuration, deployment, and maintenance times and costs. When scaling becomes necessary, it usually takes more hardware and time to complete the necessary configurations. The flexibility that server virtualization provides streamlines escalation procedures and greatly reduces time and cost, compared to hardware-only solutions. However, to meet more demanding requirements, virtualization has a very heavy footprint and still high deployment times. Container technology offers us a lightweight and efficient platform. A container is a very lightweight executable package that isolates a piece of software, including everything needed to be run. It is clear that speed and efficiency are the greatest needs for startups, and Docker, one of the leaders in the software container market, is capable of providing them effectively. While it's true it hasn't replaced virtual machines, Docker's potential is being noticed. That doesn't mean that virtual machines will become obsolete, on the contrary, Docker and virtual machines will coexist side by side, giving startups more options to run their applications in the cloud. / Tesis

Aplicaciones web

Startups

Máquinas virtuales

Linux

Web applications

Virtual machines

Dynamic software updates : a VM-centric approach

Subramanian, Suriya

26 January 2011

Because software systems are imperfect, developers are forced to fix bugs and add new features. The common way of applying changes to a running system is to stop the application or machine and restart with the new version. Stopping and restarting causes a disruption in service that is at best inconvenient and at worst causes revenue loss and compromises safety. Dynamic software updating (DSU) addresses these problems by updating programs while they execute. Prior DSU systems for managed languages like Java and C# lack necessary functionality: they are inefficient and do not support updates that occur commonly in practice. This dissertation presents the design and implementation of Jvolve, a DSU system for Java. Jvolve's combination of flexibility, safety, and efficiency is a significant advance over prior approaches. Our key contribution is the extension and integration of existing Virtual Machine services with safe, flexible, and efficient dynamic updating functionality. Our approach is flexible enough to support a large class of updates, guarantees type-safety, and imposes no space or time overheads on steady-state execution. Jvolve supports many common updates. Users can add, delete, and change existing classes. Changes may add or remove fields and methods, replace existing ones, and change type signatures. Changes may occur at any level of the class hierarchy. To initialize new fields and update existing ones, Jvolve applies class and object transformer functions, the former for static fields and the latter for object instance fields. These features cover many updates seen in practice. Jvolve supports 20 of 22 updates to three open-source programs---Jetty web server, JavaEmailServer, and CrossFTP server---based on actual releases occurring over a one to two year period. This support is substantially more flexible than prior systems. Jvolve is safe. It relies on bytecode verification to statically type-check updated classes. To avoid dynamic type errors due to the timing of an update, Jvolve stops the executing threads at a DSU safe point and then applies the update. DSU safe points are a subset of VM safe points, where it is safe to perform garbage collection and thread scheduling. DSU safe points further restrict the methods that may be on each thread's stack, depending on the update. Restricted methods include updated methods for code consistency and safety, and user-specified methods for semantic safety. Jvolve installs return barriers and uses on-stack replacement to speed up reaching a safe point when necessary. While Jvolve does not guarantee that it will reach a DSU safe point, in our multithreaded benchmarks it almost always does. Jvolve includes a tool that automatically generates default object transformers which initialize new and changed fields to default values and retain values of unchanged fields in heap objects. If needed, programmers may customize the default transformers. Jvolve is the first dynamic updating system to extend the garbage collector to identify and transform all object instances of updated types. This dissertation introduces the concept of object-specific state transformers to repair application heap state for certain classes of bugs that corrupt part of the heap, and a novel methodology that employes dynamic analysis to automatically generate these transformers. Jvolve's eager object transformation design and implementation supports the widest class of updates to date. Finally, Jvolve is efficient. It imposes no overhead during steady-state execution. During an update, it imposes overheads to classloading and garbage collection. After an update, the adaptive compilation system will incrementally optimize the updated code in its usual fashion. Jvolve is the first full-featured dynamic updating system that imposes no steady-state overhead. In summary, Jvolve is the most-featured, most flexible, safest, and best-performing dynamic updating system for Java and marks a significant step towards practical support for dynamic updates in managed language virtual machines. / text

Programming languages

Object-oriented programming languages

Virtual Machines

Java Virtual Machines

Java

Dynamic software updating

Jvolve

Safe points

Updating code

Piktavališkos programinės įrangos virtualių mašinų aplinkoje aptikimo metodikos sudarymas ir tyrimas / Development and research of malicious software detection technique in virtual machines environment

Rudzika, Darius

13 August 2010

Saugos problemos virtualizuotose aplinkose tampa vis aktualesnės, todėl darbe nagrinėjama piktavališkos programinės įrangos virtualių mašinų aplinkoje aptikimo problematika. Darbe pateikiama: 1)piktavališkos programinės įrangos veikiančios virtualizuotose aplinkose analizė 2)metodikos, piktavališkos programinės įrangos virtualių mašinų aplinkoje aptikimui, sudarymas 3)piktavališkos programinės įrangos virtualioje mašinoje aptikimo, panaudojant sudaryta metodiką, eksperimento rezultatai ir jų priklausomybė nuo virtualios mašinos darbinės atminties dydžio. / In the context of virtual environment, The Security problems are highly important. The work presents analysis of malware types and it‘s presence in virtualized environments. Work also presents some results of experiments that have been carried out within the real virtual machine environment through modeling aiming to identify dependencies between the malware type, called Rootkits, detection time and the virtual machine memory size. Rootkits exploit kernel vulnerabilities and gain privileges (popularity) within any system, virtual or not. The basic result of the work is as follows: 1) the malware detection methodology for the virtual environment when the memory size of a virtual machine is changing; 2) dependences between the virtual machine memory size and Rootkit detection time.

Informatics

Virtualizacija

Piktavališka programinė įranga

Aptikimas

Virtualios mašinos

Virtualization

Malware

Detection

Virtual machines

System Infrastructure for Mobile-Cloud Convergence

Ha, Kiryong

01 December 2016

The convergence of mobile computing and cloud computing enables new mobile applications that are both resource-intensive and interactive. For these applications, end-to-end network bandwidth and latency matter greatly when cloud resources are used to augment the computational power and battery life of a mobile device. This dissertation designs and implements a new architectural element called a cloudlet, that arises from the convergence of mobile computing and cloud computing. Cloudlets represent the middle tier of a 3-tier hierarchy, mobile device — cloudlet—cloud, to achieve the right balance between cloud consolidation and network responsiveness. We first present quantitative evidence that shows cloud location can affect the performance of mobile applications and cloud consolidation. We then describe an architectural solution using cloudlets that are a seamless extension of todays cloud computing infrastructure. Finally, we define minimal functionalities that cloudlets must offer above/beyond standard cloud computing, and address corresponding technical challenges.

Mobile Computing

Cloud Computing

Cloudlets

Edge Computing

Mobile Edge Computing

Virtual Machines

Analysis and Detection of Heap-based Malwares Using Introspection in a Virtualized Environment

Javaid, Salman

13 August 2014

Malware detection and analysis is a major part of computer security. There is an arm race between security experts and malware developers to develop various techniques to secure computer systems and to find ways to circumvent these security methods. In recent years process heap-based attacks have increased significantly. These attacks exploit the system under attack via the heap, typically by using a heap spraying attack. The main drawback with existing techniques is that they either consume too many resources or are complicated to implement. Our work in this thesis focuses on new methods which offloads process heap analysis for guest Virtual Machines (VM) to the privileged domain using Virtual Machine Introspection (VMI) in a Cloud environment. VMI provides us with a seamless, non-intrusive and invisible (to malwares) way of observing the memory and state of VMs without raising red flags for the malwares.

Computer and Systems Architecture

An Investigation of the Impact of the Slow HTTP DOS and DDOS attacks on the Cloud environment

Helalat, Seyed Milad

January 2017

Cloud computing has brought many benefits to the IT industry, and could reduce the cost and facilitate the growth of businesses specially the startup companies which don’t have enough financial resources to build their own IT infrastructure. One of the main reason that companies hesitate to use cloud services is the security issues that the cloud computing technology has. This thesis at the beginning has an overview on the cloud computing concept and then reviews the cloud security vulnerabilities according to the cloud security alliance, then it describes the cloud denial of service and will focus on analyzing the Slow HTTP DOS attack and then will analyze the direct and indirect impact of these attacks on virtual machines. We decided to analyze the HTTP slow rate attacks because of the craftiness and covered characteristic also the catastrophic impact of the Slow HTTP attack whether it’s lunched on the cloud component or lunched from the cloud. There are some researches on the different way that a web server or web service can be protected against slow HTTP attacks, but there is a research gap about the impact of the attack on virtual environment or whether this attack has cross VM impact or not. This thesis investigates the impact of Slow HTTP attack on virtualization environment and will analyze the direct and indirect impact of these attack. For analyzing the Slow HTTP attacks, Slow headers, Slow body and Slow read are implemented using Slowhttptest and OWASP Switchblade software, and Wireshark is used to capture the traffic. For analyzing the impact of the attack, attacks are lunched on VirtualBox and the impact of the attack on the victim VM and neighbor VM is measured.

Slow HTTP DOS

Cloud computing Vulnerabilities

DOS on cloud

DOS on Virtual machines

Telecommunications

Telekommunikation

Memory Dispatcher: uma contribuição para a gerência de recursos em ambientes virtualizados. / Memory Dispatcher: a contribution to resource management in virtual environments.

Baruchi, Artur

26 March 2010

As Máquinas Virtuais ganharam grande importância com o advento de processadores multi-core (na plataforma x86) e com o barateamento de componentes de hardware, como a memória. Por conta desse substancial aumento do poder computacional, surgiu o desafio de tirar proveito dos recursos ociosos encontrados nos ambientes corporativos, cada vez mais populados por equipamentos multi-core e com vários Gigabytes de memória. A virtualização, mesmo sendo um conceito já antigo, tornou-se novamente popular neste cenário, pois com ela foi possível utilizar melhor os recursos computacionais, agora abundantes. Este trabalho tem como principal foco estudar algumas das principais técnicas de gerência de recursos computacionais em ambientes virtualizados. Apesar de muitos dos conceitos aplicados nos projetos de Monitores de Máquinas Virtuais terem sido portados de Sistemas Operacionais convencionais com pouca, ou nenhuma, alteração; alguns dos recursos ainda são difíceis de virtualizar com eficiência devido a paradigmas herdados desses mesmos Sistemas Operacionais. Por fim, é apresentado o Memory Dispatcher (MD), um mecanismo de gerenciamento de memória, com o objetivo principal de distribuir a memória entre as Máquinas Virtuais de modo mais eficaz. Este mecanismo, implementado em C, foi testado no Monitor de Máquinas Virtuais Xen e apresentou ganhos de memória de até 70%. / Virtual Machines have gained great importance with advent of multi-core processors (on platform x86) and with low cost of hardware parts, like physical memory. Due to this computational power improvement a new challenge to take advantage of idle resources has been created. The virtualization technology, even being an old concept became popular in research centers and corporations. With this technology idle resources now can be exploited. This work has the objective to show the main techniques to manage computational resources in virtual environments. Although many of current concepts used in Virtual Machine Monitors project has been ported, with minimal changes, from conventional Operating Systems there are some resources that are difficult to virtualize with efficiency due to old paradigms still present in Operating Systems projects. Finally, the Memory Dispatcher (MD) is presented, a mechanism used to memory management. The main objective of MD is to improve the memory share among Virtual Machines. This mechanism was developed in C and it was tested in Xen Virtual Machine Monitor. The MD showed memory gains up to 70%.

Gerência de recursos

Máquinas virtuais

Monitor de máquinas virtuais

Operating system

Virtual machine monitor

Virtual machines

Virtualização

Virtualization

[en] INTEGRATING THE LUA LANGUAGE AND THE COMMON LANGUAGE RUNTIME / [pt] INTEGRAÇÃO ENTRE A LINGUAGEM LUA E O COMMON LANGUAGE RUNTIME

FABIO MASCARENHAS DE QUEIROZ

27 May 2004

[pt] O Common Language Runtime (CLR) é uma plataforma criada com o objetivo de facilitar a interoperabilidade entre diferentes linguagens de programação, através de uma linguagem intermediária (a Common Intermediate Language, ou CIL) e um sistema de tipos comum (o Common Type System, ou CTS). Lua é uma linguagem de script flexível e de sintaxe simples; linguagens de script são frequentemente usadas para juntar componentes escritos em outras linguagens, para construir protótipos de aplicações, e em arquivos de configuração. Este trabalho apresenta duas abordagens de integração entre a linguagem Lua e o CLR, com o objetivo de permitir que scripts Lua instanciem e usem componentes escritos para o CLR. A primeira abordagem é a de criar uma ponte entre o interpretador Lua e o CLR, sem modificar o interpretador. Os recursos e a implementação desta ponte são mostrados, e ela é comparada com trabalhos que seguem a mesma abordagem. A segunda abordagem é a de compilar as instruções da máquina virtual do interpretador Lua para instruções da Common Intermediate Language Do CLR, sem introduzir mudanças na linguagem Lua. A implementação de um compilador de instruções Lua para CIL é mostrada, e o desempenho de scripts compilados por ele é comparado com o desempenho dos mesmos scripts executados pelo interpretador Lua e com o de scripts equivalentes compilados por outros compiladores de linguagens de script para o CLR. / [en] The Common Language Runtime (CLR) is a platform that aims to make the interoperability among different programming languages easier, by using a common language (the Common Intermediate Language, or CIL) and a common type system (the Common Type System, or CTS). Lua is a flexible scripting language with a simple syntax; scripting languages are frequently used to join components written in other languages, to build application prototypes, and in configuration files. This work presents two approachs for integratiion between the Lua language and the CLR, with the objective of allowing Lua scripts to instantiate and use components written for the CLR. The first approach is to create a bridge between the Lua interpreter and the CLR, without changing the interpreter. The features and implementation of this bridge are shown, and it is compared with other work following the same approach. The second approach is to compile the virtual-machine instructions of the Lua interpreter to instructions of the CLR s Common Intermediate Language, without introducing changes to the Lua language. The implementation of a Lua instructions to CIL compiler is shown, and the performance of scripts compiled by it is compared with the performance of the same scripts run by the Lua interpreter and with the performance of equivalent scripts compiled by compilers of other scripting language to the CLR.

[pt] LINGUAGEM LUA

[en] LUA PROGRAMMING LANGUAGE

[pt] COMPILADORES

[en] COMPILERS

[pt] MAQUINAS VIRTUAIS

[en] VIRTUAL MACHINES

Applications of information sharing for code generation in process virtual machines

Kyle, Stephen Christopher

January 2016

As the backbone of many computing environments today, it is important that process virtual machines be both performant and robust in mobile, personal desktop, and enterprise applications. This thesis focusses on code generation within these virtual machines, particularly addressing situations where redundant work is being performed. The goal is to exploit information sharing in order to improve the performance and robustness of virtual machines that are accelerated by native code generation. First, the thesis investigates the potential to share generated code between multiple threads in a dynamic binary translator used to perform instruction set simulation. This is done through a code generation design that allows native code to be executed by any simulated core and adding a mechanism to share native code regions between threads. This is shown to improve the average performance of multi-threaded benchmarks by 1.4x when simulating 128 cores on a quad-core host machine. Secondly, the ahead-of-time code generation system used for executing Android applications is improved through the use of profiling. The thesis investigates the potential for profiles produced by individual users of applications to be shared and merged together to produce a generic profile that still provides a lot of benefit for a new user who is then able to skip the expensive profiling phase. These profiles can not only be used for selective compilation to reduce code-size and installation time, but can also be used for focussed optimisation on vital code regions of an application in order to improve overall performance. With selective compilation applied to a set of popular Android applications, code-size can be reduced by 49.9% on average, while installation time can be reduced by 31.8%, with only an average 8.5% increase in the amount of sequential runtime required to execute the collected profiles. The thesis also shows that, among the tested users, the use of a crowd-sourced and merged profile does not significantly affect their estimated performance loss from selective compilation (0.90x-0.92x) in comparison to when they they perform selective compilation with their own unique profile (0.93x). Furthermore, by proposing a new, more powerful code generator for Android’s virtual machine, these same profiles can be used to perform focussed optimisation, which preliminary results show to increase runtime performance across a set of common Android benchmarks by 1.46x-10.83x. Finally, in such a situation where a new code generator is being added to a virtual machine, it is also important to test the code generator for correctness and robustness. The methods of execution of a virtual machine, such as interpreters and code generators, must share a set of semantics about how programs must be executed, and this can be exploited in order to improve testing. This is done through the application of domain-aware binary fuzzing and differential testing within Android’s virtual machine. The thesis highlights a series of actual code generation and verification bugs that were found in Android’s virtual machine using this testing methodology, as well as comparing the proposed approach to other state-of-the-art fuzzing techniques.

005.4

Memory Dispatcher: uma contribuição para a gerência de recursos em ambientes virtualizados. / Memory Dispatcher: a contribution to resource management in virtual environments.

Artur Baruchi

26 March 2010

As Máquinas Virtuais ganharam grande importância com o advento de processadores multi-core (na plataforma x86) e com o barateamento de componentes de hardware, como a memória. Por conta desse substancial aumento do poder computacional, surgiu o desafio de tirar proveito dos recursos ociosos encontrados nos ambientes corporativos, cada vez mais populados por equipamentos multi-core e com vários Gigabytes de memória. A virtualização, mesmo sendo um conceito já antigo, tornou-se novamente popular neste cenário, pois com ela foi possível utilizar melhor os recursos computacionais, agora abundantes. Este trabalho tem como principal foco estudar algumas das principais técnicas de gerência de recursos computacionais em ambientes virtualizados. Apesar de muitos dos conceitos aplicados nos projetos de Monitores de Máquinas Virtuais terem sido portados de Sistemas Operacionais convencionais com pouca, ou nenhuma, alteração; alguns dos recursos ainda são difíceis de virtualizar com eficiência devido a paradigmas herdados desses mesmos Sistemas Operacionais. Por fim, é apresentado o Memory Dispatcher (MD), um mecanismo de gerenciamento de memória, com o objetivo principal de distribuir a memória entre as Máquinas Virtuais de modo mais eficaz. Este mecanismo, implementado em C, foi testado no Monitor de Máquinas Virtuais Xen e apresentou ganhos de memória de até 70%. / Virtual Machines have gained great importance with advent of multi-core processors (on platform x86) and with low cost of hardware parts, like physical memory. Due to this computational power improvement a new challenge to take advantage of idle resources has been created. The virtualization technology, even being an old concept became popular in research centers and corporations. With this technology idle resources now can be exploited. This work has the objective to show the main techniques to manage computational resources in virtual environments. Although many of current concepts used in Virtual Machine Monitors project has been ported, with minimal changes, from conventional Operating Systems there are some resources that are difficult to virtualize with efficiency due to old paradigms still present in Operating Systems projects. Finally, the Memory Dispatcher (MD) is presented, a mechanism used to memory management. The main objective of MD is to improve the memory share among Virtual Machines. This mechanism was developed in C and it was tested in Xen Virtual Machine Monitor. The MD showed memory gains up to 70%.

Gerência de recursos

Máquinas virtuais

Monitor de máquinas virtuais

Virtualização

Operating system

Virtual machine monitor

Virtual machines

Virtualization