Isolating legacy applications with Lind

Matthews, Christopher James

27 March 2013

Legacy applications, often written in C, can be riddled with bugs. Sarcastically referred to as "veritable bug ranches", pre-existing legacy applications of substantial size and complexity are still commonplace. In this dissertation, I motivate, build and evaluate Lind, a sandbox for legacy applications. Lind decreases the impact of buggy programs on the system that runs them. It does this without changing their code or destroying the non-functional characteristics of the programs---such as performance, portability, light-weightedness and ease of deployment---which are the primary motivators for legacy software written in C. Lind borrows many principles of secure system design to help it isolate legacy applications so they cannot impact the rest of the system. To assess Lind, I evaluate how well legacy applications perform in Lind, how strong the isolation Lind provides is, and how easy it is to port applications to Lind---all to conclude that Lind is a viable proof-of-concept platform for legacy applications. / Graduate / 0984

Isolation

Sandboxing

Programming

Software bugs

Virtualization

Device driver reuse via virtual machines

LeVasseur, Joshua Thomas, Computer Science & Engineering, Faculty of Engineering, UNSW

January 2009

Device drivers constitute a significant portion of an operating system's source code. The effort to develop a new driver set is a sobering hurdle to the pursuit of novel operating system ventures. A practical solution is to reuse drivers, but this can contradict design goals in a new operating system. We offer a new approach to device-driver reuse, with a focus on promoting novel operating-system construction, which insulates the new operating system from the invariants of the reused drivers, while also addressing development effort. Our solution runs the drivers along with their original operating systems inside virtual machines, with some minor reuse infrastructure added to the driver's operating system to interface with the rest of the system. This approach turns the drivers into de-privileged applications of the new operating system, which separates their architectures and reduces cross-influences, and improves system dependability. Virtual machines help reuse drivers, but they also penalize performance. The known solution for improving virtual machine performance, para-virtualization, modifies the operating system to run on a hypervisor, which has an enormous cost: substantial development effort, and abandonment of many of virtualization's benefits such as modularity. These costs contradict our goals for driver reuse: to reduce development effort, and to easily reuse from a variety of operating systems. Thus we introduce a new approach to constructing virtual machines: pre-virtualization. Our solution combines the performance of para-virtualization with the modularity of traditional virtual machines. We still modify the operating system, but according to a set of principles called soft layering that preserves modularity, and via automation which reduces implementation costs. With pre-virtualization we can easily reuse device drivers. We describe our driver-reuse approach applied to a real system: we run virtual machines on the L4Ka::Pistachio microkernel, with reused Linux drivers. We include an evaluation and demonstrate that we achieve throughput comparable to the native Linux drivers, but with moderately higher CPU and memory utilization. Additionally, we describe how to apply pre-virtualization to multiple hypervisor environments. We include an evaluation of pre-virtualization, and demonstrate that it achieves comparable performance to para-virtualization for both the L4Ka::Pistachio and Xen hypervisors, with modularity.

Pre- and para-virtualization.

Operating system.

Virtual machines.

HEF: A Hardware-Assisted Security Evaluation Framework

January 2017

abstract: Hardware-Assisted Security (HAS) is an emerging technology that addresses the shortcomings of software-based virtualized environment. There are two major weaknesses of software-based virtualization that HAS attempts to address - performance overhead and security issues. Performance overhead caused by software-based virtualization is due to the use of additional software layer (i.e., hypervisor). Since the performance is highly related to efficiency of processing data and providing services, reducing performance overhead is one of the major concerns in data centers and enterprise networks. Software-based virtualization also imposes additional security issues in the virtualized environments. To resolve those issues, HAS is developed to offload security functions from application layer to a dedicated hardware, thereby achieving almost bare-metal performance and enhanced security. As a result, HAS gained more popularity and the number of studies regarding efficiency of the technology is increasing. However, there exists no attempt to our knowledge that provides a generic test mechanism that is universally applicable to all HAS devices. Preparing such a testbed for each specific HAS device is a time-consuming and costly task for hardware manufacturers and network administrators. Therefore, we try to address the demands of hardware vendors and researchers for a generic testbed that can evaluate both performance and security functions of the HAS-enabled systems. In this thesis, the HAS device evaluation framework (HEF) is defined for hardware vendors, network administrators, and researchers to measure performance of the system with HAS devices. HEF provides a generic test environments for a given HAS device by providing generic test metrics and evaluation mechanisms. HEF is also designed to take user-defined test metrics and test cases to support various hardware. The framework performs the entire process in an automated fashion, and thus it requires no user intervention. Finally, the efficacy of HEF is demonstrated by performing a case study using Intel QuickAssist Technology (QAT) adapter, which is a dedicated PCI express device for cryptographic tasks. / Dissertation/Thesis / Masters Thesis Computer Science 2017

Computer science

Hardware-assisted security

Virtualization

Performance Evaluation of Cassandra in a Virtualized Environment

Vellanki, Mohit

January 2017

Context. Apache Cassandra is an open-source, scalable, NoSQL database that distributes the data over many commodity servers. It provides no single point of failure by copying and storing the data in different locations. Cassandra uses a ring design rather than the traditional master-slave design. Virtualization is the technique using which physical resources of a machine are divided and utilized by various virtual machines. It is the fundamental technology, which allows cloud computing to provide resource sharing among the users.  Objectives. Through this research, the effects of virtualization on Cassandra are observed by comparing the virtual machine arrangement to physical machine arrangement along with the overhead caused by virtualization.  Methods. An experiment is conducted in this study to identify the aforementioned effects of virtualization on Cassandra compared to the physical machines. Cassandra runs on physical machines with Ubuntu 14.04 LTS arranged in a multi node cluster. Results are obtained by executing the mixed, read only and write only operations in the Cassandra stress tool on the data populated in this cluster. This procedure is repeated for 100% and 66% workload. The same procedure is repeated in virtual machines cluster and the results are compared.  Results. Virtualization overhead has been identified in terms of CPU utilization and the effects of virtualization on Cassandra are found out in terms of Disk utilization, throughput and latency.  Conclusions. The overhead caused due to virtualization is observed and the effect of this overhead on the performance of Cassandra has been identified. The consequence of the virtualization overhead has been related to the change in performance of Cassandra.

Cassandra

Virtualization

NoSQL databases

Computer Systems

Datorsystem

Servervirtualisering idag : En undersökning om servervirtualisering hos offentliga verksamheter i Sverige

Färlind, Filip, Ottosson, Kim

January 2014

I dagens läge saknas en sammanställning av hur servervirtualisering är implementerat och hur det fungerar hos olika verksamheter i Sverige. Detta arbete har därför, genom en enkätundersökning, besvarat frågeställningen: "Hur ser servervirtualiseringen ut hos kommuner och landsting i Sverige?" Resultaten visade bl.a. att servervirtualisering är väl implementerat av kommuner och landsting i Sverige. Resultaten var dessutom väldigt lika mellan dessa organisationer. Det genomförda arbetet ger olika typer av verksamheter stöd vid planering och implementering av servervirtualisering. / At present, there’s no summary of how server virtualization is implemented and how it works in different companies in Sweden. This work will therefore, through a survey, try to answer the question: "How is server virtualization implemented by municipality and county councils in Sweden?" Our results show that server virtualization is well implemented by municipality and county councils in Sweden. The results are also very similar between these organizations. Finalized work provides different types of companies support in planning and implementation of server virtualization.

Server virtualization

Servervirtualisering

Computer Sciences

Datavetenskap (datalogi)

Maitland: analysis of packed and encrypted malware via paravirtualization extensions

Benninger, Christopher Adam

04 April 2012

Malicious software (malware) attacks are an ever-increasing cyber-security problem. One reason for this trend is the widespread adoption of packing technology as a way to mask the semantics of binary instructions, hiding them from detection. Packing is so successful that it is estimated 70-80% of malicious programs utilize it to avoid detection [1]. The popularity of virtualization provides new tools for dealing with this threat. Researchers have successfully used facilities provided by virtualization to develop new ways of detecting and analyzing packed and encrypted malware. Methods like these typically require changes to the virtualization platform, making them difficult to deploy as well as hard to reuse. This thesis presents Maitland, a proof-of-concept unpacking system which achieves similar functionality to existing research, using paravirtualization extensions instead of requiring changes to the hypervisor. During our experiments, Maitland successfully exposed instructions in software that was packed by the UPX and gzexe packers. Maitland’s avoidance of changes to the hypervisor means it is better suited for quick deployment in a cloud environment. / Graduate

malware

virtualization

paravirtualization

cloud

Xen

Linux

Adaptive Management of Virtual Network Resources

Wanis, Bassem

January 2015

The past few years have witnessed a rapid emergence of large-scale, geographically dispersed, clouds offering in the form of an Infrastructure-as-a-Service (IaaS). The adoption of these services requires the deployment of new networking technologies. This in turn, ensures the performance of the offered cloud services. Network virtualization has been proposed as a key attribute of the future inter-networking paradigm, providing efficient resource management solutions. Among the challenges that need yet to be addressed is the necessity to provide dynamic quality differentiated network services. In addition, it is required to guarantee the availability of network resources in response to workload fluctuations. Finally, it is necessary to periodically re-optimize the resource provisioning to be able to provide efficient resource utilization. These challenges are the motivation behind this work which aimed at developing a novel adaptive resource management model based on network virtualization. First, the proposed work describes a novel Virtual-Network-as-a-Service (VNaaS) model offering differentiated network-aware cloud services, resulting in a guarantee for the quality of the offered applications. This is achieved by enabling the cloud application providers to accurately express their dynamic needs, demand constraints and their network latency tolerance. The proposed work also enables the infrastructure provider to offer Elasticity-as-a-Service (EaaS) for the communication links by estimating and reserving the adequate pool of resources needed to fulfill the network workload fluctuations. This EaaS is offered at differentiated levels according to the hosted applications bandwidth-sensitivity. Finally, the proposed work employs a novel network resource re-optimization technique. The latter efficiently performs rearrangement for the VN portions contributing to the fragmentation of the underlying network. Simulation results demonstrate the effectiveness of the presented work and the significant gains achieved in terms of better adaptive network resource management.

Network Virtualization

Cloud Computing

Resource Management

Optimization

Síťový storage pro účely virtualizace / Network storage for virtualization

Korbelář, Jakub

January 2014

The diploma thesis is focused on expansion of current KVM virtualization infrastructure with network storage in a web hosting company environment. The first part describes the basics of the network storage field, and the virtualization field as well. This is amended by a description of the current solution in the company, which is going to be expanded. The searching for suitable innovative solution is following, several variants are found, each of them is commented and their advantages and disadvantages are summarized. The realization of the selected solution is implemented, including the testing on the practical part.

Alta disponibilidade em serviços essenciais utilizando virtualização / High availability for essential services using virtualization

Caciato, Luciano Eduardo, 1975-

27 August 2018

Orientador: Maurício Ferreira Magalhães / Dissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação / Made available in DSpace on 2018-08-27T08:36:36Z (GMT). No. of bitstreams: 1 Caciato_LucianoEduardo_M.pdf: 3777217 bytes, checksum: aaac15680ca349eb66c9bd9802c41a15 (MD5) Previous issue date: 2015 / Resumo: A disponibilidade dos serviços de tecnologia da informação é fundamental para empresas, bancos e instituições públicas. As informações são crucias para a tomada de decisão, elevando a competitividade e aumentando os lucros, além disso, empresas ou instituições com boa reputação na prestação dos serviços são sólidas e admiradas no mercado. Os sistemas de informações devem prover a maior disponibilidade possível de seus serviços e a alta disponibilidade e a virtualização são excelentes estratégias para alcançar este objetivo. A literatura mostra que existem várias implementações para garantir a disponibilidade dos serviços, porém todas são baseadas na alta disponibilidade no nível da virtualização, preocupando-se em manter, migrar ou iniciar uma ou várias máquinas virtuais em um data center. Nesta dissertação a proposta consiste na implementação da virtualização e da alta disponibilidade indo além dos hypervisors, ou seja, nos sistemas operacionais hospedados nas máquinas virtuais. O objetivo é garantir a disponibilidade dos serviços não controlados pela virtualização garantindo assim um menor tempo possível de indisponibilidade dos serviços oferecidos pelos sistemas de informação / Abstract: Availability of services of information technology is essential for companies, banks and public institutions. The information is vital for decision making, increasing the competitiveness and boosting profits, in addition, a company or institution with good reputation in service delivery are solid and admired by the market. Information systems must provide the highest possible availability of their services and high availability and virtualization are excellent strategies to achieve this goal. There are several implementations to ensure availability of services the literature, but all are based on the level of high availability virtualization, concerned to maintain, migrate or initiate one or more virtual machines in a data center. In this dissertation, the proposal consists of the implementation of virtualization and high availability that goes beyond hypervisors, ie the hosted operating systems in virtual machines with the objective to ensure the availability of virtualization services not controlled by ensuring lowest possible downtime of information systems / Mestrado / Engenharia de Computação / Mestre em Engenharia Elétrica

Virtualização

Computação em nuvem

Virtualization

Cloud computing

Virtualizace a optimalizace IT infrastruktury ve společnosti / Virtualization and optimization of IT infrastructure in the company

Lipták, Roman

January 2019

Master’s thesis deals with the use of virtualization and consolidation technologies in order to optimize IT infrastructure in a selected company. The analysis contains current state of IT infrastructure and requirements for future upgrade. The theoretical part contains description of technologies and procedures used in virtualization and consolidation. Subsequently, the proposal of optimization and expansion of IT equipment is created together with management, implementation and economic evaluation of the solution.