Global ETD Search

41	Formal models and verification of memory management in a hypervisor / Modèles formels et vérification de la gestion de la mémoire dans un hyperviseur Bolignano, Pauline 24 May 2017 (has links) Un hyperviseur est un logiciel qui virtualise les ressources d'une machine physique pour permettre à plusieurs systèmes d'exploitation invités de s'exécuter simultanément dessus. L'hyperviseur étant le gestionnaire des ressources, un bug peut être critique pour les systèmes invités. Dans cette thèse nous nous intéressons aux propriétés d'isolation de la mémoire d'un hyperviseur de type 1, qui virtualise la mémoire en utilisant des Shadow Page Tables. Plus précisément, nous présentons un modèle concret et un modèle abstrait de l'hyperviseur, et nous prouvons formellement que les systèmes d'exploitation invités ne peuvent pas altérer ou accéder aux données privées des autres s'ils n'en ont pas la permission. Nous utilisons le langage et l'assistant de preuve développés par Prove & Run pour ce faire. Le modèle concret comporte beaucoup d'optimisations, qui rendent les structures de données et les algorithmes complexes, il est donc difficile de raisonner dessus. C'est pourquoi nous construisons un modèle abstrait dans lequel il est plus facile de raisonner. Nous prouvons les propriétés sur le modèle abstrait, et nous prouvons formellement sa correspondance avec le modèle concret, de telle manière que les preuves sur le modèle abstrait s'appliquent au modèle concret. La preuve correspondance n'est valable que pour des états concrets qui respectent certaines propriétés, nous prouvons que ces propriétés sont des invariants du système concret. La preuve s'articule donc en trois phases : la preuve d'invariants au niveau concret, la preuve de correspondance entre les modèles abstraits et concret, et la preuve des propriétés de sécurité au niveau abstrait. / A hypervisor is a software which virtualizes hardware resources, allowing several guest operating systems to run simultaneously on the same machine. Since the hypervisor manages the access to resources, a bug can be critical for the guest Oses. In this thesis, we focus on memory isolation properties of a type 1 hypervisor, which virtualizes memory using Shadow Page Tables. More precisely, we present a low-level and a high-level model of the hypervisor, and we formally prove that guest OSes cannot access or tamper with private data of other guests, unless they have the authorization to do so. We use the language and the proof assistant developed by Prove & Run. There are many optimizations in the low-level model, which makes the data structures and algorithms complexes. It is therefore difficult to reason on such a model. To circumvent this issue, we design an abstract model in which it is easier to reason. We prove properties on the abstract model, and we prove its correspondence with the low-level model, in such a way that properties proved on the abstract model also hold for the low-level model. The correspondence proof is valid only for low-level states which respect some properties. We prove that these properties are invariants of the low-level system. The proof can be divided into three parts : the proof of invariants preservation on the low-level, the proof of correspondence between abstract and low-level models, and proof of the security properties on the abstract level. Hyperviseur Preuve formelle Sécurité Mémoire Virtualisation Hypervisor Formal proof Security Memory Page tables
42	Virtualizace v IS/ICT / Virtualization in IS/ICT Naiman, Michal January 2009 (has links) The goal of the thesis is to examine and assess actual portfolio of products on the market for server visualization and to compare performance of individual products with performance of the physical machine. The research and the assessment of the actual portfolio will be carried out with the focus on current trends in the area of server virtualization, reasons for realization, and important aspects for their successful implementation. The comparison will be carried out in areas of supported platforms, hardware emulation spectra, hardware limitations, licensing and prices. Further it will be performed comparison in the form of benchmark performance in areas of CPU, RAM, hard-drive throughput, and network throughput of most commonly used products for server virtualization.
43	Systèmes véhiculaires à domaines de sécurité et de criticité multiples : une passerelle systronique temps réel / Vehicular systems with multiple security and criticality domains : a real-time sytronic gateway Thierry, Philippe 02 July 2014 (has links) De nos jours, les véhicules intègrent de plus en plus de systèmes interconnectés. Ces systèmes ont des fonctions aussi nombreuses que complexes et sont soumis à des contraintes de sureté de fonctionnement (dont le temps réel) mais également de plus en plus de sécurité. Avec l'apparition des véhicules connectés, il devient nécessaire de faire communiquer ces différents systèmes, tant pour les gérer au niveau véhiculaire que potentiellement à distance. Faire communiquer ces différents réseaux, a fortiori dans les véhicules militaires, implique la prise en compte de diverses contraintes. Ces contraintes nécessitent d'être traitées par des éléments en coupure entre les différents systèmes. Un tel élément est alors en charge de protéger ces derniers en termes de sûreté de fonctionnement et de sécurité mais doit également assurer un transfert efficace et borné de l'information. Dans cette thèse, nous avons proposé une architecture logicielle de passerelle permettant de répondre à ces différentes contraintes et d'assurer ainsi l'interconnexion de tous ces systèmes. La solution se présente comme un framework permettant d'intégrer divers modules sur une architecture partitionnée et sûre, afin de pouvoir répondre à divers besoins spécifiques aux systèmes véhiculaires / Nowadays, vehicular systems are composed of more and more interconnected systems. Those systems manage a lot of complex functions and must comply with various safety-critical requirements (such as real-time) but also more and more with security requirements. With the new connected vehicles, it is necessary to make these various systems communicate, in order to manage locally or remotely the overall vetronic system. Make these systems communicate, moreover in military vehicles, implies to support various constraints. Theses constraints need to be supported by specific elements, used as gateways between each vehicle system needing external communication. This gateway has to protect each system in term of safety and security, but also has to guarantee an efficient upper-bounded transfer between them. In this thesis, we have proposed a software architecture for these gateways, compliant with the various vehicular security and safety requirements. The solution is proposed as a framework, supporting a modular configuration and able to aggregate various modules on a partitioned software architecture. Such an aggregation is then able to respond to the various vehicular specific needs such as security and real-time Temps réel Sécurité Virtualisation Vétronique Hyperviseur Mils Real time Security Virtualizatoin Vetronic Hypervisor Mils
44	Analysis of Entropy Levels in the Entropy Pool of Random Number Generator / Analysis of Entropy Levels in the Entropy Pool of Random Number Generator Krempa, Peter January 2013 (has links) V informatice je pojem entropie obvykle znám jako nahodný proud dat. Tato práce krátce shrnuje metody generovaní nahodných dat a popisuje generátor náhodnych čísel, jež je obsažen v jádře operačního systému Linux. Dále se práce zabývá určením bitové rychlosti generování nahodných dat tímto generátorem ve virtualizovaném prosředí, které poskytují různé hypervizory. Práce popíše problémy nízkého výkonu generátory nahodných dat ve virtualním prostředí a navrhne postup pro jejich řešení. Poté je nastíňena implementace navržených postupů, které je podrobena testům a její vysledky jsou porovnány s původním systémem. Systém pro distribuci entropie může dále vylepšit množství entropie v sytémovém jádře o několik řádu, pokud je připojen k vykonému generátoru nahodných dat.
45	Návrh na optimalizaci serverů s využitím virtualizace a konsolidace / Proposal for Optimization of Servers Using Virtualization and Consolidation Havelka, Ondřej January 2016 (has links) The purpose of master's thesis is preparing the proposal for optimization of servers using virtualization and consolidation. The master's thesis is divided into three parts. The first one is engaged theoretical ground of computer network, second part analyses the current state of IT infrastructure within the specific business. The last part contains the proposal to modernization and optimization of existing server solution including summary of expected costs for realization od proposal.
46	Aplikační rozhraní pro administraci projektu Libvirt / Libvirt Admintration API Škultéty, Erik January 2016 (has links) Tato práce se zabývá problematikou virtualizace, konkrétně virtualizační knihovnou libvirt, cílem které je správa virtuálních strojů a podpora různých typů hypervizorů a virtualizačních řešení jednotným způsobem transparentním pro uživatele. Podstatná část funkcionality knihovny libvirt je na pozadí implementována formou démona libvirtd. Ačkoliv libvirtd démon poskytuje služby pro správu virtuálních strojů, neumožňuje správu sebe samého, kromě změn hodnot parametrů v konfiguračním souboru. Pro změnu nastavení je pak standardním přístupem změna v konfiguračním souboru a následný restart démona. Jelikož uvedený způsob mění pouze perzistentní konfiguraci a restart démona nemusí být vždy optimální řešení, vznikla idea administrativního rozhraní knihovny libvirt, které by umožnilo správu démona za běhu. Hlavním přínosem této práce je návrh a popis implementace aplikačního rozhraní pro administraci knihovny libvirt. Konkrétně pro tuto práci byla zvolena rozhraní pro konfiguraci počtu obslužných vláken, nastavení úrovně a filtrovacích parametrů pro žurnálovací podsystém a správu připojených klientů na straně démona libvirtd.
47	A Study of OpenStack Networking Performance / En studie av Openstack nätverksprestanda Olsson, Philip January 2016 (has links) Cloud computing is a fast-growing sector among software companies. Cloud platforms provide services such as spreading out storage and computational power over several geographic locations, on-demand resource allocation and flexible payment options. Virtualization is a technology used in conjunction with cloud technology and offers the possibility to share the physical resources of a host machine by hosting several virtual machines on the same physical machine. Each virtual machine runs its operating system which makes the virtual machines hardware independent. The cloud and virtualization layers add additional layers of software to the server environments to provide the services. The additional layers cause an overlay in latency which can be problematic for latency sensitive applications. The primary goal of this thesis is to investigate how the networking components impact the latency in an OpenStack cloud compared to a traditional deployment. The networking components were benchmarked under different load scenarios, and the results indicate that the additional latency added by the networking components is not too significant in the used network setup. Instead, a significant performance degradation could be seen on the applications running in the virtual machine which caused most of the added latency in the cloud environment. / Molntjänster är en snabbt växande sektor bland mjukvaruföretag. Molnplattformar tillhandahåller tjänster så som utspridning av lagring och beräkningskraft över olika geografiska områden, resursallokering på begäran och flexibla betalningsmetoder. Virtualisering är en teknik som används tillsammans med molnteknologi och erbjuder möjligheten att dela de fysiska resurserna hos en värddator mellan olika virtuella maskiner som kör på samma fysiska dator. Varje virtuell maskin kör sitt egna operativsystem vilket gör att de virtuella maskinerna blir hårdvaruoberoende. Moln och virtualiseringslagret lägger till ytterligare mjukvarulager till servermiljöer för att göra teknikerna möjliga. De extra mjukvarulagrerna orsakar ett pålägg på responstiden vilket kan vara ett problem för applikationer som kräver snabb responstid. Det primära målet i detta examensarbete är att undersöka hur de extra nätverkskomponenterna i molnplattformen OpenStack påverkar responstiden. Nätverkskomonenterna var utvärderade under olika belastningsscenarion och resultaten indikerar att den extra responstiden som orsakades av de extra nätverkskomponenterna inte har allt för stor betydelse på responstiden i den använda nätverksinstallationen. En signifikant perstandaförsämring sågs på applikationerna som körde på den virtuella maskinen vilket stod för den större delen av den ökade responstiden. OpenStack Cloud Cloud Computing Hypervisor Networking Performance Networking Performance Computer Sciences Datavetenskap (datalogi)
48	Virtualization Security Issues : Security issues arise in the virtual environment Elsadig Abdalla Abdalla, Mohamed January 2020 (has links) The thesis is submitted in Partial Fulfilment of the Requirements of a Master's degree in network Forensics at Halmstad University, Sweden. The author had selected VirtualizationSecurity as a valid issue for cloud computing service. In choosing this topic had the intention to apply the acquired knowledge during the Master's course, in search of practical solutions for computer security issues. This study report is classified into six segments and a conclusion. These are the introduction, background, research methodology, literature review, summary, discussions, conclusion, and recommendation (future work). InformationTechnology (IT) sector had encountered numerous and ever-emerging security issues, including those in virtual environments, which have become a big concern for organizations. Virtualization is the use of software to accommodate multiple operating systems on a computer system simultaneously, which can be applied from anywhere, given that there is internet connectivity. So the user can have access and can resolve the security issues. However, some constraints are limiting the benefits of the Virtualization of servers. The objective of this project is to study Virtualization as a valid means of solving IT security issues. Also, to assess mitigation approaches that can enhance Virtualization in the computing environment. To accomplish such objectives, this study had undergone a systematic literature review to learn the variety and nature of security issues of the virtual environment. Accordingly, the study had undertaken the classification of security issues to determine effective mitigation methods. The study had realized that there are around twenty-two known security issues, which are classified and described in section six of the report. Virtualization, as the subject study: three mitigation schemes are reviewed and discussed to alleviate important virtualization security issues (chapter seven of this Thesis).Moreover, the effects of the proposed mitigation techniques on the virtualization security issues on the CIA model (Availability, Integrity, and Confidentiality) are explained in brief. The model allows the researcher to quickly find the appropriate mitigation technique to manage the security issues of any virtual environment. In conclusion, the study provided a metadata reading of the security issues in the virtual environment. And apply the selected methods to solve the security issues, which proves that the virtualization technology is the critical element of utilizing computing power to its maximum capacity by executing process simultaneously without downtime, however IT security issues are continuously evolving and the research mission is always to conceive new techniques. Virtualization virtual environment Hypervisor Elektroteknik och elektronik
49	Replacing Virtual Machines and Hypervisors with Container Solutions Alndawi, Tara January 2021 (has links) We live in a world that is constantly evolving where new technologies and innovations are being introduced. This progress partly results in developing new technologies and also in the improvement of the current ones. Docker containers are a virtualization method that is one of these new technologies that has become a hot topic around the world as it is said to be a better alternative to today's current virtual machines. One of the aspects that has contributed to this statement is the difference from virtual machines where containers isolate processes from each other and not the entire operating system. The company Saab AB wants to be at the forefront of today's technology and is interested in investigating the possibilities with container technology. The purpose with this thesis work is partly to investigate whether the container solution is in fact an alternative to traditional VMs and what differences there are between these methods. This will be done with the help of an in-depth literature study of comperative studies between containers and VMs. The results of the comparative studies showed that containers are in fact a better alternative than VMs in certain aspects such as performance and scalability and are worthy for the company. Thus, in the second part of this thesis work, a proof of concept implementation was made, by recreating a part of the company’s subsystem TactiCall into containers, to ensure that this transition is possible for the concrete use-case and that the container solution works as intended. This task has succeeded in highlighting the benefits of containers and showing through a proof of concept that there is an opportunity for the company to transition from VMs into containers. Virtualization container-based hypervisor-based containers virtual machines. Computer Sciences Datavetenskap (datalogi)
50	Computer systems in airborne radar : Virtualization and load balancing of nodes Isenstierna, Tobias, Popovic, Stefan January 2019 (has links) Introduction. For hardware used in radar systems of today, technology is evolving in an increasing rate. For existing software in radar systems, relying on specific drivers or hardware, this quickly becomes a problem. When hardware required is no longer produced or outdated, compatibility problems emerges between the new hardware and existing software. This research will focus on exploring if the virtualization technology can be helpful in solving this problem. Would it be possible to address the compatibility problem with the help of hypervisor solutions, while also maintaining high performance? Objectives. The aim with this research is to explore the virtualization technology with focus on hypervisors, to improve the way that hardware and software cooperate within a radar system. The research will investigate if it is possible to solve compatibility problems between new hardware and already existing software, while also analysing the performance of virtual solutions compared to non-virtualized. Methods. The proposed method is an experiment were the two hypervisors Xen and KVM will analysed. The hypervisors will be running on two different systems. A native environment with similarities to a radar system will be built and then compared with the same system, but now with hypervisor solutions applied. Research around the area of virtualization will be conducted with focus on security, hypervisor features and compatibility. Results. The results will present a proposed virtual environment setup with the hypervisors installed. To address the compatibility issue, an old operating system has been used to prove that implemented virtualization works. Finally performance results are presented for the native environment compared against a virtual environment. Conclusions. From results gathered with benchmarks, we can see that the individual performance might vary, which is to be expected when used on different hardware. A virtual setup has been built, including Xen and KVM hypervisors, together with NAS communication. Running an old operating system as a virtual guest, compatibility has been proven to exist between software and hardware using KVM as the virtual solution. From the results gathered, KVM seems like a good solution to investigate more. AEW radar system virtualization hypervisor performance evaluation AEW radarsystem virtualisering hypervior prestandanalys Computer Engineering Datorteknik

Search results