Virtualization environments have become basic building blocks in consolidated data centers and cloud computing infrastructures. By running multiple virtual machines (VMs) in a shared physical machine, virtualization achieves high utilization of hardware resources and provides strong isolation between virtual machines. This dissertation discusses the implementation and the evaluation of an approach, called kernel service outsourcing, which improves the performance and the reliability of guest systems in the virtualized, multi-kernel environments. Kernel service outsourcing allows applications to exploit OS services from an external kernel existing in the shared system, not limiting application OS service requests to the local kernel. Because external kernels may provide more efficient services than the local kernel does, kernel service outsourcing provides new opportunities with applications in the guest OS for better performance. In addition, we apply the kernel service outsourcing technique to implement natural diversity, improving the reliability of the virtualized systems.
We present two major benefits of kernel service outsourcing. First, we show that I/O service outsourcing can significantly improve the I/O performance of guest OSes by up to several times. In some important cases, the performance of network applications in the guest OS using network outsourcing was comparable to that of native OS (Linux). We also apply kernel service outsourcing between Windows and Linux, and show that kernel service outsourcing is viable even with two heterogeneous OS kernels. In addition, we study further performance optimization techniques that can be achieved in the external kernel when certain OS services are outsourced to the external kernel.
The second benefit of kernel service outsourcing is to improve system reliability through natural diversity created by the combination of different kinds of the OS kernel implementations. Because OS services can be outsourced to different versions or even heterogeneous types of OS kernel for equivalent functions, malicious attacks that aim to exploit certain vulnerabilities in specific versions of OS kernels would not succeed in the outsourced kernels. Our case studies with Windows and Linux show that kernel service outsourcing was able to prevent the malicious attacks designed to exploit implementation-dependent vulnerabilities in the OSes from becoming successful in the outsourced systems.
Identifer | oai:union.ndltd.org:GATECH/oai:smartech.gatech.edu:1853/34700 |
Date | 07 July 2010 |
Creators | Koh, Younggyun |
Publisher | Georgia Institute of Technology |
Source Sets | Georgia Tech Electronic Thesis and Dissertation Archive |
Detected Language | English |
Type | Dissertation |
Page generated in 0.0017 seconds