Download [pdf

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
Document related concepts
no text concepts found
Transcript 
Background
Virtualization Types
Key Techniques
CS 6V81-05: System Security and Malicious Code Analysis
Overview of System Virtualization: The most powerful
platform for program analysis and system security
Zhiqiang Lin
Department of Computer Science
University of Texas at Dallas
April 4th , 2012
Summary
Background
Virtualization Types
Outline
1
Background
2
Virtualization Types
3
Key Techniques
4
Summary
Key Techniques
Summary
Outline
1
Background
2
Virtualization Types
3
Key Techniques
4
Summary
Background
Virtualization Types
Why virtualization?
Why
Today’s
data center
Key Techniques
Summary
not virtualize?
Cloud
computing
Fault resist
Cost Effect
Easy to maintain
Virtual
resource
pool
Background
Virtualization Types
Key Techniques
Summary
What is Virtualization
What is Virtualization
Linux
Linux (devel)
XP
Virtual Machine Monitor
Hardware
Vista
MacOS
Background
Virtualization Types
Virtualization Properties
Isolation
Encapsulation
Interposition
Key Techniques
Summary
Background
Virtualization Types
Key Techniques
Isolation
Fault Isolation
Fundamental property of virtualization
Performance Isolation
Accomplished through scheduling and resource allocation
Summary
Background
Virtualization Types
Key Techniques
Encapsulation
All VM state can be captured into a file
Operate on VM by operating on file
mv, cp, rm
Complexity
Proportional to virtual HW model
Independent of guest software configuration
Summary
Background
Virtualization Types
Key Techniques
Interposition
All guest actions go through monitor
Monitor can inspect, modify, deny operations
Example:
Compression
Encryption
Profiling
Translation
Summary
Background
Virtualization Types
Key Techniques
Summary
Why Not the OS?
It about interfaces
VMMs operate at the hardware interface
Hardware interface are typically smaller, better defined than
software interfaces
Disadvantages of being in the monitor
Low visibility into what the guest is doing
Background
Virtualization Types
Virtualization benefits
Increased resource utilization:
Server consolidation
Multiplexing
Mobility
Enhanced Security
Test and Deployment
...
Key Techniques
Summary
Background
Virtualization Types
Key Techniques
Virtualization: server consolidation
Virtualization: server consolidation
Physical
Servers
Virtual
Server
Host
Virtual
Machines
Guests
Summary
Background
Virtualization Types
Key Techniques
Summary
Mobility: load balance (Migration)
Mobility: load balance
Server 1
CPU Utilization =
VM
Guest 1
VM
Guest 2
VM
Guest 3
90%
VM
Guest 4
Server 2
CPU Utilization =
VM
Guest 5
None
50%
VM
Guest 6
VM
Guest 7
Background
Virtualization Types
Key Techniques
Summary
Mobility: load balance (Migration)
Mobility: load balance
Server 1
CPU Utilization =
VM
Guest 1
VM
None
Guest 2
VM
Guest 3
Server 2
70%
VM
Guest 4
CPU Utilization =
VM
Guest 5
VM
None
Guest 2
70%
VM
Guest 6
VM
Guest 7
Background
Virtualization Types
Key Techniques
Enhanced Security
Enhanced Security
Conventional
VM
Secure
VM
Firewall
VMM
Summary
Background
Virtualization Types
Key Techniques
Summary
Testing and Deployment
Production
VM
Production
VM
Development
VM
QA
VM
Production
VM
Production
VM
Develop
Test
Deploy
Outline
1
Background
2
Virtualization Types
3
Key Techniques
4
Summary
Background
Virtualization Types
Key Techniques
Types of Virtualization
Process Virtualization
Language construction
Java, .NET
Cross-ISA emulation
Apple’s 68000-PowerPC to Intel X86 Transition
Application virtualization
Sandboxing, mobility
Summary
Background
Virtualization Types
Key Techniques
Types of Virtualization
Process Virtualization
Language construction
Java, .NET
Cross-ISA emulation
Apple’s 68000-PowerPC to Intel X86 Transition
Application virtualization
Sandboxing, mobility
System Virtualization
VMware
Xen
Microsoft’s Viridian
Summary
Background
Virtualization Types
Key Techniques
Summary
Taxonomy
Taxonomy
Process VMs
Same
ISA
System VMs
Different
ISA
Same
ISA
Different
ISA
Multiprogrammed
Systems
Dynamic
Translators
Classic-System
VMs
Whole-System
VMs
Dynamic
Binary
Optimizers
HLL VMs
Hosted
VMs
Co-designed
VMs
Background
Virtualization Types
Key Techniques
System Virtual Machine Monitor Architectures
Traditional
Hosted
VMware Workstation
Hybrid
VMware ESX
Xen
Hypervisor
Summary
Background
Virtualization Types
Traditional
Linux
Key Techniques
Summary
What is Virtualization
Linux (devel)
XP
Virtual Machine Monitor
Hardware
Examples: IBM VM/370, Stanford DISCO
Vista
MacOS
Background
Virtualization Types
Key Techniques
Hosted Virtual Machines
Goal:
Run Virtual Machines as an application on an existing
Operating System (QEMU, VirtualPC, VirtualBox,
VMware-workstation)
Why
Application continuity
Reuse existing device drivers
Leverage OS support
File system
CPU Scheduler
VM management platform
Summary
Background
Virtualization Types
Key Techniques
Hosted Monitor Architecture (VirtualBox)
Hosted Monitor Architecture
Guest OS (Linux)
User App
World Switch
Kernel Module
Host OS (Window XP)
Virtual Machine Monitor
Hardware
Summary
Background
Virtualization Types
Key Techniques
Hosted Monitor Architecture (VirtualBox)
Hosted Monitor Architecture
Guest OS (Linux)
User App
CPU / Memory
Virtualization
Kernel Module
Host OS (Window XP)
Virtual Machine Monitor
Hardware
Summary
Background
Virtualization Types
Key Techniques
Hosted Monitor Architecture (VirtualBox)
Hosted Monitor Architecture
Guest OS (Linux)
User App
Device I/O
Network, Disk,
Display, Keyboard, Timer, USB
Kernel Module
Host OS (Window XP)
Virtual Machine Monitor
Hardware
Summary
Background
Virtualization Types
Key Techniques
Hosted Monitor Architecture (VirtualBox)
Hosted Monitor Architecture
Guest OS (Linux)
User App
Interrupts
Kernel Module
Host OS (Window XP)
Virtual Machine Monitor
Hardware
Summary
Background
Virtualization Types
Key Techniques
Hosted Monitor Scheduling (VirtualBox)
Hosted Monitor Scheduling
User App
Guest OS Guest OS (Linux)
(Vista)
Virtual Machine Monitor
Virtual Machine Monitor
User App
Kernel Module
Host OS (Window XP)
Hardware
Summary
Background
Virtualization Types
Key Techniques
Hosted Monitor Scheduling (VirtualBox)
Hosted Monitor Scheduling
3
User App
Guest OS Guest OS (Linux)
(Vista)
Virtual Machine Monitor
Virtual Machine Monitor
User App
1
CPU Scheduler
2Kernel Module
Host OS (Window XP)
Hardware
Summary
Background
Virtualization Types
Key Techniques
Hosted Monitor Scheduling (VirtualBox)
Hosted Monitor Scheduling
User App
Guest OS Guest OS (Linux)
(Vista)
User App
5
CPU Scheduler
Kernel Module
Host OS (Window XP)
4
Virtual Machine Monitor
Hardware
Virtual Machine Monitor
Summary
Background
Virtualization Types
Key Techniques
Summary
Hosted Monitor Scheduling (VirtualBox)
Hosted Monitor Scheduling
8
User App
6
CPU Scheduler
Guest OS Guest OS (Linux)
(Vista)
Virtual Machine Monitor
Virtual Machine Monitor
User App
7
Kernel Module
Host OS (Window XP)
Hardware
Background
Virtualization Types
Key Techniques
Hosted Architecture Tradeoffs
Positives
Installs like an application
No disk partitioning needed
Virtual disk is a file on host file system
No host reboot needed
Runs like an application
Uses host schedulers
Summary
Background
Virtualization Types
Key Techniques
Hosted Architecture Tradeoffs
Positives
Installs like an application
No disk partitioning needed
Virtual disk is a file on host file system
No host reboot needed
Runs like an application
Uses host schedulers
Negatives
I/O path is slow
Requires world switch
Relies on host scheduling
May not be suitable for intensive VM workloads
Summary
Background
Virtualization Types
VMware ESX 2.0
Source: http://www.vmware.com/pdf/esx2_performance_implications.pdf
Key Techniques
Summary
Background
Virtualization Types
Hybrid Ex 2 - Xen 3.0
Para -virtualization
Linux Guest
Hardware-supported
virtualization
Unmodified
Windows
Isolated Device Drivers
Source: Ottawa Linux Symposium 2006 presentation.
http://www.cl.cam.ac.uk/netos/papers/
Key Techniques
Summary
Background
Virtualization Types
Key Techniques
Summary
Hypervisor
Hypervisor
Hardware-supported
• Hardware-supported
single-usesingle-use
monitor monitor
Characteristics
• Characteristics
– Small size
Small size
in a special
Runs in– aRuns
special
hardware mode
hardware
mode
– Guest OS runs in
Guest OSnormal
runs in
privileged level
normal
privileged level
• Uses
– Security
– System management
Security– Fault tolerance
Uses
System management
Fault tolerance
User
Mode
Operating System
Kernel
Mode
Hypervisor
Monitor
Mode
Hardware
Outline
1
Background
2
Virtualization Types
3
Key Techniques
4
Summary
Background
Virtualization Types
Key Techniques
Key Techniques to implement Virtualization
Instruction Interpretation
Binary Translation
Trap-and-emulate
Para-virtualization (hardware virtualization)
Summary
Background
Virtualization Types
Key Techniques
I Instruction Interpretation
Emulate Fetch/Decode/Execute pipeline in software
Positives
Easy to implement
Minimal complexity
Negatives
Slow!
Bochs: http://bochs.sourceforge.net/
Summary
Background
Virtualization Types
Example: CPUState
static struct {
uint32 GPR[16];
uint32 LR;
uint32 PC;
int
IE;
int
IRQ;
} CPUState;
void CPU_CLI(void)
{
CPUState.IE = 0;
}
void CPU_STI(void)
{
CPUState.IE = 1;
}
Key Techniques
Summary
Background
Virtualization Types
Key Techniques
Summary
Example: Virtualizing the Interrupt Flag w/ Instruction
Interpreter
void CPU_Run(void)
{
while (1) {
inst = Fetch(CPUState.PC);
CPUState.PC += 4;
switch (inst) {
case ADD:
CPUState.GPR[rd]
= GPR[rn] + GPR[rm];
break;
...
case CLI:
CPU_CLI();
break;
case STI:
CPU_STI();
break;
}
if (CPUState.IRQ
&& CPUState.IE) {
CPUState.IE = 0;
CPU_Vector(EXC_INT);
}
}
}
void CPU_CLI(void)
{
CPUState.IE = 0;
}
void CPU_STI(void)
{
CPUState.IE = 1;
}
void CPU_Vector(int exc)
{
CPUState.LR = CPUState.PC;
CPUState.PC = disTab[exc];
}
Background
Virtualization Types
Key Techniques
Summary
II. Binary Translator
Binary Translator
Guest
Code
Translator
TC
Index
Translation
Cache
Callouts
CPU
Emulation
Routines
Background
Virtualization Types
Key Techniques
Basic Blocks
Basic Blocks
Guest Code
vPC
mov
ebx, eax
cli
and
ebx, ~0xfff
mov
ebx, cr3
Straight-line code
sti
ret
Control flow
Basic Block
Summary
Background
Virtualization Types
Key Techniques
Summary
Binary Translator
Binary Translation
Guest Code
vPC
mov
ebx, eax
cli
Translation Cache
mov
ebx, eax
call
HANDLE_CLI
and
ebx, ~0xfff
and
ebx, ~0xfff
mov
ebx, cr3
mov
[CO_ARG], ebx
sti
call
HANDLE_CR3
ret
call
HANDLE_STI
jmp
HANDLE_RET
start
Background
Virtualization Types
Key Techniques
Summary
III. Trap and Emulate
Guest OS + Applications
Page
Fault
Unprivileged
Trap and Emulate
Undef
Instr
MMU
Emulation
CPU
Emulation
I/O
Emulation
Virtual Machine Monitor
Privileged
vIRQ
Background
Virtualization Types
Key Techniques
Software VMM
Software VMM
Direct Exec
(user)
Faults, syscalls,
interrupts
IRET, sysret
VMM
Guest Kernel
Execution
Traces, faults,
interrupts, I/O
Translated Code
(guest kernel)
Summary
Background
Virtualization Types
Key Techniques
Summary
IV. Hardware virtualization, Para-virtualization (e.g.,
Xen)
Modify operating systems to let OS to cooperate with VMM
Let OS runs in Ring1 and user apps run in Ring3
Change sensitive instructions to explicit calls to the VMM
No need to trap and emulate
Background
Virtualization Types
Key Techniques
Summary
Traditional Address Spaces
Traditional Address Spaces
0
4GB
Process Virtual Address Space
Background Process
Background Process
Operating System
Operating System
0
4GB
Current Process
Operating System
0
Virtual
Address Space
4GB
RAM
Frame
Buffer
Devices
ROM
Physical
Address Space
Background
Virtualization Types
Key Techniques
Shadow Page Tables
Sol: Shadow Page Tables
Virtual
CR3
Guest
Guest
Guest
Page Table
Page Table
Page Table
Shadow
Shadow
Shadow
Page Table
Page Table
Page Table
Real CR3
Summary
Background
Virtualization Types
Key Techniques
Guest Write to CR3
Guest Write to CR3
Virtual
CR3
Guest
Guest
Guest
Page Table
Page Table
Page Table
Shadow
Shadow
Shadow
Page Table
Page Table
Page Table
Real CR3
Summary
Background
Virtualization Types
Key Techniques
Guest Write to CR3
Guest Write to CR3
Virtual
CR3
Guest
Guest
Guest
Page Table
Page Table
Page Table
Shadow
Shadow
Shadow
Page Table
Page Table
Page Table
Real CR3
Summary
Outline
1
Background
2
Virtualization Types
3
Key Techniques
4
Summary
Background
Virtualization Types
Key Techniques
Summary
Summary
Virtualization (or virtualisation), in computing, is the creation of
a virtual (rather than actual) version of something, such as a
hardware platform, operating system, storage device, or
network resources
Impacts
Cloud computing
Data centers
Provides greater opportunities to security
Background
Virtualization Types
Key Techniques
References
Xen and the art of virtualization
Memory resource management for Vmware Esx Server
http://en.wikipedia.org/wiki/Virtualization
http://labs.vmware.com/courseware (great virtualization
resources)
CPU Virtualization- Basic Virtualization
http://labs.vmware.com/download/76/
Memory Virtualization
http://labs.vmware.com/download/77/
Summary
Related documents