Performance of Virtual Machines Under Networked Denial of Service Attacks: Experiments and Analysis

The use of virtual machines (VMs) to provide computational infrastructure and services to organizations is increasingly prevalent in the modern IT industry. The growing use of this technology has been driven by a desire to increase utilization of resources through server consolidation. Virtualization has also made the dream of such utility computing platforms as cloud computing a reality. Today, virtualization technologies can be found in almost every data center. However, it remains unknown whether the VMs are more vulnerable on external malicious attacks. If so, to what extent their performance degrades, and which virtualization technique has the closest to native performance? To this end, we devised a representative set of experiments to examine the performance of most typical virtualization techniques under typical denial-of-service (DoS) attacks. We show that, on a DoS attack, the performance of a web server hosted in a VM can degrade by up to 23%, while that of a nonvirtualized server hosted on the same hardware degrades by only 8%. Even with relatively light attacks, the file system and memory access performance of hypervisor-based virtualization degrades at a much higher rate than their nonvirtualized counterparts. We further examine the root causes of such degradation and our results shed new lights in enhancing the robustness and security of modern virtualization systems.

[1]  Kang G. Shin,et al.  Hop-count filtering: an effective defense against spoofed DDoS traffic , 2003, CCS '03.

[2]  Bogdan M. Wilamowski,et al.  The Transmission Control Protocol , 2005, The Industrial Information Technology Handbook.

[3]  W. Eddy Defenses Against TCP SYN Flooding Attacks , 2007 .

[4]  Cheng Jin,et al.  Defense Against Spoofed IP Traffic Using Hop-Count Filtering , 2007, IEEE/ACM Transactions on Networking.

[5]  Wesley M. Eddy,et al.  TCP SYN Flooding Attacks and Common Mitigations , 2007, RFC.

[6]  Larry L. Peterson,et al.  Container-based operating system virtualization: a scalable, high-performance alternative to hypervisors , 2007, EuroSys '07.

[7]  Kang G. Shin,et al.  Performance Evaluation of Virtualization Technologies for Server Consolidation , 2007 .

[8]  Jeanna Neefe Matthews,et al.  Quantifying the performance isolation properties of virtualization systems , 2007, ExpCS '07.

[9]  Rusty Russell,et al.  virtio: towards a de-facto standard for virtual I/O devices , 2008, OPSR.

[10]  Werner Vogels,et al.  Beyond Server Consolidation , 2008, ACM Queue.

[11]  Alexandru Iosup,et al.  A Performance Analysis of EC2 Cloud Computing Services for Scientific Computing , 2009, CloudComp.

[12]  Richard Wolski,et al.  The Eucalyptus Open-Source Cloud-Computing System , 2009, 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid.

[13]  Geoffrey C. Fox,et al.  High Performance Parallel Computing with Clouds and Cloud Technologies , 2009, CloudComp.

[14]  Jiuxing Liu Evaluating standard-based self-virtualizing devices: A performance study on 10 GbE NICs with SR-IOV support , 2010, 2010 IEEE International Symposium on Parallel & Distributed Processing (IPDPS).

[15]  T. S. Eugene Ng,et al.  The Impact of Virtualization on Network Performance of Amazon EC2 Data Center , 2010, 2010 Proceedings IEEE INFOCOM.

[16]  Xiaohong Jiang,et al.  Analyzing and Modeling the Performance in Xen-Based Virtual Cluster Environment , 2010, 2010 IEEE 12th International Conference on High Performance Computing and Communications (HPCC).

[17]  John Shalf,et al.  Performance Analysis of High Performance Computing Applications on the Amazon Web Services Cloud , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[18]  Alexandru Iosup,et al.  Performance Analysis of Cloud Computing Services for Many-Tasks Scientific Computing , 2011, IEEE Transactions on Parallel and Distributed Systems.

[19]  Ryan Shea,et al.  Network interface virtualization: challenges and solutions , 2012, IEEE Network.

[20]  Ryan Shea,et al.  Understanding the impact of Denial of Service attacks on Virtual Machines , 2012, 2012 IEEE 20th International Workshop on Quality of Service.