KylinX: A Dynamic Library Operating System for Simplified and Efficient Cloud Virtualization

Unikernel specializes a minimalistic LibOS and a target application into a standalone single-purpose virtual machine (VM) running on a hypervisor, which is referred to as (virtual) appliance. Compared to traditional VMs, Unikernel appliances have smaller memory footprint and lower overhead while guaranteeing the same level of isolation. On the downside, Unikernel strips off the process abstraction from its monolithic appliance and thus sacrifices flexibility, efficiency, and applicability. This paper examines whether there is a balance embracing the best of both Unikernel appliances (strong isolation) and processes (high flexibility/efficiency). We present KylinX, a dynamic library operating system for simplified and efficient cloud virtualization by providing the pVM (process-like VM) abstraction. A pVM takes the hypervisor as an OS and the Unikernel appliance as a process allowing both page-level and library-level dynamic mapping. At the page level, KylinX supports pVM fork plus a set of API for inter-pVM communication (IpC). At the library level, KylinX supports shared libraries to be linked to a Unikernel appliance at runtime. KylinX enforces mapping restrictions against potential threats. KylinX can fork a pVM in about 1.3 ms and link a library to a running pVM in a few ms, both comparable to process fork on Linux (about 1 ms). Latencies of KylinX IpCs are also comparable to that of UNIX IPCs.

[1]  R. John Brockmann The why, where and how of minimalism , 1990, SIGDOC '90.

[2]  Dawson R. Engler,et al.  Exokernel: an operating system architecture for application-level resource management , 1995, SOSP.

[3]  Robert N. M. Watson,et al.  Jails: confining the omnipotent root , 2000 .

[4]  HarrisTim,et al.  Xen and the art of virtualization , 2003 .

[5]  Joshua LeVasseur,et al.  Towards Scalable Multiprocessor Virtual Machines , 2004, Virtual Machine Research and Technology Symposium.

[6]  Chris I. Dalton,et al.  Towards Trustworthy Virtualisation Environments : Xen Library OS Security Service Infrastructure , 2007 .

[7]  Feng Long Practical Dynamic Software Updating for C , 2007 .

[8]  Haibo Chen,et al.  POLUS: A POwerful Live Updating System , 2007, 29th International Conference on Software Engineering (ICSE'07).

[9]  Larry L. Peterson,et al.  Container-based operating system virtualization: a scalable, high-performance alternative to hypervisors , 2007, EuroSys '07.

[10]  George Varghese,et al.  Difference engine , 2010, OSDI.

[11]  Jon Howell,et al.  Leveraging Legacy Code to Deploy Desktop Applications on the Web , 2008, OSDI.

[12]  Steven Hand,et al.  Improving Xen security through disaggregation , 2008, VEE '08.

[13]  Adrian Schüpbach,et al.  The multikernel: a new OS architecture for scalable multicore systems , 2009, SOSP '09.

[14]  M. Frans Kaashoek,et al.  Ksplice: automatic rebootless kernel updates , 2009, EuroSys '09.

[15]  Xiaoyun Zhu,et al.  Memory overbooking and dynamic control of Xen virtual machines in consolidated environments , 2009, 2009 IFIP/IEEE International Symposium on Integrated Network Management.

[16]  Eyal de Lara,et al.  SnowFlock: rapid virtual machine cloning for cloud computing , 2009, EuroSys '09.

[17]  Jon Crowcroft,et al.  Turning Down the LAMP: Software Specialisation for the Cloud , 2010, HotCloud.

[18]  Sergey Bratus,et al.  Katana: A Hot Patching Framework for ELF Executables , 2010, 2010 International Conference on Availability, Reliability and Security.

[19]  J. Rutkowska Qubes OS Architecture , 2010 .

[20]  Donald E. Porter,et al.  Rethinking the library OS from the top down , 2011, ASPLOS XVI.

[21]  Matei Ripeanu,et al.  VMFlock: virtual machine co-migration for the cloud , 2011, HPDC '11.

[22]  Christoforos E. Kozyrakis,et al.  Usenix Association 10th Usenix Symposium on Operating Systems Design and Implementation (osdi '12) 335 Dune: Safe User-level Access to Privileged Cpu Features , 2022 .

[23]  Jon Howell,et al.  How to Run POSIX Apps in a Minimal Picoprocess , 2013, USENIX Annual Technical Conference.

[24]  Jon Crowcroft,et al.  Unikernels: library operating systems for the cloud , 2013, ASPLOS '13.

[25]  Jon Howell,et al.  Embassies: Radically Refactoring the Web , 2013, NSDI.

[26]  Reuben Olinsky,et al.  Composing OS extensions safely and efficiently with Bascule , 2013, EuroSys '13.

[27]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[28]  Donald E. Porter,et al.  Cooperation and security isolation of library OSes for multi-process applications , 2014, EuroSys '14.

[29]  Christoforos E. Kozyrakis,et al.  IX: A Protected Dataplane Operating System for High Throughput and Low Latency , 2014, OSDI.

[30]  Antti Kantee,et al.  Rump kernels: no OS? no problems! , 2014 .

[31]  Don Marti,et al.  OSv - Optimizing the Operating System for Virtual Machines , 2014, USENIX Annual Technical Conference.

[32]  Michael Hicks,et al.  Kitsune: Efficient, General-Purpose Dynamic Software Updating for C , 2014 .

[33]  Roberto Bifulco,et al.  ClickOS and the Art of Network Function Virtualization , 2014, NSDI.

[34]  Jacob R. Lorch,et al.  Tardigrade: Leveraging Lightweight Virtual Machines to Easily and Efficiently Construct Fault-Tolerant Services , 2015, NSDI.

[35]  Jon Crowcroft,et al.  Jitsu: Just-In-Time Summoning of Unikernels , 2015, NSDI.

[36]  Peter Druschel,et al.  Light-Weight Contexts: An OS Abstraction for Safety and Performance , 2016, OSDI.

[37]  Han Dong,et al.  EbbRT: A Framework for Building Per-Application Library Operating Systems , 2016, OSDI.

[38]  David M. Eyers,et al.  SCONE: Secure Linux Containers with Intel SGX , 2016, OSDI.

[39]  K. K. Ramakrishnan,et al.  Flurries: Countless Fine-Grained NFs for Flexible Per-Flow Customization , 2016, CoNEXT.

[40]  Emmett Witchel,et al.  Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data , 2016, OSDI.

[41]  Xiaohui Liu,et al.  PARIX: Speculative Partial Writes in Erasure-Coded Systems , 2017, USENIX Annual Technical Conference.

[42]  Donald E. Porter,et al.  Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX , 2017, USENIX Annual Technical Conference.