Shifting GEARS to enable guest-context virtual services

We argue that the implementation of VMM-based virtual services for a guest should extend into the guest itself, even without its cooperation. Placing service components directly into the guest OS or application can reduce implementation complexity and increase performance. In this paper we show that the set of tools in a VMM required to enable a broad range of such guest-context services is fairly small. Further, we outline and evaluate these tools and describe their design and implementation in the context of Guest Examination and Revision Services (GEARS), a new framework within the Palacios VMM. We then describe two example GEARS-based services---an MPI communication accelerator and an overlay networking accelerator---that illustrate the benefits of allowing virtual service implementations to span across the VMM, guest, and application. Other VMMs could employ the ideas and tools in GEARS.

[1]  Brian D. Noble,et al.  When Virtual Is Better Than Real , 2001 .

[2]  Olivier Festor,et al.  Syscall Interception in Xen Hypervisor , 2009 .

[3]  Andrea C. Arpaci-Dusseau,et al.  Antfarm: Tracking Processes in a Virtual Machine Environment , 2006, USENIX Annual Technical Conference, General Track.

[4]  Liang Zhong,et al.  A VMM-Based System Call Interposition Framework for Program Monitoring , 2010, 2010 IEEE 16th International Conference on Parallel and Distributed Systems.

[5]  Dongyan Xu,et al.  Autonomic Live Adaptation of Virtual Computational Environments in a Multi-Domain Infrastructure , 2006, 2006 IEEE International Conference on Autonomic Computing.

[6]  Amit Vasudevan,et al.  Stealth breakpoints , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[7]  Peter A. Dinda,et al.  SymCall: symbiotic virtualization through VMM-to-guest upcalls , 2011, VEE '11.

[8]  Peter A. Dinda,et al.  An Introduction to the Palacios Virtual Machine Monitor—Release 1.0 , 2008 .

[9]  Xuxian Jiang,et al.  Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing , 2008, RAID.

[10]  Samuel T. King,et al.  MAVMM: Lightweight and Purpose Built VMM for Malware Analysis , 2009, 2009 Annual Computer Security Applications Conference.

[11]  Peter A. Dinda,et al.  Increasing application performance in virtual environments through run-time inference and adaptation , 2005, HPDC-14. Proceedings. 14th IEEE International Symposium on High Performance Distributed Computing, 2005..

[12]  Claudia Eckert,et al.  Nitro: Hardware-Based System Call Tracing for Virtual Machines , 2011, IWSEC.

[13]  Akinori Yonezawa,et al.  Control of system calls from outside of virtual machines , 2008, SAC '08.

[14]  Wenke Lee,et al.  Secure in-VM monitoring using hardware virtualization , 2009, CCS.

[15]  Anthony Skjellum,et al.  A High-Performance, Portable Implementation of the MPI Message Passing Interface Standard , 1996, Parallel Comput..

[16]  Helen J. Wang,et al.  SubVirt: implementing malware with virtual machines , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[17]  Andrea C. Arpaci-Dusseau,et al.  Geiger: monitoring the buffer cache in a virtual machine environment , 2006, ASPLOS XII.

[18]  Peter A. Dinda,et al.  Palacios and Kitten: New high performance operating systems for scalable virtualized and native supercomputing , 2010, 2010 IEEE International Symposium on Parallel & Distributed Processing (IPDPS).

[19]  Xiaoxin Chen,et al.  Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems , 2008, ASPLOS.

[20]  Peter A. Dinda,et al.  An Introduction to the Palacios Virtual Machine Monitor— Version 1.3 , 2011 .

[21]  Jing Xu,et al.  A multi-objective approach to virtual machine management in datacenters , 2011, ICAC '11.

[22]  Peter A. Dinda,et al.  Minimal-overhead virtualization of a large scale supercomputer , 2011, VEE '11.

[23]  Wenke Lee,et al.  Ether: malware analysis via hardware virtualization extensions , 2008, CCS.

[24]  Peter A. Dinda,et al.  VNET/P: bridging the cloud and high performance computing through fast overlay networking , 2012, HPDC '12.