• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
[Download]
 

[Download]

on

  • 542 views

 

Statistics

Views

Total Views
542
Views on SlideShare
542
Embed Views
0

Actions

Likes
0
Downloads
4
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Figs7/tramplne

[Download] [Download] Presentation Transcript

  • Computing Frontiers May 2005 J. E. Smith Virtual Machines Supporting Changing Technology and New Applications
  • Introduction
    • Why are virtual machines interesting?
    • They involve computer architecture in a pure sense
    • They allow transcending of interfaces
    • (which often seem to be an obstacle to innovation)
    • They enable innovation in flexible, adaptive software & hardware, security, network computing (and others)
    • Virtualization technologies will be a key part of most future computer systems
  • Outline
    • Virtualization
    • The Architecture of Virtual Machines
    • Emulation
    • Enhancing Security
    • The Grid
    • Portable Environments
    • Co-Designed VMs
  • Abstraction
    • Computer systems are built on levels of abstraction
    • Higher level of abstraction hide details at lower levels
    • Example: files are an abstraction of a disk
    file file abstraction
  • Virtualization
    • Similar to abstraction
      • Except
      • Details not necessarily hidden
    • Construct Virtual Disks
      • As files on a larger disk
      • Map state
      • Implement functions
    • VMs: do the same thing with the whole “machine”
    file file virtualization
  • The Family of Virtual Machines
    • “ The subjects of virtual machines and emulators have been treated as entirely separate. … they have much in common. Not only do the usual implementations have many shared characteristics, but this commonality extends to the theoretical concepts on which they are based”
    • -- Efrem G. Wallach, 1973
    Including things not called “virtual machines” IA-32 EL HP Dynamo Transmeta Crusoe
    • There are lots of “virtual machines”
      • IBM VM/370
      • Java
      • VMware products
  • “Machines”
    • Different perspectives on what the Machine is:
    • OS developer
    • Compiler developer
    • Application programmer
    • Instruction Set Architecture
      • ISA
      • Major division between hardware and software
    • Application Binary Interface
      • ABI
      • User ISA + OS calls
    • Application Program Interface
      • API
      • User ISA + library calls
    I/O devices and Networking System Interconnect (bus) Memory Translation Execution Hardware Application Programs Main Memory Operating System Libraries
  • System Virtual Machines
    • Provide a system environment
    • Constructed at ISA level
    • Persistent
    • Examples: IBM VM/360, VMware, Transmeta Crusoe
    guest process HOST PLATFORM virtual network communication Guest OS VMM guest process guest process guest process Guest OS2 VMM guest process guest process
  • Process Virtual Machines
    • Constructed at ABI level
    • Runtime manages guest process
    • Guest processes may intermingle with host processes
    • Not persistent
    • As a practical matter, guest and host OSes are often the same
    • Dynamic optimizers are a special case
    • Examples: IA-32 EL, FX!32, Dynamo
    HOST OS Disk file sharing network communication guest process create host process guest process runtime runtime guest process runtime host process
  • High Level Language Virtual Machines
    • Raise the “ABI” level of abstraction
      • User higher level virtual ISA
      • OS abstracted as standard libraries
    • A form of process VM
    HLL Program Intermediate Code Memory Image Object Code ( ISA ) Compiler front-end Compiler back-end Loader HLL Program Portable Code ( Virtual ISA ) Host Instructions Virt. Mem. Image Compiler VM loader VM Interpreter/Translator Traditional HLL VM
  • The Virtual Machine Space Multi programmed Systems HLL VMs Co-Designed VMs same ISA different ISA Process VMs System VMs Whole System VMs different ISA same ISA Classic OS VMs Dynamic Binary Optimizers Dynamic Translators Hosted VMs
  • Key Feature – State/Resource Mapping
    • VM SW can Re-map logical to physical state
      • Via pointers or copying
      • Registers to registers
      • Registers to memory
      • Memory to disk
  • Key Feature – Emulation
    • Interpretation
      • Software loop decodes and dispatches each instruction
    • Binary translation and code caching
      • Translate blocks of instructions at a time
      • Hold translated blocks in code cache
      • With same-ISA scanning/patching is an alternative
    • Staged Emulation
      • Emulation techniques invoked in staged manner
      • Based on performance tradeoffs
  • Code Caches
    • Contain
      • Basic blocks
      • Superblocks (one entrance, multiple exits)
      • Optimized Superblocks
    • A base technology for many VMs
      • Dynamic binary translators: Intel IA-32 EL, Compaq FX!32
      • Dynamic binary optimizers: Dynamo family
      • Co-designed virtual machines: Transmeta, IBM DAISY
      • High performance Java virtual machines
      • System VMs with “inefficiently virtualizable” ISAs
      • “ Sandboxing” secure VMs (x86 DynamoRIO)
  • Code Caching with Chaining
    • Chaining of blocks in code cache minimizes VM overhead
    Superblock Dispatch table lookup code Superblock Superblock Superblock Code Cache
  • Staged Emulation
    • An important part of many VM implementations
    • Translate, optimize & cache frequent code sequences
    Binary Memory Image Code Cache Profile Data Interpreter Translator/ Optimizer runtime
    • Start interpreting
    • Profile to find “hot” code regions
  • Key Feature – VMM/Runtime Control
    • Interpretation
      • Fine grain control
      • Every dynamic instruction “inspected” before execution
    • Binary translation and code caching
      • Coarser grain control
      • Every static instruction inspected before execution
      • Jumps to VM SW can be inserted anywhere
    • Protection levels
      • Very coarse grain control
      • Every resource-related instruction trapped by protection system
        • Otherwise, use interpretation/translation techniques
      • Used in system VMs to manage resource mappings
  • VMM Resource Control in System VMs
    • Traps and interrupts (& sys calls)
      • Transfer to VMM
      • VMM determines appropriate Guest OS
      • VMM transfers to Guest OS
    • Guest OS “return” to user app.
      • Transfer to VMM
      • VMM bounces return back to Guest app.
    • Resource sensitive instructions
      • Trap to VMM
      • VMM checks correctness
      • VMM reads/modifies guest resource
      • Returns to Guest
    privileged operation next instruction check privileges perform operation return system call/trap vector location: virtual vector location: Application Guest OS VMM
  • VMM as a Smart Interconnect
    • Two modes:
      • Execution mode
      • VM mode
    • After it gains control
      • VM SW can manage resources via state mapping
      • VM SW can alter/enhance functions via emulation
    ISA 1 OS 1 apps 1 OS 2 apps 2 OS 1 apps 1 ISA 1 OS 1 apps 1 ISA 1 OS 2 apps 2
  • Security
    • Many security threats
      • Worms, viruses, Trojan horses, etc.
    • Typical attack – get access to privileged part of system
      • Often with little effort
        • Compromised passwords
        • “ Easy” passwords
        • Mechanically repeated efforts
      • Exploit weakness in system software
        • Unchecked accesses to system data structures
        • Can get control in privileged state by causing overflows
  • Buffer Overflow User invokes system program with normal input User Mode Supervisor Mode System program performs function and returns to user User performs subsequent task User invokes system program with faulty input that causes buffer overflow in stack Return address in stack clobbered due to overflow. Vulnerable system program peforms function and returns to illegal address System exception! User Mode Supervisor Mode (a) Normal Input (b) Faulty Input
  • Malicious Input – Intrusion User Mode Supervisor Mode Malicious user invokes system program with tailored input that causes buffer overflow in stack Return address in stack changed due to overflow. Vulnerable system program peforms function and returns to user-specified address, e.g. address of shell program User gets full control of system through shell program running in supervisor mode
  • Intrusion Detection Systems
    • Isolation is not an option
      • Increasing dependence on communication over networks
    • Language-level checking
      • Java, MSIL – range- and type-checking
      • Legacy applications and legacy style not protected
    • Need for Intrusion Detection Systems (IDS)
      • Depend on knowledge of potential attacks
      • Network-based Intrusion Detection Systems (NIDS)
      • Host-based Intrusion Detection Systems (HIDS)
  • Host Intrusion Detection Systems
    • Directly examine activity on host
      • Knowledge of host operating system
      • Look for repeated attempts
        • To crack password
        • To access unauthorized files, etc.
    • HIDS has significantly better viewpoint compared to NIDS
    • But HIDS can be disabled by attack
      • Or can provide misleading information
  • Monitoring and Recovering from Attacks
    • Importance of understanding attacks
      • To recover from an attack
      • To prevent future attacks
    • Logging
      • Save information about critical activity on system
        • Know the events that caused the failure
      • Save checkpoint of state of system
        • Reconstruct the attack from a known good state
  • Virtual Machines as a Sandbox
    • Fault containment important feature of VMs
    • VM Isolation helps in close examination of attack
      • Clone system that has been attacked for later analysis
    • Use VM as a “honey-pot”
      • Permit attacks that can be monitored
    VM1 Hardware Virtual Machine Monitor VM2 VM3 VM4 Production Virtual Machines
  • Virtual Machine for Monitoring
    • Livewire system (Stanford)
      • Separates IDS from VMM
      • IDS configures the VMM to monitor activity at more than the usual points
        • Signature of suspicious activity may be specified
      • After initialization, IDS enters the picture only in analyzing data from suspicious activity
      • Feedback – suggest new monitoring based on analysis
        • E.g. monitor system call activity after repeated login attempts
      • May need knowledge of OS to analyze data, e.g. crash dumps
  • Livewire IDS Hardware Virtual Machine Monitor Policy Modules Guest OS Guest Apps IDS Policy Engine OS Interface Library Query Response Policy Framework Command Callback Config File Guest OS Metadata Guest Virtual Machine
  • Policy Modules in Livewire
    • Polling modules
      • Lie detector module
        • VMM knows hardware state for each virtual machine
        • Lie detector compares this state to the state provided as feedback from intruder
      • User program integrity detector module
        • Compare signatures of memory pages with saved signatures
      • Signature detector module
        • Scan memory with signature of known viruses, Trojan horse programs, etc.
    • Event-driven modules
      • Memory access enforcer module
        • VMM intercepts attempts to change page access privileges
  • Dynamic Binary Rewriting
    • Program shepherding
      • Control execution of program
        • Prevent program from being attacked
        • Prevent program from being launching point for attacks
    • RIO System (MIT)
      • Based on Dynamo binary optimization system
      • Target of every control transfer instruction verified
        • Not to unauthorized locations
        • Only to safe locations
  • RIO Dynamic Binary Rewriting System
    • Two levels of translation
      • Quick translation (basic blocks)
      • High performance translation (superblocks)
    • Security Checks
      • All code inspected during translation
      • All control transfers are checked before caching/table placement
      • Code cache and map table are protected
      • Small performance loss
    Basic Block Cache Superblock Cache Indirect Branch Lookup Routine Dispatch Routine Basic Block Builder Superblock Selector START Application Mode RIO Mode
  • Migration of Computing Environments
    • Identical environment at any work location
      • When moving from one location to another
        • E.g. Home to work and back
      • Effect similar to carrying hardware back and forth
        • Physical security has to be taken care of
    • Entire state of machine must be transported
      • State of processor resources
        • For OS as well as applications
      • Includes active code and data
    • Concept of a capsule
      • Compressed information about entire system
        • Can be transported from one location to another
  • Virtual Computers
    • Encapsulation simplified through use of virtual machines
    • Encapsulation has the effect of checkpointing
      • Suspend operation on one platform and resume execution at exactly same point on another platform
    Hardware 1 Virtual Machine Monitor 1 Guest OS Guest Apps Virtual Machine Hardware 2 Virtual Machine Monitor 2 Guest OS Guest Apps Virtual Machine Traditional Data Migration Hardware 1 OS1 Apps1 Hardware 2 OS2 Apps2 D a t a D a t a VM Migration
  • VMotion (VMware)
    • Migration of virtual machines in commercial environment
      • Load balancing
      • Security, e.g. quarantine attacked machine
      • Co-location
      • Fault-tolerance
      • Power management
      • Maintenance
    VC Management Server VC Client (User 1) VC Client (User 2) VC Client (User 3) VC Client (User 4) VC Database VM1 VM2 VM3 Data Store VCagent hostA VM4 VM5 VM6 SAN VCagent hostB VM7 VM8 VM9 VCagent hostC
  • Migration Steps
    • Step 1: Ensure that VM is stable on current host
    • Step 2: Perform baseline copy
      • Copy of current memory state and data
    • Step 3: Suspend VM on current host
    • Step 4: Perform final copy
      • Send incremental capsule containing changes since baseline copy
    • Step 5: Activate VM on new host
  • Grids: Virtual Organizations
  • Comparison with Conventional VMs
    • Efficient utilization of resources
      • Similar in motivation to original system VMs
    • Sharing of resources
      • Grid concerned with sharing of content also
        • Not just sharing of resources
    • Distributed control
      • Grid has global scope
        • Users negotiate with each other to share and use resources
    • Heterogeneous nodes
      • Nodes in a grid may be different types of machines
    • Adaptation of applications
      • Applications may need to be adapted for the grid
    • Portability of applications
      • Conceptually similar to goals of HLL VMs
  • Role of System VMs in a Grid
    • Grid has to manage and schedule resources
      • Like an operating system
    • However, grid has to deal with heterogeneity
      • Accounting, for example, is dependent on accounting policies of each grid participant
    • System VM-based approach
      • Treat a VM as the unit of transactions on a grid
        • Not tasks, or programs
        • ( Figuieredo and Fortes)
  • System-VM Based Grid Virtual Machines (Back End) Application Server (Front End F) The Internet Physical Server P User X Information Service Image Server I Data Server D V1 V2 V3 Vn
  • Advantages of SVM based Approach
    • User isolation
      • Protect user from host and other users
      • Protect host from users
    • Platform independence
      • User specifies type of machine, not actual machine
    • Task management and accounting
      • Simplifies allocation and accounting
        • Allocate based on compute requirements
        • Charge based on performance of VM
    • Portability
      • Allows applications to be written for execution on the widest range of platforms
      • Eases encapsulation and migration of jobs between nodes on grid; e.g. Java VMs can be migrated
  • Co-Designed Virtual Machines
    • Separate the hardware/software interface from the ISA level of abstraction
    • Restore the ISA to its “natural” place
      •  as an I mplementation ISA that reflects actual hardware
    • Support existing ISAs
      •  as a Virtual ISA
    • Let processor designers use both
    • hardware and software
    • A form of system VM
    OS libs. User Applications V-ISA I-ISA Hardware Software Hardware OS libs. User Applications ISA
  • Co-Designed VMs
    • Should be of interest to both architects and micro-architects
      • Offers opportunities for performance, power saving, fault tolerance and other implementation-dependent features
      • Allows transcending conventional ISAs
      • IBM Daisy and Transmeta Crusoe
      • Don’t confuse them with VLIW!
      • “pioneers are the ones with arrows in their backs”
  • Architecture Issues: Concealed Memory
    • VM software resides in memory concealed from all conventional software
    Source ISA Data Code Cache VM Code ICache Hierarchy DCache Hierarchy Processor Core Source ISA Code VM Data concealed memory conventional memory
  • Another Way of Doing Things conventional dynamic translation Code Cache Processor Pipeline Software Translator Main Memory Func. Unit Func. Unit . .. Main Memory Cache Hierarchy Processor Pipeline Translation Unit (form uops) Func. Unit Func. Unit Func. Unit . .. Translation Unit (form uops) Cache Hierarchy
  • Fused Instruction Set
    • Co-designed VM x86 implementation
      • Shorten and simplify pipeline front-end
    • Combine pairs of dependent instructions
      • For single “unit” for pipeline processing
    • Use VM software to
      • “ Crack” x86 instructions into RISC-ops
      • Re-order RISC-ops
      • Reassemble into (new) fused pairs
    • Related: Pentium-M fuses in front-end
      • Using original x86 instructions
      • “ Reduced Splitting” is more accurate description
  • Fusing Profile
    • About 50% of operations are fused
    • Only 5-10% of non-fused are single-cycle ALU ops
    0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 164.gzip 175.vpr 176.gcc 181.mcf 186.crafty 197.parser 252.eon 253.perlbmk 254.gap 255.vortex 256.bzip2 300.twolf Average Percentage of Dynamic Instructions ALU FP or NOPs BR ST LD Fused
  • Performance
  • Summary
    • Many types of VMs
      • But common implementation technologies
    • A smart interconnect component
      • Should be studied/taught as a discipline on its own
      • Alongside OS, Application SW, HW
    • Many avenues for research
      • Lots of applications
      • Architecture meta-issues –
        • What features of OS, Applications, HW are “VM friendly”?
        • E.g. Goldberg work in early 70s for system VMs
      • Primitives for supporting VMs