• Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
4,470
On Slideshare
0
From Embeds
0
Number of Embeds
4

Actions

Shares
Downloads
90
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. ARM Architecture-based System Virtualization:Xen ARM open source software project Sang-bum Suh Vice President, Jae-min Ryu Research Staff {sbuk.suh, jm77.ryu}@samsung.com S/W Platform Team DMC Research Center SAMSUNG Electronics Co. 2011.08. Xen Summit North America 2011 © 2011 SAMSUNG Electronics Co.
  • 2. Agenda Overview - History of Xen ARM - Use Cases Xen ARM: Core - Xen ARM Virtualization - Performance Comparison Xen ARM Application: Security - Mobile Malware - Access Control Xen ARM Application: Real-time - Xen ARM: Preemption - Real-time Performance © 2011 SAMSUNG Electronics Co.
  • 3. Overview © 2011 SAMSUNG Electronics Co.
  • 4. History of Xen ARM ‘04 ‘08 ‘09 ‘10 Xen ARM 1st Xen ARM 2nd Xen ARM 3rd Xen ARM 4th x86 Xen Hypervisor Release: Release: Release: Release: Release ARM9 Xen Paravirtualized ARM11MPCore Performance (Cambridge university) Hypervisor, Linux kernel Support Optimization Mini-OS (v2.6.24), Xen tool (Samsung) (Samsung) (Samsung) (Samsung) Xen-ARM Open Source Community  Samsung leads the Xen ARM project  http://wiki.xensource.com/xenwiki/XenARM Supported Hardware & Guest OS  ARM926EJ-S (i.MX21, OMAP5912)  Linux v2.6.11, v2.6.18, v2.6.21, v2.6.24, v2.6.27  Xscale 3rd Generation Architecture (multicore supported)  uC/OS-II (PXA310, Samsung SGH- i780)  ARM1136/ARM1176(Core Only)  Goldfish (QEMU Emulator)  Versatile Platform Board  ARM11MPCore (Realview PB11MP)  Cortex-A9 (Tegra250) © 2011 SAMSUNG Electronics Co.SW Platform Team. 3 / 22
  • 5. Use Cases 1 – HW Consolidation: AP(Application Processor) and BP(Baseband Processor) can share multicore ARM CPU SoC in order to run both Linux and Real-time OS efficiently. 2 – OS Isolation: important call services can be effectively separated from downloaded third party applications by Xen ARM combined with access control. 3 – Rich User Experience: multiple OS domains can run concurrently on a single smartphone. 1 2 3 를 Android Nucleus Secure Kernel Linux GPOS RTOS Virtualization SW (Realtime Hypervisor)V -Core V -Core V -Core V -Core V -Core V-Core V-Core V -Core Core Core Core Core Linux 1 Linux 2 Memory Multi-Core Peri Important Hypervisor Hypervisor services H/W HardwareAP SoC +BP SoC -> Consolidated Multicore SoC Secure Smartphone Rich Applications from Multiple OS © 2011 SAMSUNG Electronics Co.SW Platform Team. 4 / 22
  • 6. Xen ARM: Core © 2011 SAMSUNG Electronics Co.
  • 7. Xen ARM Virtualization Goals  Light weight virtualization for secure 3G/4G mobile devices  High performance hypervisor based on ARM processor  Fine-grained access control fitted to mobile devices Architecture of Xen-ARM VM 0 VM 1 Application Application Application Application Guest Backend Drivers Frontend Drivers Domain Native Drivers VM Interface VM Interface Secure Domain Resource Access Xen-ARM Manager Allocator Control hypervisor Hardware Peripheral System Flash CPU Devices Memory Memory © 2011 SAMSUNG Electronics Co.SW Platform Team. 6 / 22
  • 8. Xen ARM Virtualization Overview Logical mode split  CPU virtualization  Virtualization requires 3 privilege CPU level, but ARM supports 2 level Xen-ARM mode   Xen-ARM mode: supervisor mode ( most privileged level) virtual kernel mode  virtual user mode   Virtual kernel mode: User mode ( least privileged level)  Virtual user mode: User mode ( least privileged level) VM 0 VM 1 VM 2 VM 2 Xen-ARM  Memory virtualization Address Spaces Address Spaces Address Spaces VM 1 Kernel  VM’s own memory should be VM 0 User Process User Process User Process User Process Xen-ARM protected from others MMU  Xen-ARM switches VM’s virtual address space Xen-ARM Physical Virtual Address Space Address Space using MMU  VM is not allowed to manipulate MMU directly VM0 (Linux) VM1 (Linux ) Application Application Application Application Application Application  I/O virtualization Front-end  Split driver model of Xen-ARM Native driver Back-end driver driver  Client & Server architecture for shared I/O devices I/O event  Client: frontend driver Interrupt Xen-ARM  Server: native/backend driver Device © 2011 SAMSUNG Electronics Co.SW Platform Team. 7 / 22
  • 9. Performance Comparison Micro-benchmark Results LMBENCH Micro Benchmark ( Bandwidth )  Evaluation Environments : Samsung Blackjack Phone  CPU : Xscale PXA310, 624MHz Higher is better  L1 Cache : 32KB + 32KB  L2 Cache : 256KB (Disabled)  Memory : 128MB  Guest OS: Linux-2.6.21 LMBENCH Micro Benchmark ( latency ) Lower is better © 2011 SAMSUNG Electronics Co.SW Platform Team. 8 / 22
  • 10. Performance Comparison Micro-benchmark Results  Evaluation Environments : nVidia Tegra250  CPU : Cortex-A9 1GHz Dual Core  L1 Cache : 32KB + 32KB Lower is better  L2 Cache : 1MB 1600  Memory : 1GB 1400 Native Linux Para-virtualized Linux  Guest OS: Linux-2.6.29 1200 (Latency) usec 1000 800 600 400 200 0 LMBENCH Micro Benchmark ( latency ) © 2011 SAMSUNG Electronics Co.SW Platform Team. 9 / 22
  • 11. Performance Comparison Benchmark Results LMBENCH Micro Benchmark ( latency ) 9  Evaluation Environments : Samsung Higher is better Xen/ARM L4 8 Relative Performance Blackjack Phone 7  CPU : Xscale PXA310, 624MHz  L1 Cache : 32KB + 32KB 6  L2 Cache : 256KB (Disabled) 5  Memory : 128MB 4  Guest OS: Linux-2.6.21 3 2 1 0 AIM7 Macro Benchmark S : size(byte) P : # of processes Normalized Performance 1 0.8 0.6 Native Linux Xen/ARM 0.4 L4 0.2 0 1 2 3 Number of Tasks © 2011 SAMSUNG Electronics Co.SW Platform Team. 10 / 22
  • 12. Xen ARM Application For Security © 2011 SAMSUNG Electronics Co.
  • 13. Mobile Malware [Source: F-Secure] Number of mobile malware 600 - More than 420 mobile phone 400 421 viruses (2008) 345 400 - Tens of thousands of infections worldwide 146 200 27 0 2004 2005 2006 2007 2008 [Source: McAfee] Concerns about mobile phone 100% 16.1 18.4 6.9 13.9 security – by market 80% 60% 93.1 86.1 83.9 81.6 40% Feel safe 20% Concerned 0% UK US Japan Total © 2011 SAMSUNG Electronics Co.SW Platform Team. 12 / 22
  • 14. Access ControlDefinition: Access control is a system which enables an authority to control area and resources in a givenphysical facility or computer-based information system [source: Wikipedia] Technical Issues Problem with performance isolation  Availability threat: denial of service (DoS) attack from a compromised domain in a mobile device - CPU overuse: a greater share of CPU time than initial allocation - Performance degradation: The Performance of other domains that share the same I/O device with the compromised domain - Battery drain Isolated Driver Domain1 DomainN Domain (IDD) Malware Excessive I/O … Requests Back-end Front-end Front-end Device drivers Device drivers Device drivers Native Device drivers Secure Xen Devices Hardware © 2011 SAMSUNG Electronics Co.SW Platform Team. 13 / 22
  • 15. Access Control Approach Technical IssuesFine-grained I/O access control module in the IDD and coarse-grained access control module in XenEstimation of CPU consumption by each virtual I/O operation using regression analysis - Network and storage devicesI/O access control enforcement based on the policy and regression equations Target HW spec: XScale 624MHz, 128MB DRAM Domain0 (IDD) Kernel Domain1 Kernel Regression Analysis: Network (4). Asking for decision Access Control fNET, Tx(x) = 370.18 + 0.01 * x Hook Backend Frontend Enforcer driver driver (I/O Scheduler) (3). Connecting to backend driver Regression Analysis: Storage (5). Virtual I/O CPU Usage fMTD,READ(x) = 250 + 0.24 * x (1). Loading policy I/O Resource fMTD,READOOB(x) = 533 + 0.06 * x Accounting fMTD,WRITE(x) = 160 + 0.24 * x fMTD,WRITEOOB(x) = 583 (2). Loading equations fMTD,ERASE(x) = 153.33 + 0.02 * x fMTD,ISBADBLOCK(x) = 58 Secure Xen on ARM fMTD,MARKBAD(x) = 60 Secure Storage x: bytes, f(x): usec © 2011 SAMSUNG Electronics Co.SW Platform Team. 14 / 22
  • 16. Access Control Effectiveness Technical Issues CPU Utilization: Network Test Environment Domain0 (IDD) Domain1 iperf (client) Policy net_atk CPU 100 bonnie Manager mtd_atk Usage (%) iperf (server) Linux 80 Linux kernel v2.6.21 Kernel TcN0 minicom I/O ACM v2.6.21 Linux 60 kernel Secure Xen on ARM TcN1 40 TcN2 Serial Cable Measurement Cable 20 TcN3 WT3000 power meter SGH-i780 Power Meter 0 Linux PC SGH-i780 3 6 9 12 15 18 21 24 27 30 net_atk: UDP packet flooding (sending out UDP packets with the Time size of 44,160 bytes every 1msec) (Sec) mtd_atk: excessive NAND READ operations (scanning every directory in the filesystem and reading file contents) CPU Utilization: Storage CPU 100 Usage Test Cases (%) 80 Network I/O Test Storage I/O Test Cases Cases TcS0 60 No Attack TcN0 TcS0 TcS1 Under Attack 40 (No I/O ACM) TcN1 TcS1 TcS2 Under Attack 20 TcS3 TcN2 TcS2 (20% I/O ACM Policy) Under Attack TcN3 TcS3 0 (10% I/O ACM Policy) 3 6 9 12 15 18 21 24 27 30 Time (Sec) © 2011 SAMSUNG Electronics Co.SW Platform Team. 15 / 22
  • 17. Access Control Effectiveness Throughput: Network No attack 800 700 Throughput (KB/Sec) 600  Throughput increase and power consumption 500 UDP decrease even under malware attack Under 400 attack TCP 300 200 100 0 TcN0 TcN1 TcN2 TcN3 Power Consumption Test Cases No attack Under attack Throughput: Storage 3 No attack 4500 2.5 Throughput (KB/Sec) 4000 2 3500 Under 3000 attack 1.5 Network 2500 Seq.out Storage 2000 Seq.in 1 1500 Rand.seek 1000 0.5 500 Test Cases 0 0 TcS0 TcS1 TcS2 TcS3 TcN0/TcS0 TcN1/TcS1 TcN2/TcS2 TcN3/TcS3 16 Test Cases Test Cases 2011 SAMSUNG Electronics Co. ©SW Platform Team. 16 / 22
  • 18. Xen ARM Application For Real-time © 2011 SAMSUNG Electronics Co.
  • 19. Xen ARM: Pre-emption Status of real-time support Technical Issues  The jitter of timer interrupt latency by the hypervisor is bounded within 10% compared with native real-time OS. Technical Issue  DI and NP sections should be minimized. Latency caused by interrupt-disabled(DI) section Latency caused by non-preemptible(NP) section EN DI EN P NP P Time Time interrupt VM interrupt interrupt VM handler switch handler handler switch Delay Urgent Interrupt Delay Urgent Interrupt Wake up next VM  Hypervisor should support RT Domain via priority-based scheduling, VMM pre-emption and so on. Delay Non RT Non RT Non RT Voluntary Guest RT RT Non RT Domain Interrupt Domain Domain Domain Interrupt domain CPU domain Domain (Running) occurs (Running) (Running) occurs release time Xen-ARM Interrupt Timer Interrupt Send IRQ to Real-time Domain (As Non RT Domain has credits, Scheduling Scheduling Scheduling RT Domain is not scheduled. Furthermore Xen cannot tell differencebetween Non RT Domain and RT Domain.) Preemption © 2011 SAMSUNG Electronics Co. SW Platform Team. 18 / 22
  • 20. Real-time Performance • Evaluation Environment  Cyclictest benchmark repeats Category Description 1. RT task sleeps for 10ms 2. Timer interrupt will occur after 10ms H/W CPU Cortex-A9 / 1GHz / Dual Core 3. Timer interrupt wakes up the RT (Tegra250) RAM 1GB domain(uC/OS-II) 4. uC/OS-II preempts Xen-ARM S/W Hypervisor Xen-ARM 5. RT task is scheduled 6. RT task logs timestamp Guest OS Linux-2.6.29 (DOM0) (Running Busy Loop Task) Guest OS uC/OS-II (DOM1) (Running RT Task : Cyclictest benchmark) Native(uC/OS-II) Min Avg Max 9995 9996.810169 10000 Xen-ARM(uC/OS-II) Min Avg Max Response Overhead(3us) 9996 9999.327119 10001 Unit : usec © 2011 SAMSUNG Electronics Co.SW Platform Team. 19 / 22
  • 21. Q&A © 2011 SAMSUNG Electronics Co.