The document discusses various attacks targeting virtualization systems, including guest hopping, VM deletion/control attacks, code/file injection, VM migration attacks, and hyperjacking. It describes how hyperjacking involves installing a rogue hypervisor beneath the original one to gain control of the host operating system without being detected by guest VMs or applications. The VENOM vulnerability allowed this by exploiting a buffer overflow in the virtual floppy disk controller driver included in many virtualization platforms like KVM and Xen. Mitigations for hyperjacking include hypervisor self-protection, validation of the running hypervisor, and preventing direct external modification.
Identifying and analyzing security threats to virtualized cloud computing inf...IBM222
I found this recent paper on IEEE, it has very good information about cloud security, privacy challenges, latest threats and vulnerabilities. Solution to overcome cloud security and privacy issues are also discussed in this paper. It also discusses the virtualized cloud infrastructures, attack surface and how they are designed or developed.
This document discusses cloud security and virtual machine introspection (VMI). It begins by introducing several standards and organizations related to cloud security. It then explains the CIA triad of confidentiality, integrity and availability. Next, it covers authentication, authorization and auditing. The document discusses cloud adoption trends in India. It provides a taxonomy of attacks in cloud environments and describes various attacks on virtual machines, virtual machine monitors, virtual networks, virtual storage and hardware. It introduces VMI and explains its architecture and how it can be used for signature-based detection. Finally, it discusses several VMI-based intrusion detection systems like CloudHedge, VMIMD, NvCloudIDS and PSI-NetVisor.
VENOM (Virtualised Environment Neglected Operations Manipulation) is a vulnerability that could allow an attacker to escape a guest virtual machine and access the host system, along with other virtual machines running on this system, and access their data.
Virtual Machine Introspection - Future of the CloudTjylen Veselyj
In this presentation I'm talking about feature of VMI technology that are vital for malware analysis, intrusion detection and attack prevention in virtualized environment. This presentation is part of my Ph.D. work and contain summary of VMI state in 2013.
Virtualization provides advantages like managed execution, isolation, resource partitioning and portability. However, it can also lead to performance degradation, inefficiency, and new security threats. Virtualization technologies like Xen, VMware and Hyper-V use approaches like paravirtualization and full virtualization to virtualize hardware and provide isolated execution environments while managing the tradeoffs between performance, functionality and security.
CSA Presentation 26th May Virtualization securityv2vivekbhat
Bryan Nairn discusses security considerations for virtualization. Virtual machines are increasingly common but over 40% will be less secure than physical servers by 2014. Key risks include compromised host machines which could then control VMs, and unpatched guest operating systems. Defenses include hardening host servers, protecting virtual machine files, isolating guest networks, and using access control lists to manage permissions for VMs. Securing the virtualization platform requires attention to both host and guest security.
Bryan Nairn discusses security considerations for virtualization. He notes that over 40% of virtual machines will be less secure than physical machines by 2014. The document outlines common virtualization security myths and describes the hypervisor architecture. It discusses isolation between virtual machines and the hypervisor's security goals of protecting data confidentiality and integrity. The document also covers common attack vectors and provides potential solutions for securing the host system and virtual machines.
Identifying and analyzing security threats to virtualized cloud computing inf...IBM222
I found this recent paper on IEEE, it has very good information about cloud security, privacy challenges, latest threats and vulnerabilities. Solution to overcome cloud security and privacy issues are also discussed in this paper. It also discusses the virtualized cloud infrastructures, attack surface and how they are designed or developed.
This document discusses cloud security and virtual machine introspection (VMI). It begins by introducing several standards and organizations related to cloud security. It then explains the CIA triad of confidentiality, integrity and availability. Next, it covers authentication, authorization and auditing. The document discusses cloud adoption trends in India. It provides a taxonomy of attacks in cloud environments and describes various attacks on virtual machines, virtual machine monitors, virtual networks, virtual storage and hardware. It introduces VMI and explains its architecture and how it can be used for signature-based detection. Finally, it discusses several VMI-based intrusion detection systems like CloudHedge, VMIMD, NvCloudIDS and PSI-NetVisor.
VENOM (Virtualised Environment Neglected Operations Manipulation) is a vulnerability that could allow an attacker to escape a guest virtual machine and access the host system, along with other virtual machines running on this system, and access their data.
Virtual Machine Introspection - Future of the CloudTjylen Veselyj
In this presentation I'm talking about feature of VMI technology that are vital for malware analysis, intrusion detection and attack prevention in virtualized environment. This presentation is part of my Ph.D. work and contain summary of VMI state in 2013.
Virtualization provides advantages like managed execution, isolation, resource partitioning and portability. However, it can also lead to performance degradation, inefficiency, and new security threats. Virtualization technologies like Xen, VMware and Hyper-V use approaches like paravirtualization and full virtualization to virtualize hardware and provide isolated execution environments while managing the tradeoffs between performance, functionality and security.
CSA Presentation 26th May Virtualization securityv2vivekbhat
Bryan Nairn discusses security considerations for virtualization. Virtual machines are increasingly common but over 40% will be less secure than physical servers by 2014. Key risks include compromised host machines which could then control VMs, and unpatched guest operating systems. Defenses include hardening host servers, protecting virtual machine files, isolating guest networks, and using access control lists to manage permissions for VMs. Securing the virtualization platform requires attention to both host and guest security.
Bryan Nairn discusses security considerations for virtualization. He notes that over 40% of virtual machines will be less secure than physical machines by 2014. The document outlines common virtualization security myths and describes the hypervisor architecture. It discusses isolation between virtual machines and the hypervisor's security goals of protecting data confidentiality and integrity. The document also covers common attack vectors and provides potential solutions for securing the host system and virtual machines.
Virtualization allows multiple operating systems to run simultaneously on a single computer through virtual machines. There are security risks to virtualization including compromise of the virtualization layer which could impact all virtual machines, lack of visibility into internal virtual networks, mixing virtual machines of different trust levels on a single physical server, and lack of access controls on the hypervisor layer. Security teams must be involved in virtualization projects from the beginning to help address these risks.
• Overview and Introduction to Virtualisation
• Security Risks in Virtualised Environments
• Controls in Virtualised Environments
• Summary and Conclusions
The document discusses security issues related to cloud computing including traditional problems like data loss and downtime as well as new issues introduced by cloud architectures like lack of a security perimeter, increased attack surface from virtualization, and challenges around data confidentiality, integrity and availability when data is stored, processed and transmitted remotely in the cloud. Virtualization introduces additional security risks around hypervisor vulnerabilities, VM isolation, and state restoration that could allow compromised VMs to persist.
Virtualization allows multiple operating systems to run on a single physical system by sharing hardware resources. It is enabled by a hypervisor which controls the host system's processor and resources, allocating them to guest virtual machines. Virtualization improves resource utilization and costs by pooling physical hardware and allocating virtual resources on demand. However, the hypervisor is a potential point of failure as it has control over the entire system and is part of the trusted computing base. Approaches aim to reduce this risk by removing the hypervisor or restricting its control.
This document discusses different levels of virtualization including instruction set architecture level, hardware level, operating system level, library support level, and application level. It provides details on each level such as how virtualization is performed, advantages, disadvantages, and examples. It also discusses virtual machine monitors, requirements for VMMs, OS-level virtualization, advantages and disadvantages of OS extensions for virtualization.
Virtualization in embedded systems allows multiple operating systems to run simultaneously on a single embedded device by using a hypervisor to create virtual machines. A hypervisor presents each virtual machine with a virtualized hardware platform and manages resource sharing between virtual machines, providing benefits like improved security, efficiency, and fault tolerance. Embedded hypervisors are designed to have small code sizes for security and to efficiently share memory and communication channels between virtual machines. Examples of virtualization in embedded systems include using a hypervisor on smartphones to separate corporate and personal use on a single device.
A virtual machine (VM) uses software to run programs and deploy apps instead of using physical computer hardware. Multiple VMs can run on a single physical host machine. Each VM runs its own operating system separately from other VMs. VMs provide benefits like cost savings, agility, scalability, and security by isolating applications. However, VMs can also result in slower performance compared to physical machines. A hypervisor manages interactions between the physical hardware and VMs, enabling virtualization. There are two main types of hypervisors - type 1 runs directly on the hardware while type 2 runs within a host operating system.
This document discusses challenges in protecting virtual data centers and cloud systems. It describes emerging solutions like running protection engines outside the operating system context in a hypervisor to gain better visibility and context. Intelligent Protection is introduced as a solution using a hypervisor to intercept interactions and apply security controls like a virtual firewall, intrusion prevention, and anti-malware. Future extensions are outlined like integrating multiple anti-malware engines and applying these techniques beyond clouds to mobile devices.
Cloud computing allows users to access shared computing resources over the internet. It utilizes virtualization which involves partitioning physical resources and allocating them to virtual machines. This improves resource utilization, enables multi-tenancy, and makes resources scalable and flexible. Virtualization allows multiple operating systems and applications to run concurrently on a single physical server through virtual machines. It provides benefits like hardware independence, migration of virtual machines, and better fault isolation. Security challenges in virtualized cloud environments include issues around scaling, diversity, identity management and sensitive data lifetime.
This document discusses security considerations for virtual machines (VMs) running on VMware. It recommends treating each VM as a separate computer and applying standard security practices like installing antivirus software and keeping operating systems updated. Additional risks for VMs include a compromised host machine potentially interacting with guest VMs and shared network configurations allowing attacks between VMs. Regular backups that include all VM files are also advised to protect against data loss.
International Journal of Computational Engineering Research(IJCER)ijceronline
International Journal of Computational Engineering Research(IJCER) is an intentional online Journal in English monthly publishing journal. This Journal publish original research work that contributes significantly to further the scientific knowledge in engineering and Technology.
This document provides an overview of virtual machines (VMs), including what they are, common uses, benefits, types, architecture, and pros and cons. A VM is a software implementation of a machine that runs programs like a physical computer. VMs are used for testing applications in different environments, backing up systems, and running incompatible software. Benefits include cost savings from consolidating infrastructure, agility during development, scalability, security isolation, and high availability through backups and migration. Main types are system VMs for full operating systems and process VMs for application runtimes. Key software includes VMware, VirtualBox, Xen, and KVM. While VMs provide flexibility, they also use significant resources and have reduced direct
This document discusses virtual machines (VMs), including what they are, their uses, benefits, types, architecture, and pros and cons. A VM is a software implementation of a machine that runs programs like a physical computer. VMs provide identical interfaces to underlying hardware and allow multiple processes to run in isolation. They are used for cloud applications, testing operating systems, development environments, backups, and running incompatible software. Benefits include cost savings, agility, scalability, security, and lower downtime. Types of VMs include system VMs for full OSes and process VMs for applications. Popular VM software includes VirtualBox, Xen, VMware Workstation, Citrix, and KVM.
This document discusses security best practices for virtual machines (VMs) running on VMware. It recommends treating each VM as a standalone computer and installing antivirus software and keeping operating systems updated. Additional tips include using network address translation (NAT), backing up VMs when powered off, and being aware that if the host system is compromised it could impact VMs. Proper planning of disk allocation and regular backups are also advised to help secure VMs.
Virtualization allows multiple operating systems and applications to run on a single hardware device by dividing the resources virtually. It involves partitioning the resources of a physical machine, like CPU, memory and storage, and presenting them as multiple virtual machines. There are two main types of hypervisors - Type 1 runs directly on the hardware and Type 2 runs on an existing operating system. Virtualization provides benefits like increased hardware utilization, security, development flexibility and more. It can be applied to servers, desktops, applications, networks and storage.
Virtualization, A Concept Implementation of CloudNishant Munjal
This presentation will guide through deploying virtualization in linux environment and get its access to another machine followed by virtualization concept.
The document provides a summary of various cybersecurity news items. It discusses the Rombertik malware that uses obfuscation to avoid detection and destroys the master boot record if analyzed. It also mentions vulnerabilities in the Apple Safari browser and FBI reports that a security researcher admitted to briefly hacking a plane's systems in flight. Additional items summarized include the Venom virtualization vulnerability, a DDoS botnet leveraging insecure home routers, and a program called USBKill that instantly disables a computer if USB activity is detected to prevent secrets from being examined.
Virtualization allows multiple operating systems to run simultaneously on a single computer through virtual machines. There are security risks to virtualization including compromise of the virtualization layer which could impact all virtual machines, lack of visibility into internal virtual networks, mixing virtual machines of different trust levels on a single physical server, and lack of access controls on the hypervisor layer. Security teams must be involved in virtualization projects from the beginning to help address these risks.
• Overview and Introduction to Virtualisation
• Security Risks in Virtualised Environments
• Controls in Virtualised Environments
• Summary and Conclusions
The document discusses security issues related to cloud computing including traditional problems like data loss and downtime as well as new issues introduced by cloud architectures like lack of a security perimeter, increased attack surface from virtualization, and challenges around data confidentiality, integrity and availability when data is stored, processed and transmitted remotely in the cloud. Virtualization introduces additional security risks around hypervisor vulnerabilities, VM isolation, and state restoration that could allow compromised VMs to persist.
Virtualization allows multiple operating systems to run on a single physical system by sharing hardware resources. It is enabled by a hypervisor which controls the host system's processor and resources, allocating them to guest virtual machines. Virtualization improves resource utilization and costs by pooling physical hardware and allocating virtual resources on demand. However, the hypervisor is a potential point of failure as it has control over the entire system and is part of the trusted computing base. Approaches aim to reduce this risk by removing the hypervisor or restricting its control.
This document discusses different levels of virtualization including instruction set architecture level, hardware level, operating system level, library support level, and application level. It provides details on each level such as how virtualization is performed, advantages, disadvantages, and examples. It also discusses virtual machine monitors, requirements for VMMs, OS-level virtualization, advantages and disadvantages of OS extensions for virtualization.
Virtualization in embedded systems allows multiple operating systems to run simultaneously on a single embedded device by using a hypervisor to create virtual machines. A hypervisor presents each virtual machine with a virtualized hardware platform and manages resource sharing between virtual machines, providing benefits like improved security, efficiency, and fault tolerance. Embedded hypervisors are designed to have small code sizes for security and to efficiently share memory and communication channels between virtual machines. Examples of virtualization in embedded systems include using a hypervisor on smartphones to separate corporate and personal use on a single device.
A virtual machine (VM) uses software to run programs and deploy apps instead of using physical computer hardware. Multiple VMs can run on a single physical host machine. Each VM runs its own operating system separately from other VMs. VMs provide benefits like cost savings, agility, scalability, and security by isolating applications. However, VMs can also result in slower performance compared to physical machines. A hypervisor manages interactions between the physical hardware and VMs, enabling virtualization. There are two main types of hypervisors - type 1 runs directly on the hardware while type 2 runs within a host operating system.
This document discusses challenges in protecting virtual data centers and cloud systems. It describes emerging solutions like running protection engines outside the operating system context in a hypervisor to gain better visibility and context. Intelligent Protection is introduced as a solution using a hypervisor to intercept interactions and apply security controls like a virtual firewall, intrusion prevention, and anti-malware. Future extensions are outlined like integrating multiple anti-malware engines and applying these techniques beyond clouds to mobile devices.
Cloud computing allows users to access shared computing resources over the internet. It utilizes virtualization which involves partitioning physical resources and allocating them to virtual machines. This improves resource utilization, enables multi-tenancy, and makes resources scalable and flexible. Virtualization allows multiple operating systems and applications to run concurrently on a single physical server through virtual machines. It provides benefits like hardware independence, migration of virtual machines, and better fault isolation. Security challenges in virtualized cloud environments include issues around scaling, diversity, identity management and sensitive data lifetime.
This document discusses security considerations for virtual machines (VMs) running on VMware. It recommends treating each VM as a separate computer and applying standard security practices like installing antivirus software and keeping operating systems updated. Additional risks for VMs include a compromised host machine potentially interacting with guest VMs and shared network configurations allowing attacks between VMs. Regular backups that include all VM files are also advised to protect against data loss.
International Journal of Computational Engineering Research(IJCER)ijceronline
International Journal of Computational Engineering Research(IJCER) is an intentional online Journal in English monthly publishing journal. This Journal publish original research work that contributes significantly to further the scientific knowledge in engineering and Technology.
This document provides an overview of virtual machines (VMs), including what they are, common uses, benefits, types, architecture, and pros and cons. A VM is a software implementation of a machine that runs programs like a physical computer. VMs are used for testing applications in different environments, backing up systems, and running incompatible software. Benefits include cost savings from consolidating infrastructure, agility during development, scalability, security isolation, and high availability through backups and migration. Main types are system VMs for full operating systems and process VMs for application runtimes. Key software includes VMware, VirtualBox, Xen, and KVM. While VMs provide flexibility, they also use significant resources and have reduced direct
This document discusses virtual machines (VMs), including what they are, their uses, benefits, types, architecture, and pros and cons. A VM is a software implementation of a machine that runs programs like a physical computer. VMs provide identical interfaces to underlying hardware and allow multiple processes to run in isolation. They are used for cloud applications, testing operating systems, development environments, backups, and running incompatible software. Benefits include cost savings, agility, scalability, security, and lower downtime. Types of VMs include system VMs for full OSes and process VMs for applications. Popular VM software includes VirtualBox, Xen, VMware Workstation, Citrix, and KVM.
This document discusses security best practices for virtual machines (VMs) running on VMware. It recommends treating each VM as a standalone computer and installing antivirus software and keeping operating systems updated. Additional tips include using network address translation (NAT), backing up VMs when powered off, and being aware that if the host system is compromised it could impact VMs. Proper planning of disk allocation and regular backups are also advised to help secure VMs.
Virtualization allows multiple operating systems and applications to run on a single hardware device by dividing the resources virtually. It involves partitioning the resources of a physical machine, like CPU, memory and storage, and presenting them as multiple virtual machines. There are two main types of hypervisors - Type 1 runs directly on the hardware and Type 2 runs on an existing operating system. Virtualization provides benefits like increased hardware utilization, security, development flexibility and more. It can be applied to servers, desktops, applications, networks and storage.
Virtualization, A Concept Implementation of CloudNishant Munjal
This presentation will guide through deploying virtualization in linux environment and get its access to another machine followed by virtualization concept.
The document provides a summary of various cybersecurity news items. It discusses the Rombertik malware that uses obfuscation to avoid detection and destroys the master boot record if analyzed. It also mentions vulnerabilities in the Apple Safari browser and FBI reports that a security researcher admitted to briefly hacking a plane's systems in flight. Additional items summarized include the Venom virtualization vulnerability, a DDoS botnet leveraging insecure home routers, and a program called USBKill that instantly disables a computer if USB activity is detected to prevent secrets from being examined.
Similar to 663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf (20)
artificial intelligence and data science contents.pptxGauravCar
What is artificial intelligence? Artificial intelligence is the ability of a computer or computer-controlled robot to perform tasks that are commonly associated with the intellectual processes characteristic of humans, such as the ability to reason.
› ...
Artificial intelligence (AI) | Definitio
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
Applications of artificial Intelligence in Mechanical Engineering.pdfAtif Razi
Historically, mechanical engineering has relied heavily on human expertise and empirical methods to solve complex problems. With the introduction of computer-aided design (CAD) and finite element analysis (FEA), the field took its first steps towards digitization. These tools allowed engineers to simulate and analyze mechanical systems with greater accuracy and efficiency. However, the sheer volume of data generated by modern engineering systems and the increasing complexity of these systems have necessitated more advanced analytical tools, paving the way for AI.
AI offers the capability to process vast amounts of data, identify patterns, and make predictions with a level of speed and accuracy unattainable by traditional methods. This has profound implications for mechanical engineering, enabling more efficient design processes, predictive maintenance strategies, and optimized manufacturing operations. AI-driven tools can learn from historical data, adapt to new information, and continuously improve their performance, making them invaluable in tackling the multifaceted challenges of modern mechanical engineering.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
Discover the latest insights on Data Driven Maintenance with our comprehensive webinar presentation. Learn about traditional maintenance challenges, the right approach to utilizing data, and the benefits of adopting a Data Driven Maintenance strategy. Explore real-world examples, industry best practices, and innovative solutions like FMECA and the D3M model. This presentation, led by expert Jules Oudmans, is essential for asset owners looking to optimize their maintenance processes and leverage digital technologies for improved efficiency and performance. Download now to stay ahead in the evolving maintenance landscape.
1. UNIT-III
Virtualization System Security
• Virtualization System-Specific Attacks:
• Guest hopping,
• Attacks on the VM (delete the VM, attack on the control of
the VM, Code or file injection into the virtualized file
structure),
• VM migration attack, hyper jacking.
4. Introduction : Virtual Threats-
Some of the vulnerabilities exposed
Virtual machine monitoring from another VM — Usually,
VMs should not be able to directly access one another’s
virtual disks on the host.
However, if the VM platform uses a virtual hub or switch to
connect the VMs to the host, then intruders may be able to
use a hacker technique known as “ARP poisoning” to
redirect packets going to or from the other VM for sniffing.
Virtual machine backdoors — A backdoor, covert
communications channel between the guest and host could
allow intruders to perform potentially dangerous
operations.
6. Introduction : Virtual Threats- VM THREAT LEVELS
When categorizing the threat posed to virtualized environments, often the
vulnerability/threat matrix is classified into three levels of compromise:
• Abnormally terminated — Availability to the virtual machine is
compromised, as the VM is placed into an infinite loop that prevents the
VM administrator from accessing the VM’s monitor.
• Partially compromised — The virtual machine allows a hostile process
to interfere with the virtualization manager, contaminating state
checkpoints or over-allocating resources.
• Totally compromised — The virtual machine is completely overtaken
and directed to execute unauthorized commands on its host with
elevated privileges.
16. New Virtualization System-Specific Attacks
VM migration
–Migration attack is an attack on the network during VM
migration from one place to another. This attack is an exploit
on the mobility of virtualization.
–Since VM images are easily moved between physical machines
through the network, enterprises constantly move VMs to
various places based on their usage.
–For example, VMs from a canceled customer may be moved to
a backup data center, and VMs that need maintenance may be
moved to a testing data center for changes.
–Thus, when VMs are on the network between secured
perimeters, attackers can exploit the network vulnerability to
gain unauthorized access to VMs.
– Similarly, the attackers can plant malicious code in the VM
images to plant attacks on data centers that VMs travel
between.
19. New Virtualization System-Specific Attacks
VM migration-Types and Techniques
Cold Migration
Before migration, the virtual machine must be powered off, after
doing this task. The old one should be deleted from source host.
Moreover, the virtual machine need not to be on shared storage.
Warm Migration
Whenever transfer OS and any application, there is no need to
suspend the source host. Basically it has high demand in public
cloud.
Live Migration
It is the process of moving a running virtual machine without
stopping the OS and other applications from source host to
destination host.
20. New Virtualization System-Specific Attacks
■ VM migration-Types and Techniques
1) Pre- Copy Migration:
In this migration, the hypervisor copies all memory page from source machine to destination
machine while the virtual machine is running. It has two phases: Warm- up Phase and stop and
copy phase.
a) Warm Up Phase:
During copying all memory pages from source to destination, some memory pages changed
because of source machine CPU is active. All the changed memory pages are known as dirty pages.
All these dirty pages are required to recopy on destination machine; this phase is called as warm
up phase.
b) Stop & Copy Phase: Warm up phase is repeated until all the dirty pages recopied on
destination machine. This time CPU of source machine is deactivated till all memory pages will
transfer another machine. Ultimately at this time CPU of both source and destination is suspended,
this is known as down time phase. This is the main thing that has to explore in migration for its
optimization.
21.
22. New Virtualization System-Specific Attacks
■ VM migration-Types and Techniques
2) Post- Copy Migration:
In this technique, VM at the source is suspended to start post copy VM
migration.
When VM is suspended, execution state of the VM (i.e. CPU state,
registers, non-pageable memory) is transferred to the target.
In parallel the sources actively send the remaining memory pages of
the VM to the target.
This process is known as pre-paging.
At the target, if the VM tries to access a page that has not been
transferred yet, it generates a page fault, also known as network faults.
These faults are redirect to the source, which responds with the faulted
pages.
Due to this, the performance of applications is degrading with number
of network faults.
To overcome this, pre-paging scheme is used to push pages after the
last fault by dynamically using page transmission order