The second class in CIS222, Introduction to UNIX/Linux.
Prepares for Virtualbox installation, and brief overview of default Linux installation.
Overview of main points of BIOS, Virtualization.
The second class in CIS222, Introduction to UNIX/Linux.
Prepares for Virtualbox installation, and brief overview of default Linux installation.
Overview of main points of BIOS, Virtualization.
Disco: Running Commodity Operating Systems on Scalable Multiprocessors DiscoMagnus Backman
Disco: Running Commodity Operating Systems on Scalable Multiprocessors
VMware started as a grad school project out of Stansford university.
Many servers were under utilized so Project Disco was born.
Yes, VMware was originally called Project Disco.
In fact both GOOGLE and Project Disco started out together as grad projects.
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18Casey Bisson
As presented at LinuxCon/CloudOpen 2015: http://sched.co/3Y3v
We tell our code lies from development to deploy. The most common of these lies start with the simple act of launching a virtual machine. These lies are critical to our applications. Some of them protect applications from themselves and each other, some even improve performance. Some, however, decrease performance, and others create barriers to simply getting things done.
We lie about the systems, networks, storage, RAM, CPU and other resources our applications use, but how we tell those lies is critical to how the applications that depend on them perform. Joyent's Casey Bisson will explore the lies we tell our code and demonstrate examples of how they sometimes help and hurt us.
EuroSec2011 Slide "Memory Deduplication as a Threat to the Guest OS" by Kuniy...Kuniyasu Suzaki
EuroSec2011 (EuroSys2011 workshop) Slide of "Memory Deduplication as a Threat to the Guest OS" by Kuniyasu Suzaki
http://www.iseclab.org/eurosec-2011/program.html
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...The Linux Foundation
Tweet Share
By leveraging specialization and the use of minimalistic OSes, unikernels are able to yield impressive numbers, including fast instantiation times (tens of milliseconds or less), tiny memory footprints (a few MBs or even KBs), and high consolidation (e.g., being able to run many instances on a single device), not to mention a reduced attack surface and easier certification.
The fundamental drawback of unikernels is that they require that applications be manually ported to the underlying minimalistic OS; this requires both expert work and often considerable amount of time.
To address this, we present Unikraft, a Xen sub-project aimed at automating the process of building customized unikernels tailored
to specific applications and thus significantly reducing development time. We will provide a detailed explanation of the system as well as a demonstration of it.
This talk with discuss the design and implementation of a new type of hypervisor derived from the Xen code base. µ-Xen has been built and optimized for modern CPUs and chipsets, and thus assumes the presence of CPU and IO MMUs that are virtualization capable. µ-Xen borrows extensively from the production-proven and tuned Xen code base, but removal of support for older hardware and PV-MMU guests has enabled significant simplification of the code. µ-Xen supports optimizations in support of running large numbers of very similar virtual machines, through the support of a native 'vmfork' optimization and efficient re-merging of shareable pages.
The primary goal of µ-Xen has been to run as a late-load hypervisor on an existing OS. It has a narrow and well-defined interface to the services it expects from the underlying OS, which makes it easy to port to other OSes, or to enable it to run on bare metal. During initialisation, µ-Xen can de-privilege the running host OS into a VM container, enabling it to establish itself as the most privileged software component in the system. Thus, µ-Xen enforces the privacy and integrity of itself and VMs that it is running, against a faulty or malicious host OS, while co-operating with the host OS on the actual allocation of physical resources.
This talk with discuss the design and implementation of a new type of hypervisor derived from the Xen code base. µ-Xen has been built and optimized for modern CPUs and chipsets, and thus assumes the presence of CPU and IO MMUs that are virtualization capable. µ-Xen borrows extensively from the production-proven and tuned Xen code base, but removal of support for older hardware and PV-MMU guests has enabled significant simplification of the code. µ-Xen supports optimizations in support of running large numbers of very similar virtual machines, through the support of a native 'vmfork' optimization and efficient re-merging of shareable pages.
The primary goal of µ-Xen has been to run as a late-load hypervisor on an existing OS. It has a narrow and well-defined interface to the services it expects from the underlying OS, which makes it easy to port to other OSes, or to enable it to run on bare metal. During initialisation, µ-Xen can de-privilege the running host OS into a VM container, enabling it to establish itself as the most privileged software component in the system. Thus, µ-Xen enforces the privacy and integrity of itself and VMs that it is running, against a faulty or malicious host OS, while co-operating with the host OS on the actual allocation of physical resources.
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...The Linux Foundation
This presentation will detail a practical approach to memory introspection of virtual machines running on the Xen hypervisor with no in-guest footprint. The functionality makes use of the mem-event API with a number of improvements which enable the proper tracking of guest OS activity. The technology created on top of this Xen API opens the door for several immediate applications, including: rootkit detection and prevention, detection and action on several categories of malware, and event source information for low-level post-event forensics and correlation based on real event data during events.
Performance Evaluation and Tuning of Virtual Infrastructure Managers for (Micro) Virtual Network Functions
Virtualized Network Functions (VNFs) are emerging as the keystone of 5G network architectures: flexibility, agility, fast instantiation times, consolidation, Commercial Off The Shelf (COTS) hardware support and significant cost savings are fundamental for meeting the requirements of the new generation of mobile networks. In this paper we deal with the management of the virtual computing resources for the execution of Micro VNFs. This functionality is performed by the Virtual Infrastructure Manager (VIM) in the NFV MANagement and Orchestration (MANO) reference architecture. We discuss the VIM instantiation process and propose a generic reference model, starting from the analysis of two Open Source VIMs, namely OpenStack Nova and Nomad. We implemented a tuned version of the VIMs with the specific goal of reducing the duration of the instantiation process. We realized a performance comparison of the two VIMs, both considering the plain and the tuned versions. The tuned VIMs and the performance evaluation tools that we have employed are provided openly and can be downloaded from our repository.
Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...inside-BigData.com
“Singularity is an open source container solution being developed specifically for HPC environments. With Singularity, HPC users can safely bring their own execution environments to the cluster. Unlike other container solutions,Singularity does not require root level permissions to run containers, which allows users to freely control what software stack they wish to use.Provisioning of a container image can be done locally on the user’s machine or on Singularity Hub. The resulting image can then be securely executed on any machine with Singularity installed. Reproduction of results has never been easier: a user can now share a single Singularity image file that will ensure a consistent execution environment wherever it is run.
This presentation will provide an in-depth look at how Singularity is able to securely run user containers on HPC systems. After a brief introduction to Singularity and its relationship to other container solutions, the details of Singularity’s runtime will be explored. The way that Singularity leverages Linux features such as namespaces, bind mounts, and SUID binaries will be discussed in further detail as well.”
Disco: Running Commodity Operating Systems on Scalable Multiprocessors DiscoMagnus Backman
Disco: Running Commodity Operating Systems on Scalable Multiprocessors
VMware started as a grad school project out of Stansford university.
Many servers were under utilized so Project Disco was born.
Yes, VMware was originally called Project Disco.
In fact both GOOGLE and Project Disco started out together as grad projects.
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18Casey Bisson
As presented at LinuxCon/CloudOpen 2015: http://sched.co/3Y3v
We tell our code lies from development to deploy. The most common of these lies start with the simple act of launching a virtual machine. These lies are critical to our applications. Some of them protect applications from themselves and each other, some even improve performance. Some, however, decrease performance, and others create barriers to simply getting things done.
We lie about the systems, networks, storage, RAM, CPU and other resources our applications use, but how we tell those lies is critical to how the applications that depend on them perform. Joyent's Casey Bisson will explore the lies we tell our code and demonstrate examples of how they sometimes help and hurt us.
EuroSec2011 Slide "Memory Deduplication as a Threat to the Guest OS" by Kuniy...Kuniyasu Suzaki
EuroSec2011 (EuroSys2011 workshop) Slide of "Memory Deduplication as a Threat to the Guest OS" by Kuniyasu Suzaki
http://www.iseclab.org/eurosec-2011/program.html
XPDDS18: Unleashing the Power of Unikernels with Unikraft - Florian Schmidt, ...The Linux Foundation
Tweet Share
By leveraging specialization and the use of minimalistic OSes, unikernels are able to yield impressive numbers, including fast instantiation times (tens of milliseconds or less), tiny memory footprints (a few MBs or even KBs), and high consolidation (e.g., being able to run many instances on a single device), not to mention a reduced attack surface and easier certification.
The fundamental drawback of unikernels is that they require that applications be manually ported to the underlying minimalistic OS; this requires both expert work and often considerable amount of time.
To address this, we present Unikraft, a Xen sub-project aimed at automating the process of building customized unikernels tailored
to specific applications and thus significantly reducing development time. We will provide a detailed explanation of the system as well as a demonstration of it.
This talk with discuss the design and implementation of a new type of hypervisor derived from the Xen code base. µ-Xen has been built and optimized for modern CPUs and chipsets, and thus assumes the presence of CPU and IO MMUs that are virtualization capable. µ-Xen borrows extensively from the production-proven and tuned Xen code base, but removal of support for older hardware and PV-MMU guests has enabled significant simplification of the code. µ-Xen supports optimizations in support of running large numbers of very similar virtual machines, through the support of a native 'vmfork' optimization and efficient re-merging of shareable pages.
The primary goal of µ-Xen has been to run as a late-load hypervisor on an existing OS. It has a narrow and well-defined interface to the services it expects from the underlying OS, which makes it easy to port to other OSes, or to enable it to run on bare metal. During initialisation, µ-Xen can de-privilege the running host OS into a VM container, enabling it to establish itself as the most privileged software component in the system. Thus, µ-Xen enforces the privacy and integrity of itself and VMs that it is running, against a faulty or malicious host OS, while co-operating with the host OS on the actual allocation of physical resources.
This talk with discuss the design and implementation of a new type of hypervisor derived from the Xen code base. µ-Xen has been built and optimized for modern CPUs and chipsets, and thus assumes the presence of CPU and IO MMUs that are virtualization capable. µ-Xen borrows extensively from the production-proven and tuned Xen code base, but removal of support for older hardware and PV-MMU guests has enabled significant simplification of the code. µ-Xen supports optimizations in support of running large numbers of very similar virtual machines, through the support of a native 'vmfork' optimization and efficient re-merging of shareable pages.
The primary goal of µ-Xen has been to run as a late-load hypervisor on an existing OS. It has a narrow and well-defined interface to the services it expects from the underlying OS, which makes it easy to port to other OSes, or to enable it to run on bare metal. During initialisation, µ-Xen can de-privilege the running host OS into a VM container, enabling it to establish itself as the most privileged software component in the system. Thus, µ-Xen enforces the privacy and integrity of itself and VMs that it is running, against a faulty or malicious host OS, while co-operating with the host OS on the actual allocation of physical resources.
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...The Linux Foundation
This presentation will detail a practical approach to memory introspection of virtual machines running on the Xen hypervisor with no in-guest footprint. The functionality makes use of the mem-event API with a number of improvements which enable the proper tracking of guest OS activity. The technology created on top of this Xen API opens the door for several immediate applications, including: rootkit detection and prevention, detection and action on several categories of malware, and event source information for low-level post-event forensics and correlation based on real event data during events.
Performance Evaluation and Tuning of Virtual Infrastructure Managers for (Micro) Virtual Network Functions
Virtualized Network Functions (VNFs) are emerging as the keystone of 5G network architectures: flexibility, agility, fast instantiation times, consolidation, Commercial Off The Shelf (COTS) hardware support and significant cost savings are fundamental for meeting the requirements of the new generation of mobile networks. In this paper we deal with the management of the virtual computing resources for the execution of Micro VNFs. This functionality is performed by the Virtual Infrastructure Manager (VIM) in the NFV MANagement and Orchestration (MANO) reference architecture. We discuss the VIM instantiation process and propose a generic reference model, starting from the analysis of two Open Source VIMs, namely OpenStack Nova and Nomad. We implemented a tuned version of the VIMs with the specific goal of reducing the duration of the instantiation process. We realized a performance comparison of the two VIMs, both considering the plain and the tuned versions. The tuned VIMs and the performance evaluation tools that we have employed are provided openly and can be downloaded from our repository.
Singularity: The Inner Workings of Securely Running User Containers on HPC Sy...inside-BigData.com
“Singularity is an open source container solution being developed specifically for HPC environments. With Singularity, HPC users can safely bring their own execution environments to the cluster. Unlike other container solutions,Singularity does not require root level permissions to run containers, which allows users to freely control what software stack they wish to use.Provisioning of a container image can be done locally on the user’s machine or on Singularity Hub. The resulting image can then be securely executed on any machine with Singularity installed. Reproduction of results has never been easier: a user can now share a single Singularity image file that will ensure a consistent execution environment wherever it is run.
This presentation will provide an in-depth look at how Singularity is able to securely run user containers on HPC systems. After a brief introduction to Singularity and its relationship to other container solutions, the details of Singularity’s runtime will be explored. The way that Singularity leverages Linux features such as namespaces, bind mounts, and SUID binaries will be discussed in further detail as well.”
Similar to Usenix security10-rump session-suzaki (20)
ACSAC2020 "Return-Oriented IoT" by Kuniyasu SuzakiKuniyasu Suzaki
Side of "Reboot-Oriented IoT: Life Cycle Management in Trusted Execution Environment for Disposable IoT devices" ACSAC (Annual Computer Security Applications Conference) 2020
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kuniyasu Suzaki
IWSEC2014(The 9th International Workshop on Security 弘前) で"Kernel Memory Protection by an Insertable Hypervisor which has VM Introspection and Stealth Breakpoints"
USENIX OSDI 2012 Poster "Nested Virtual Machines and Proxies for Easily Implementable Rollback of Secure Communication" by Kuniyasu Suzaki, Kengo Iijima, Akira Tanaka, and Yutaka Oiwa, AIST: National Institute of Advanced Industrial Science and Technology; Etsuya Shibayama, The University of Tokyo
1. Security on Memory Deduplication
(of IaaS cloud Computing)
Kuniyasu Suzaki, T hiki Y i K
K i S ki Toshiki Yagi, Kengo Iiji
Iijima, N
Nguyen Anh Quynh, C ill A th
A hQ h Cyrille Artho
Research Center of Information Security
National Institute of Advanced Industrial Science and Technology
2. Memory Deduplication
• Technique to share same content pages.
• Reduce consumption of physical memory.
– It is very effective, when same guest OS runs on several VMs.
• On Virtual Machine Monitor
– Disco[OSDI97] has Transparent Page Sharing
– VMWare ESX has Content-Based Page Sharing [SOSP02]
– Xen has Satori[USENIX09] and Differential Engine[OSDI08]
• On Kernel
Guest Physical Memory
– Linux has KSM (Kernel Samepage Merging) VM1 VM2 VM(n)
from 2.6.32 [LinuxSymp09]
• Memory of Process(es) are deduplicated
• KVM uses this mechanism
Kuniyasu Suzaki USENIX Security 2010 Rump Session
Real Physical Memory
3. Memory Deduplication strengthens OS
• Encourage to translate from dynamic-link to self-contained binary,
because memory redundancy is shrunk by deduplication.
– It mitigates some security problems caused by logical sharing:
Search Path Replacement Attack, GOT (Global Offset Table)
overwrite attack, Dependency Hell, Etc.
p y
• “Moving from Logical Sharing of Guest OS to Physical Sharing
of Deduplication on Virtual Machine” [HotSec10] [USENIX
Security10 Poster]
• In this rump session, I want to talk
“Memory Deduplication has security problems”.
Kuniyasu Suzaki USENIX Security 2010 Rump Session
4. Memory Peeking between VMs
• When a write access is issued to a deduplicated page on a
VM, a physical copy of the page is created. (CopyOnWrite)
– It causes time difference between deduplicated and non-
deduplicated page.
• Attacker VM detects existence of a certain page on
neighbor VMs.
• We developed methods of memory peeking on a VM.
• It is a kind of Cross VM Side Channel Attack [CCS09]
– [CCS09] used CPU Cache which is shared by VMs
Kuniyasu Suzaki USENIX Security 2010 Rump Session
5. Problem for Attackers & us :-)
• Exact match of 4KB page
– 4KB is too large
• Attacker has to prepare the same 4KB page
• Difficult for key Exposure
• Attacker can not decide which VM has the same page,
page
when many VMs run.
– [CCS09] can decide VM which is shared by Cache.
Guest Physical Memory
VM1 VM2 VM(n)
• Threat Model is weak?
Kuniyasu Suzaki USENIX Security 2010 Rump Session Real Physical Memory
6. Should we use memory peeking for
defense on Multi-tenant Cloud Computing?
• The memory peeking does not requires any penetration
on a target VM. It only measures the own memory access.
• It is used for
– Detecting un-secure applications on VMs.
g pp
– Detecting illegal downloads.
• Merit: It does not care cryptographic communication.
– Detecting … Guest Physical Memory
VM1 VM2 VM(n)
Kuniyasu Suzaki USENIX Security 2010 Rump Session Real Physical Memory
7. Please tell me
• Strong Threat Model for memory deduplication (4KB)
• Practical Usage of memory peeking for Defense
• Contact:
– E-mail: k.suzaki@aist.go.jp
– Twitter: @KuniSuzaki
– Slide: http://www.slideshare.net/suzaki Guest Physical Memory
VM1 VM2 VM(n)
Kuniyasu Suzaki USENIX Security 2010 Rump Session Real Physical Memory