|
The ADvanced Systems Laboratory (ADSL)
Overview
|
Introspective Virtual Machine Monitors
Virtual machine monitors (VMMs) are a natural target
environment for graybox techniques. In traditional VMM settings, the VMM has
little knowledge of what the OS above is doing, and thus is limited in what
types of functionality it can realize itself. With gray-box knowledge,
we show that novel and interesting services can be realized inside
VMMs.
- Antfarm: Tracking Processes in a Virtual Machine Environment
(USENIX '06) We develop an approach that
enables the VMM to efficiently and accurately track OS process creation,
deletion, and context switching. Doing so enables improvements in
performance (the VMM can then implement process-centric optimizations) as
well as security (hidden-process detection).
- Geiger: Monitoring the Buffer Cache in a Virtual Machine
Environment (ASPLOS '06) We show
how to develop VMM-level knowledge of buffer cache contents, which can be
utilized to build new VMM-level services. One resulting case study is a
working-set size estimator, which can accurately determine how much memory a
virtual machine requires, thus enabling major improvements in VMM resource
allocation.
- VMM-based Hidden Process Detection and Identification using
Lycosid (VEE '08) We take the idea
of hidden-process detection further, adding robust statistical testing, and
a new instruction patching technique to reliably detect security threats in
guest operating systems.
- Improving Virtualized Storage Performance with Sky (VEE '17)
Finally, we show how a VMM can observe system
calls in guest operating systems, and utilize such knowledge to improve
performance in myriad ways. One example is a smarter VMM-level cache that
exploits file size information to better decide which files should be kept
in cache, in some cases resulting in 8x performance improvements.
|
| |
|