When virtual is better than real When virtual is better than real - - PowerPoint PPT Presentation

when virtual is better than real when virtual is better
SMART_READER_LITE
LIVE PREVIEW

When virtual is better than real When virtual is better than real - - PowerPoint PPT Presentation

Jun 09, 2023 166 likes •319 views

When virtual is better than real When virtual is better than real Peter M. Chen Peter M. Chen Brian D. Noble Brian D. Noble University of Michigan University of Michigan Standard system architecture Standard system architecture

slide-1
SLIDE 1

When virtual is better than real When virtual is better than real

Peter M. Chen Peter M. Chen Brian D. Noble Brian D. Noble University of Michigan University of Michigan

slide-2
SLIDE 2

Peter M. Chen and Brian D. Noble When virtual is better than real 2 of 14

Standard system architecture Standard system architecture

host machine

administrative tools

host operating system

application application application

slide-3
SLIDE 3

Peter M. Chen and Brian D. Noble When virtual is better than real 3 of 14

Virtual Virtual-

  • machine system

machine system architecture architecture

host machine

host operating system virtual machine monitor

administrative tools

guest operating system

application application application

+ services + services

slide-4
SLIDE 4

Peter M. Chen and Brian D. Noble When virtual is better than real 4 of 14

Benefits Benefits

Services are protected from applications and

guest operating system

Services work for multiple OS versions and

vendors

Services benefit from unique abilities of virtual

machines

  • e.g. create temporary virtual machines
  • e.g. communicate quickly to host
  • e.g. move virtual-machine state across network
  • e.g. encrypt virtual-machine state
slide-5
SLIDE 5

Peter M. Chen and Brian D. Noble When virtual is better than real 5 of 14

Challenges Challenges

Overhead of running applications in virtual machine Semantic gap between events in guest OS and

events in virtual machine

Are there useful services that can work at virtual-

machine level?

  • some services don’t need to know about guest OS

abstractions

  • some services can reconstruct semantic information

common to “all” guest OSs

slide-6
SLIDE 6

Peter M. Chen and Brian D. Noble When virtual is better than real 6 of 14

Secure logging Secure logging

Current systems log interesting events (e.g. logins)

  • vulnerable to OS compromise
  • may not anticipate relevant events

Apply fault-tolerance techniques to log and replay

complete execution of virtual machine

Analyze any intrusion to arbitrary level of detail,

even after point of OS compromise

disable syslog replace OS plant Trojan horse steal credit cards attack other machines etc., etc. gain access

slide-7
SLIDE 7

Peter M. Chen and Brian D. Noble When virtual is better than real 7 of 14

Reducing log traffic Reducing log traffic

  • Only log non-deterministic events
  • human input
  • interrupts
  • network messages
  • Messages from cooperating hosts can be re-

created instead of logged

  • remember message order
  • safely identify cooperating hosts
  • If all hosts on LAN cooperate, only need to log

incoming network traffic (at gateway)

slide-8
SLIDE 8

Peter M. Chen and Brian D. Noble When virtual is better than real 8 of 14

Intrusion prevention Intrusion prevention

Current systems block suspicious events before

they compromise system

  • accuracy limited by fuzzy definition of “suspicious”

Create disposable clone of the virtual machine, use

clone to measure actual effect of suspicious event

Enables destructive tests Open questions

  • semantic gap: VM detects OS-level effect?
  • what does original VM do while clone is testing

event?

slide-9
SLIDE 9

Peter M. Chen and Brian D. Noble When virtual is better than real 9 of 14

Intrusion detection Intrusion detection

Current detectors look for signs that system has

been compromised

  • network-based detectors only see network packets
  • host-based detectors vulnerable to OS compromise

Virtual-machine intrusion detector

  • monitor complete set of system events (CPU,

memory, disk, keyboard, network)

  • monitoring continues even if OS is compromised

Semantic gap: how to understand system events

without re-implementing guest OS?

slide-10
SLIDE 10

Peter M. Chen and Brian D. Noble When virtual is better than real 10 of 14

Environment migration Environment migration

Lots of ways to migrate state: thin clients,

distributed FS, process migration, carry laptop

  • intolerant of latency
  • residual dependencies
  • require user intervention/management

Virtual machines can encapsulate and move complete

state of running computer

  • no OS changes
  • nothing to carry (or lose)
  • utilize remote computing resources
slide-11
SLIDE 11

Peter M. Chen and Brian D. Noble When virtual is better than real 11 of 14

Migrating Migrating quickly quickly

Machine state can be very large: memory+disk Take advantage of sequential sharing patterns

  • logically one machine; no concurrent sharing of state
  • exploit pattern via DFS, shared memory techniques

Not all state is needed right away

  • memory and disk working set size is visible
  • may successfully predict immediate needs

Requires crossing the semantic gap

  • disk gaps are easy; physical blocks rarely remapped
  • memory is often remapped, via virtualized hardware
slide-12
SLIDE 12

Peter M. Chen and Brian D. Noble When virtual is better than real 12 of 14

Other Other uses uses of

  • f encapsulation

encapsulation

Fast migration depends on ability to do two things

  • encapsulate the entire state of a machine
  • identify critical state that will be needed soon

Other potential uses for encapsulation

  • machine cloning for destructive hypothesis testing
  • encrypting entire machine state for arbitrary Oses

Current encryption systems one-shot, incomplete

  • file system, swap space, secure RPC, …

Can use encapsulation to guarantee all state

  • suspend virtual machine to (encrypted) disk
  • capture all network traffic below level of OS
slide-13
SLIDE 13

Peter M. Chen and Brian D. Noble When virtual is better than real 13 of 14

Alternatives Alternatives

Add service to monolithic OS

  • trusts entire OS to be secure
  • trusts entire OS to be crash-proof

Re-structure OS into isolated layers

  • requires OS modifications
  • similar tradeoffs to VM-based services:

performance, semantic gap

Language-level virtual machines

  • limited to applications written in specific languages
slide-14
SLIDE 14

Peter M. Chen and Brian D. Noble When virtual is better than real 14 of 14

Conclusions Conclusions

Virtual-machine services have interesting

potential ...

  • portable across different OSs
  • work despite OS compromise
  • clone, encrypt, transport state of entire computer

... and raise plenty of open questions

  • performance penalty
  • semantic gap