|
 ABSTRACT
This paper describes the Denali isolation kernel, an operating system architecture that safely multiplexes a large number of untrusted Internet services on shared hardware. Denali's goal is to allow new Internet services to be "pushed" into third party infrastructure, relieving Internet service authors from the burden of acquiring and maintaining physical infrastructure. Our isolation kernel exposes a virtual machine abstraction, but unlike conventional virtual machine monitors, Denali does not attempt to emulate the underlying physical architecture precisely, and instead modifies the virtual architecture to gain scale, performance, and simplicity of implementation. In this paper, we first discuss design principles of isolation kernels, and then we describe the design and implementation of Denali. Following this, we present a detailed evaluation of Denali, demonstrating that the overhead of virtualization is small, that our architectural choices are warranted, and that we can successfully scale to more than 10,000 virtual machines on commodity hardware.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
M. Accetta et al. Mach: A new kernel foundation for UNIX development. In Proceedings of the USENIX Summer Conference, 1986.
|
| |
2
|
Collaborative advanced interagency research network (cairn). http://www.cairn.net, 1997.
|
| |
3
|
D. Balfanz and D. R. Simon. Windowbox: A simple security model for the connected desktop. In Proceedings of the 4th USENIX Windows Systems Symposium, August 2000.
|
| |
4
|
|
| |
5
|
L. Breslau et al. Web caching, and Zipf-like distributions: Evidence, and implications, Mar 1999.
|
 |
6
|
|
| |
7
|
|
| |
8
|
Andy Chou , Junfeng Yang , Benjamin Chelf , Seth Hallem , Dawson Engler, An empirical study of operating systems errors, Proceedings of the eighteenth ACM symposium on Operating systems principles, October 21-24, 2001, Banff, Alberta, Canada
|
| |
9
|
R. J. Creasy. The origin of the VM/370 time-sharing system. IBM Journal of Research and Development, 25(5), 1981.
|
| |
10
|
Richard P. Draves , Brian N. Bershad , Richard F. Rashid , Randall W. Dean, Using continuations to implement thread management and communication in operating systems, Proceedings of the thirteenth ACM symposium on Operating systems principles, p.122-136, October 13-16, 1991, Pacific Grove, California, United States
|
| |
11
|
|
| |
12
|
D. Ely, S. Savage, and D. Wetherall. Alpine: A user-level infrastructure for network protocol development. In Proceedings of the Third USENIX Symposium on Internet Technologies and Systems (USITS '01), March, 2001.
|
| |
13
|
Bryan Ford , Mike Hibler , Jay Lepreau , Patrick Tullmann , Godmar Back , Stephen Clawson, Microkernels meet recursive virtual machines, Proceedings of the second USENIX symposium on Operating systems design and implementation, p.137-151, October 29-November 01, 1996, Seattle, Washington, United States
|
| |
14
|
Bryan Ford , Godmar Back , Greg Benson , Jay Lepreau , Albert Lin , Olin Shivers, The Flux OSKit: a substrate for kernel and language research, Proceedings of the sixteenth ACM symposium on Operating systems principles, p.38-51, October 05-08, 1997, Saint Malo, France
|
| |
15
|
A. F. Forin, D. B. Golub, and B. N. Bershad. An I/O system for Mach. In Proceedings of the Usenix Mach Symposium (MACHNIX), Nov 1991.
|
| |
16
|
I. Goldberg, D. Wagner, R. Thomas, and E. A. Brewer. A secure environment for untrusted helper applications. In Proceedings of the sixth USENIX Security Symposium, July 1996.
|
| |
17
|
R. P. Goldberg. Architectural Principles for Virtual Computer Systems. PhD thesis, Harvard University, 1972.
|
| |
18
|
|
| |
19
|
Robert S. Gray. Agent Tcl: A Flexible and Secure Mobile-Agent System. In Proceedings of the Fourth Annual Usenix Tcl/Tk Workshop, 1996.
|
| |
20
|
M. Frans Kaashoek , Dawson R. Engler , Gregory R. Ganger , Hector M. Briceño , Russell Hunt , David Mazières , Thomas Pinckney , Robert Grimm , John Jannotti , Kenneth Mackenzie, Application performance and flexibility on exokernel systems, Proceedings of the sixteenth ACM symposium on Operating systems principles, p.52-65, October 05-08, 1997, Saint Malo, France
|
| |
21
|
|
| |
22
|
|
| |
23
|
I. Leslie et al. The design and implementation of an operating system to support distributed multimedia applications. IEEE Journal of Selected Areas in Communications, 14(7), 1996.
|
| |
24
|
R. Meushaw and D. Simard. NetTop: Commercial technology in high assurance applications. http://www.vmware.com/, 2000.
|
| |
25
|
V. Paxson, J. Mahdavi, A. Adams, and M. Mathis. An architecture for large-scale Internet measurement. IEEE Communications Magazine, 36(8):48--54, August 1998.
|
| |
26
|
J. Reumann et al. Virtual services: A new abstraction for server consolidation. In Proceedings of the 2000 USENIX Annual Technical Conference, San Diego, USA, June 2000.
|
| |
27
|
J. S. Robin and C. E. Irvine. Analysis of the Intel Pentium's ability to support a secure virtual machine monitor. In Proceedings of the 9th USENIX Security Symposium, Denver, CO, August 2000.
|
| |
28
|
|
| |
29
|
J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9), 1975.
|
| |
30
|
Ion Stoica , Robert Morris , David Karger , M. Frans Kaashoek , Hari Balakrishnan, Chord: A scalable peer-to-peer lookup service for internet applications, Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, p.149-160, August 2001, San Diego, California, United States
|
| |
31
|
|
| |
32
|
Michael M. Swift , Peter Brundrett , Cliff Van Dyke , Praerit Garg , Anne Hopkins , Shannon Chan , Mario Goertzel , Gregory Jensenworth, Improving the granularity of access control in Windows NT, Proceedings of the sixth ACM symposium on Access control models and technologies, p.87-96, May 2001, Chantilly, Virginia, United States
[doi> 10.1145/373256.373271]
|
| |
33
|
Dan S. Wallach , Dirk Balfanz , Drew Dean , Edward W. Felten, Extensible security architectures for Java, Proceedings of the sixteenth ACM symposium on Operating systems principles, p.116-128, October 05-08, 1997, Saint Malo, France
|
| |
34
|
A. Wolman et al. Organization-based analysis of web-object sharing and caching. In Proceedings of the 2nd USENIX Conference on Internet Technologies and Systems (USITS '99), Boulder, CO, Oct 1999.
|
CITED BY 42
|
|
Jeanna Neefe Matthews , Wenjin Hu , Madhujith Hapuarachchi , Todd Deshane , Demetrios Dimatos , Gary Hamilton , Michael McCabe, Quantifying the performance isolation properties of virtualization systems, Experimental computer science on Experimental computer science, p.5-5, June 13-14, 2007, San Diego
|
|
|
|
|
|
Jeanna Neefe Matthews , Wenjin Hu , Madhujith Hapuarachchi , Todd Deshane , Demetrios Dimatos , Gary Hamilton , Michael McCabe , James Owens, Quantifying the performance isolation properties of virtualization systems, Proceedings of the 2007 workshop on Experimental computer science, p.6-es, June 13-14, 2007, San Diego, California
|
|
|
|
|
|
Mahesh Kallahalla , Mustafa Uysal , Ram Swaminathan , David E. Lowell , Mike Wray , Tom Christian , Nigel Edwards , Chris I. Dalton , Frederic Gittler, SoftUDC: A Software-Based Data Center for Utility Computing, Computer, v.37 n.11, p.38-46, November 2004
|
|
|
|
|
|
Rich Uhlig , Gil Neiger , Dion Rodgers , Amy L. Santoni , Fernando C. M. Martins , Andrew V. Anderson , Steven M. Bennett , Alain Kagi , Felix H. Leung , Larry Smith, Intel Virtualization Technology, Computer, v.38 n.5, p.48-56, May 2005
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Tal Garfinkel , Keith Adams , Andrew Warfield , Jason Franklin, Compatibility is not transparency: VMM detection myths and realities, Proceedings of the 11th USENIX workshop on Hot topics in operating systems, p.1-6, May 07-09, 2007, San Diego, CA
|
|
|
|
|
|
|
|
|
Aravind Menon , Jose Renato Santos , Yoshio Turner , G. (John) Janakiraman , Willy Zwaenepoel, Diagnosing performance overheads in the xen virtual machine environment, Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments, June 11-12, 2005, Chicago, IL, USA
|
|
|
|
|
|
Brent Chun , David Culler , Timothy Roscoe , Andy Bavier , Larry Peterson , Mike Wawrzoniak , Mic Bowman, PlanetLab: an overlay testbed for broad-coverage services, ACM SIGCOMM Computer Communication Review, v.33 n.3, July 2003
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Bowen Alpern , Joshua Auerbach , Vasanth Bala , Thomas Frauenhofer , Todd Mummert , Michael Pigott, PDS: a virtual execution environment for software deployment, Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments, June 11-12, 2005, Chicago, IL, USA
|
|
|
|
|
|
|
|
|
Maxwell Krohn , Alexander Yip , Micah Brodsky , Natan Cliffer , M. Frans Kaashoek , Eddie Kohler , Robert Morris, Information flow control for standard OS abstractions, ACM SIGOPS Operating Systems Review, v.41 n.6, December 2007
|
|
|
Wei Huang , Jiuxing Liu , Matthew Koop , Bulent Abali , Dhabaleswar Panda, Nomad: migrating OS-bypass networks in virtual machines, Proceedings of the 3rd international conference on Virtual execution environments, June 13-15, 2007, San Diego, California, USA
|
|
|
|
|
|
Michael Vrable , Justin Ma , Jay Chen , David Moore , Erik Vandekieft , Alex C. Snoeren , Geoffrey M. Voelker , Stefan Savage, Scalability, fidelity, and containment in the potemkin virtual honeyfarm, ACM SIGOPS Operating Systems Review, v.39 n.5, December 2005
|
|
|
Lei Gao , Mike Dahlin , Amol Nayate , Jiandan Zheng , Arun Iyengar, Application specific data replication for edge services, Proceedings of the 12th international conference on World Wide Web, May 20-24, 2003, Budapest, Hungary
|
|
|
Yuting Zhang , Azer Bestavros , Mina Guirguis , Ibrahim Matta , Richard West, Friendly virtual machines: leveraging a feedback-control model for application adaptation, Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments, June 11-12, 2005, Chicago, IL, USA
|
|
|
|
|
|
|
|
|
|
|
|
Sriram Govindan , Arjun R. Nath , Amitayu Das , Bhuvan Urgaonkar , Anand Sivasubramaniam, Xen and co.: communication-aware CPU scheduling for consolidated xen-based hosting platforms, Proceedings of the 3rd international conference on Virtual execution environments, June 13-15, 2007, San Diego, California, USA
|
|
|
Petros Efstathopoulos , Maxwell Krohn , Steve VanDeBogart , Cliff Frey , David Ziegler , Eddie Kohler , David Mazières , Frans Kaashoek , Robert Morris, Labels and event processes in the asbestos operating system, ACM SIGOPS Operating Systems Review, v.39 n.5, December 2005
|
|
|
|
|
|
Steve Vandebogart , Petros Efstathopoulos , Eddie Kohler , Maxwell Krohn , Cliff Frey , David Ziegler , Frans Kaashoek , Robert Morris , David Mazières, Labels and event processes in the Asbestos operating system, ACM Transactions on Computer Systems (TOCS), v.25 n.4, p.11-es, December 2007
|
|
|
Tal Garfinkel , Ben Pfaff , Jim Chow , Mendel Rosenblum , Dan Boneh, Terra: a virtual machine-based platform for trusted computing, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
|
|
|
|
|
|
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
