research-article

Open access

VirtuOS: an operating system with kernel virtualization

Authors:

Ruslan Nikolaev,

Godmar BackAuthors Info & Claims

SOSP '13: Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles

Pages 116 - 132

https://doi.org/10.1145/2517349.2522719

Published: 03 November 2013 Publication History

Abstract

Most operating systems provide protection and isolation to user processes, but not to critical system components such as device drivers or other system code. Consequently, failures in these components often lead to system failures. VirtuOS is an operating system that exploits a new method of decomposition to protect against such failures. VirtuOS exploits virtualization to isolate and protect vertical slices of existing OS kernels in separate service domains. Each service domain represents a partition of an existing kernel, which implements a subset of that kernel's functionality. Unlike competing solutions that merely isolate device drivers, or cannot protect from malicious and vulnerable code, VirtuOS provides full protection of isolated system components. VirtuOS's user library dispatches system calls directly to service domains using an exceptionless system call model, avoiding the cost of a system call trap in many cases.

We have implemented a prototype based on the Linux kernel and Xen hypervisor. We demonstrate the viability of our approach by creating and evaluating a network and a storage service domain. Our prototype can survive the failure of individual service domains while outperforming alternative approaches such as isolated driver domains and even exceeding the performance of native Linux for some multithreaded workloads. Thus, VirtuOS may provide a suitable basis for kernel decomposition while retaining compatibility with existing applications and good performance.

Supplementary Material

MP4 File (d1-08-ruslan-nikolaev.mp4)

Download
1120.07 MB

References

[1]

TTCP tool. http://www.netcore.fi/pekkas/linux/ipv6/ttcp.c, 2007.

[2]

Kernel Asynchronous I/O (AIO). http://lse.sourceforge.net/io/aio.html, 2012.

[3]

uClibc C libary. http://uclibc.org/, 2012.

[4]

LMbench -- Tools for Performance Analysis. http://lmbench.sourceforge.net/, 2013.

[5]

SysBench 0.4.12 -- A System Performance Benchmark. http://sysbench.sourceforge.net/, 2013.

[6]

M. Accetta, R. Baron, W. Bolosky, D. Golub, R. Rashid, A. Tevanian, and M. Young. Mach: A new kernel foundation for UNIX development. In Proceedings of the 1986 Summer USENIX Conference, pages 93--112, 1986.

[7]

T. Ball, E. Bounimova, B. Cook, V. Levin, J. Lichtenberg, C. McGarvey, B. Ondrusek, S. K. Rajamani, and A. Ustuner. Thorough static analysis of device drivers. In Proceedings of the 1st ACM SIGOPS European Conference on Computer Systems, EuroSys'06, pages 73--85, Leuven, Belgium, 2006.

Digital Library

[8]

P. Barham, B. Dragovic, K. Fraser, and et al. Xen and the art of virtualization. In Proceedings of the 19th ACM Symposium on Operating Systems Principles, SOSP'03, pages 164--177, Bolton Landing, NY, USA, 2003.

Digital Library

[9]

S. Boyd-Wickizer, H. Chen, R. Chen, Y. Mao, F. Kaashoek, R. Morris, A. Pesterev, L. Stein, M. Wu, Y. Dai, Y. Zhang, and Z. Zhang. Corey: an operating system for many cores. In Proceedings of the 8th USENIX Symposium on Operating Systems Design & Implementation, OSDI'08, pages 43--57, San Diego, CA, 2008.

Digital Library

[10]

S. Boyd-Wickizer and N. Zeldovich. Tolerating malicious device drivers in Linux. In Proceedings of the 2010 USENIX Annual Technical Conference, ATC'10, pages 117--130, Boston, MA, USA, 2010.

Digital Library

[11]

A. Burtsev, K. Srinivasan, P. Radhakrishnan, L. N. Bairavasundaram, K. Voruganti, and G. R. Goodson. Fido: fast inter-virtual-machine communication for enterprise appliances. In Proceedings of the 2009 USENIX Annual Technical Conference, ATC'09, pages 313--326, San Diego, CA, USA, 2009.

Digital Library

[12]

T. Bushnell. Towards a new strategy for OS design, 1996. http://www.gnu.org/software/hurd/hurd-paper.html.

[13]

G. Candea, S. Kawamoto, Y. Fujiki, G. Friedman, and A. Fox. Microreboot -- a technique for cheap recovery. In Proceedings of the 6th USENIX Symposium on Operating Systems Design & Implementation, OSDI'04, pages 31--44, San Francisco, CA, USA, 2004.

Digital Library

[14]

P. Colp, M. Nanavati, J. Zhu, W. Aiello, G. Coker, T. Deegan, P. Loscocco, and A. Warfield. Breaking up is hard to do: security and functionality in a commodity hypervisor. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles, SOSP'11, pages 189--202, Cascais, Portugal, 2011.

Digital Library

[15]

F. M. David, E. M. Chan, J. C. Carlyle, and R. H. Campbell. CuriOS: improving reliability through operating system structure. In Proceedings of the 8th USENIX Symposium on Operating Systems Design & Implementation, OSDI'08, pages 59--72, San Diego, CA, USA, 2008.

Digital Library

[16]

U. Drepper and I. Molnar. The native POSIX thread library for Linux, 2005. http://www.akkadia.org/drepper/nptl-design.pdf.

[17]

D. Engler, D. Y. Chen, S. Hallem, A. Chou, and B. Chelf. Bugs as deviant behavior: a general approach to inferring errors in systems code. In Proceedings of the 18th ACM Symposium on Operating Systems Principles, SOSP'01, pages 57--72, Banff, Alberta, Canada, 2001.

Digital Library

[18]

B. Ford, M. Hibler, J. Lepreau, P. Tullmann, G. Back, and S. Clawson. Microkernels meet recursive virtual machines. In Proceedings of the 2th USENIX Symposium on Operating Systems Design & Implementation, OSDI'96, pages 137--151, Seattle, WA, USA, 1996.

Digital Library

[19]

K. Fraser, H. Steven, R. Neugebauer, I. Pratt, A. Warfield, and M. Williamson. Safe hardware access with the Xen virtual machine monitor. In Proceedings of the 1st Workshop on Operating System and Architectural Support for the on-demand IT InfraStructure, OASIS'04, 2004.

[20]

A. Ganapathi, V. Ganapathi, and D. Patterson. Windows XP kernel crash analysis. In Proceedings of the 20th Conference on Large Installation System Administration, LISA '06, pages 149--159, Washington, DC, USA, 2006.

Digital Library

[21]

V. Ganapathy, M. J. Renzelmann, A. Balakrishnan, M. M. Swift, and S. Jha. The design and implementation of microdrivers. In Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS'13, pages 168--178, Seattle, WA, USA, 2008.

Digital Library

[22]

A. Gefflaut, T. Jaeger, Y. Park, J. Liedtke, K. Elphinstone, V. Uhlig, J. E. Tidswell, L. Deller, and L. Reuther. The SawMill multiserver approach. In Proceedings of the 9th ACM SIGOPS European Workshop, pages 109--114, Kolding Denmark, 2000.

Digital Library

[23]

K. Glerum, K. Kinshumann, S. Greenberg, G. Aul, V. Orgovan, G. Nichols, D. Grant, G. Loihle, and G. Hunt. Debugging in the (very) large: ten years of implementation and experience. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles, SOSP '09, pages 103--116, Big Sky, MT, USA, 2009.

Digital Library

[24]

S. Hand, A. Warfield, K. Fraser, E. Kotsovinos, and D. Magenheimer. Are virtual machine monitors microkernels done right? In Proceedings of the 10th Workshop on Hot Topics in Operating Systems, HOTOS'05, Santa Fe, NM, 2005.

Digital Library

[25]

H. Härtig, M. Hohmuth, J. Liedtke, J. Wolter, and S. Schönberg. The performance of μ-kernel-based systems. In Proceedings of the 16th ACM Symposium on Operating Systems Principles, SOSP'97, pages 66--77, Saint Malo, France, 1997.

Digital Library

[26]

G. Heiser, V. Uhlig, and J. LeVasseur. Are virtual-machine monitors microkernels done right? SIGOPS Operating Systems Review, 40(1):95--99, Jan. 2006.

Digital Library

[27]

J. Helander. Unix under Mach: The Lites Server. Master's thesis, Helsinki University of Technology, 1994.

[28]

J. Herder, D. Moolenbroek, R. Appuswamy, B. Wu, B. Gras, and A. Tanenbaum. Dealing with driver failures in the storage stack. In Proceedings of the 4th Latin-American Symposium on Dependable Computing, LADC'09, pages 119--126, Joao Pessoa, Brazil, 2009.

Digital Library

[29]

J. N. Herder, H. Bos, B. Gras, P. Homburg, and A. S. Tanenbaum. The architecture of a fault-resilient operating system. In Proceedings of 12th ASCI Conference, ASCI'06, pages 74--81, Lommel, Belgium, 2006.

[30]

M. Herlihy and N. Shavit. The Art of Multiprocessor Programming. Morgan Kaufmann Publishers Inc., San Francisco, CA, USA, 2008.

Digital Library

[31]

A. Kadav, M. J. Renzelmann, and M. M. Swift. Tolerating hardware device failures in software. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles, SOSP'09, pages 59--72, Big Sky, MT, USA, 2009.

Digital Library

[32]

A. Kadav, M. J. Renzelmann, and M. M. Swift. Fine-grained fault tolerance using device check-points. In Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS'13, pages 473--484, Houston, Texas, USA, 2013.

Digital Library

[33]

A. R. Karlin, K. Li, M. S. Manasse, and S. Owicki. Empirical studies of competitive spinning for a shared-memory multiprocessor. In Proceedings of the 13th ACM Symposium on Operating Systems Principles, SOSP'91, pages 41--55, Pacific Grove, CA, USA, 1991.

Digital Library

[34]

B. Leslie, P. Chubb, N. Fitzroy-Dale, S. Gotz, C. Gray, L. Macpherson, D. Potts, Y. R. Shen, K. Elphinstone, and G. Heiser. Userlevel device drivers: Achieved performance. Journal of Computer Science and Technology, 20(5):654--664, Sept. 2005.

[35]

J. LeVasseur, V. Uhlig, J. Stoess, and S. Götz. Unmodified device driver reuse and improved system dependability via virtual machines. In Proceedings of the 6th USENIX Symposium on Operating Systems Design & Implementation, OSDI'04, pages 17--30, San Francisco, CA, USA, 2004.

Digital Library

[36]

J. Liedtke. Improving IPC by kernel design. In Proceedings of the 14th ACM Symposium on Operating Systems Principles, SOSP'93, pages 175--188, Asheville, NC, USA, 1993.

Digital Library

[37]

J. Liedtke. On micro-kernel construction. In Proceedings of the 15th ACM Symposium on Operating Systems Principles, SOSP'95, pages 237--250, Copper Mountain, CO, USA, 1995.

Digital Library

[38]

A. Menon, J. R. Santos, Y. Turner, G. J. Janakiraman, and W. Zwaenepoel. Diagnosing performance overheads in the Xen virtual machine environment. In Proceedings of the 1st ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'05, pages 13--23, Chicago, IL, USA, 2005.

Digital Library

[39]

F. Mérillon, L. Réveillère, C. Consel, R. Marlet, and G. Muller. Devil: an IDL for hardware programming. In Proceedings of the 4th USENIX Symposium on Operating Systems Design & Implementation, OSDI'00, pages 17--30, San Diego, CA, USA, 2000.

Digital Library

[40]

M. M. Michael and M. L. Scott. Simple, fast, and practical non-blocking and blocking concurrent queue algorithms. In Proceedings of the 15th Annual ACM Symposium on Principles of Distributed Computing, PODC'96, pages 267--275, Philadelphia, PA, USA, 1996.

Digital Library

[41]

B. Murphy. Automating software failure reporting. Queue, 2(8):42--48, Nov. 2004.

Digital Library

[42]

R. Nikolaev and G. Back. Perfctr-Xen: a framework for performance counter virtualization. In Proceedings of the 7th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'11, pages 15--26, Newport Beach, CA, USA, 2011.

Digital Library

[43]

H. Raj and K. Schwan. High performance and scalable I/O virtualization via self-virtualized devices. In Proceedings of the 16th International Symposium on High Performance Distributed Computing, HPDC'07, pages 179--188, Monterey, CA, USA, 2007.

Digital Library

[44]

M. J. Renzelmann and M. M. Swift. Decaf: moving device drivers to a modern language. In Proceedings of the 2009 USENIX Annual Technical Conference, ATC'09, pages 187--200, San Diego, CA, USA, 2009.

Digital Library

[45]

J. S. Robin and C. E. Irvine. Analysis of the Intel Pentium's ability to support a secure virtual machine monitor. In Proceedings of the 9th USENIX Security Symposium, pages 129--144, 2000.

Digital Library

[46]

L. Ryzhyk, P. Chubb, I. Kuz, and G. Heiser. Dingo: taming device drivers. In Proceedings of the 4th ACM European Conference on Computer systems, EuroSys'09, pages 275--288, Nuremberg, Germany, 2009.

Digital Library

[47]

J. R. Santos, Y. Turner, G. Janakiraman, and I. Pratt. Bridging the gap between software and hardware techniques for I/O virtualization. In Proceedings of the 2008 USENIX Annual Technical Conference, ATC'08, pages 29--42, Boston, Massachusetts, 2008.

Digital Library

[48]

L. Soares and M. Stumm. FlexSC: flexible system call scheduling with exception-less system calls. In Proceedings of the 9th USENIX Symposium on Operating Systems Design & Implementation, OSDI'10, pages 1--8, Vancouver, BC, Canada, 2010.

Digital Library

[49]

L. Soares and M. Stumm. Exception-less system calls for event-driven servers. In Proceedings of the 2011 USENIX Annual Technical Conference, ATC'11, pages 131--144, Portland, OR, 2011.

Digital Library

[50]

J. M. Stevenson and D. P. Julin. Mach-US: UNIX on generic OS object servers. In Proceedings of the USENIX 1995 Technical Conference, TCON'95, pages 119--130, New Orleans, Louisiana, 1995.

Digital Library

[51]

M. M. Swift, B. N. Bershad, and H. M. Levy. Improving the reliability of commodity operating systems. In Proceedings of the 19th ACM Symposium on Operating Systems Principles, SOSP'03, pages 207--222, Bolton Landing, NY, USA, 2003.

Digital Library

[52]

R. K. Treiber. Systems Programming: Coping with Parallelism. Technical Report RJ 5118, IBM Almaden Research Center, Apr. 1986.

[53]

D. Wentzlaff and A. Agarwal. Factored operating systems (fos): the case for a scalable operating system for multicores. SIGOPS Operating Systems Review, 43(2):76--85, Apr. 2009.

Digital Library

[54]

A. Whitaker, M. Shaw, and S. D. Gribble. Scale and performance in the Denali isolation kernel. In Proceedings of the 5th USENIX Symposium on Operating Systems Design & Implementation, OSDI'02, pages 195--209, Boston, MA, USA, 2002.

Digital Library

[55]

J. Yang, C. Sar, and D. Engler. Explode: a lightweight, general system for finding serious storage system errors. In Proceedings of the 7th USENIX Symposium on Operating Systems Design & Implementation, OSDI'06, pages 131--146, Seattle, WA, USA, 2006.

Digital Library

[56]

A. Zhong, H. Jin, S. Wu, X. Shi, and W. Gen. Optimizing Xen hypervisor by using lock-aware scheduling. In Proceedings of the Second International Conference on Cloud and Green Computing, CGC'2012, pages 31--38, 2012.

Digital Library

[57]

F. Zhou, J. Condit, Z. Anderson, I. Bagrak, R. Ennals, M. Harren, G. Necula, and E. Brewer. SafeDrive: safe and recoverable extensions using language-based techniques. In Proceedings of the 7th USENIX Symposium on Operating Systems Design & Implementation, OSDI'06, pages 45--60, Seattle, WA, USA, 2006.

Digital Library

Cited By

Lim SPrasad THan XPasquier TFournaris APalmieri P(2024)SafeBPF: Hardware-assisted Defense-in-depth for eBPF Kernel ExtensionsProceedings of the 2024 on Cloud Computing Security Workshop10.1145/3689938.3694781(80-94)Online publication date: 19-Nov-2024
https://dl.acm.org/doi/10.1145/3689938.3694781
Jacobs AGülmez MAndries AVolckaert SVoulimeneas A(2024)System Call Interposition Without Compromise2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00030(183-194)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00030
Gouveia IGraczyk RVölp MEsteves-Verissimo P(2024)Efficient On-Chip ReplicationIEEE Access10.1109/ACCESS.2024.348401312(172581-172595)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3484013
Show More Cited By

Index Terms

VirtuOS: an operating system with kernel virtualization
1. General and reference
  1. Cross-computing tools and techniques
    1. Performance
    2. Reliability
2. Software and its engineering
  1. Software creation and management
    1. Designing software
  2. Software organization and properties
    1. Contextual software domains
      1. Operating systems
        Process management
    2. Extra-functional properties
      1. Software performance
      2. Software reliability

Recommendations

My VM is Lighter (and Safer) than your Container
SOSP '17: Proceedings of the 26th Symposium on Operating Systems Principles

Containers are in great demand because they are lightweight when compared to virtual machines. On the downside, containers offer weaker isolation than VMs, to the point where people run containers in virtual machines to achieve proper isolation. In this ...
Container-based operating system virtualization: a scalable, high-performance alternative to hypervisors
EuroSys '07: Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007

Hypervisors, popularized by Xen and VMware, are quickly becoming commodity. They are appropriate for many usage scenarios, but there are scenarios that require system virtualization with high degrees of both isolation and efficiency. Examples include ...
Transparently bridging semantic gap in CPU management for virtualized environments

Consolidated environments are progressively accommodating diverse and unpredictable workloads in conjunction with virtual desktop infrastructure and cloud computing. Unpredictable workloads, however, aggravate the semantic gap between the virtual ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SOSP '13: Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles

November 2013

498 pages

ISBN:9781450323888

DOI:10.1145/2517349

General Chair:
Michael Kaminsky
Intel Labs
,
Program Chair:
Mike Dahlin
Google and UT Austin

Copyright © 2013 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2013

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SOSP '13

Sponsor:

SIGOPS

SOSP '13: ACM SIGOPS 24th Symposium on Operating Systems Principles

November 3 - 6, 2013

Pennsylvania, Farminton

Acceptance Rates

Overall Acceptance Rate 174 of 961 submissions, 18%

Upcoming Conference

SOSP '25

Sponsor:
sigops

ACM SIGOPS 31st Symposium on Operating Systems Principles

October 13 - 16, 2025

Seoul , Republic of Korea

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

48
Total Citations
View Citations
5,244
Total Downloads

Downloads (Last 12 months)487
Downloads (Last 6 weeks)78

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Lim SPrasad THan XPasquier TFournaris APalmieri P(2024)SafeBPF: Hardware-assisted Defense-in-depth for eBPF Kernel ExtensionsProceedings of the 2024 on Cloud Computing Security Workshop10.1145/3689938.3694781(80-94)Online publication date: 19-Nov-2024
https://dl.acm.org/doi/10.1145/3689938.3694781
Jacobs AGülmez MAndries AVolckaert SVoulimeneas A(2024)System Call Interposition Without Compromise2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00030(183-194)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00030
Gouveia IGraczyk RVölp MEsteves-Verissimo P(2024)Efficient On-Chip ReplicationIEEE Access10.1109/ACCESS.2024.348401312(172581-172595)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3484013
Hong QLi JZhang WZhai L(2024)NanoHook: An Efficient System Call Hooking Technique with One-Byte InvasiveDependable Software Engineering. Theories, Tools, and Applications10.1007/978-981-96-0602-3_20(363-381)Online publication date: 25-Nov-2024
https://doi.org/10.1007/978-981-96-0602-3_20
Lim SHan XPasquier T(2023)Unleashing Unprivileged eBPF Potential with Dynamic SandboxingProceedings of the 1st Workshop on eBPF and Kernel Extensions10.1145/3609021.3609301(42-48)Online publication date: 10-Sep-2023
https://dl.acm.org/doi/10.1145/3609021.3609301
Lefeuvre HChisnall DKogias MOlivier PBaumann ACrooks NSchwarzkopf M(2023)Towards (Really) Safe and Fast Confidential I/OProceedings of the 19th Workshop on Hot Topics in Operating Systems10.1145/3593856.3595913(214-222)Online publication date: 22-Jun-2023
https://dl.acm.org/doi/10.1145/3593856.3595913
Fan SHua ZXia YChen HZang BSolihin YHeinrich M(2023)ISA-Grid: Architecture of Fine-grained Privilege Control for Instructions and RegistersProceedings of the 50th Annual International Symposium on Computer Architecture10.1145/3579371.3589050(1-15)Online publication date: 17-Jun-2023
https://dl.acm.org/doi/10.1145/3579371.3589050
Wu HChen YZhou YWang YZhang L(2023)DriverJar: Lightweight Device Driver Isolation for ARM2023 60th ACM/IEEE Design Automation Conference (DAC)10.1109/DAC56929.2023.10247974(1-6)Online publication date: 9-Jul-2023
https://doi.org/10.1109/DAC56929.2023.10247974
Lefeuvre HBădoiu VJung ATeodorescu SRauch SHuici FRaiciu COlivier PFalsafi BFerdman MLu SWenisch T(2022)FlexOS: towards flexible OS isolationProceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3503222.3507759(467-482)Online publication date: 28-Feb-2022
https://dl.acm.org/doi/10.1145/3503222.3507759
Mehrab ANikolaev RRavindran BBromberg YKermarrec AKozyrakis C(2022)KiteProceedings of the Seventeenth European Conference on Computer Systems10.1145/3492321.3519586(384-401)Online publication date: 28-Mar-2022
https://dl.acm.org/doi/10.1145/3492321.3519586
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten