CSR: Small: Split Virtual Machine Execution for Reliability and Security

CSR：小型：拆分虚拟机执行以实现可靠性和安全性

• 批准号: 1419869
• 负责人: Jakub Szefer
• 金额: $ 20.08万
• 依托单位: Yale University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2014
• 资助国家: 美国
• 起止时间: 2014-10-01 至 2017-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1419869&HistoricalAwards=false
• 关键词: CSR; Small; Split; Virtual; Machine

Data centers are the backbone of cloud computing, which has become an important computing paradigm due to its economic benefits. Reliability and security aspects of cloud computing, however, still need more investigation. In cloud computing, virtual machines (also called virtual servers or VMs) are one of the primary units of computation: customers lease VMs, each encapsulating an operating system and a customer's applications. In cloud computing data centers, many physical servers - each running hypervisor virtualization software - provide compute resources needed to run the virtual servers. In emergency situations like hardware failure or the security breach of a physical server, a VM needs to be immediately moved away from the affected physical server on which it is running. However, no single unaffected physical server may have the exact resources needed to run the VM at that exact instance in time. Meanwhile, two or more servers may collectively have the resources needed to run the VM. This project aims to allow a VM to be split so it can be run on two or more servers together in such a situation. This has promise of increasing the reliability, security and utilization of private, commercial and government cloud computing providers. This project will explore an innovative idea of Split-VM execution, a new technique that will allow for a VM to be broken up into smaller pieces and to continue executing as one, while the pieces are on different physical servers. A particular focus of the project will be on splitting a VM into two pieces and showing that such operation can be done transparently and efficiently. Issues of memory coherency and interrupt management among the split pieces of the VM residing on different physical severs will be addressed in this research as well. New protocols for synchronizing and controlling the two pieces of the VM will be developed so that the underlying virtualization software running on different physical servers can manage the VMs while they are operating in the Split-VM mode enabling both pieces of a Split-VM to have same view of the memory, and events, such as interrupts, to be seamlessly delivered between the two.The broader impacts of this project will offer insight into transparently splitting a VM into parts that can run on separate physical servers. These splitting mechanisms will be developed and prototyped on popular open-source Linux operating system and on open-source Xen virtualization software, with new code shared back to the community. Performance of the splitting operation and also of the execution of the VM after splitting will be evaluated to give insights into the performance of the proposed idea and to help quantify its reliability and security benefits. The proposed work will also be a stepping-stone to guide future research on splitting VMs into many pieces, not just two. This Split-VM project is thus a first step towards improving cloud data center utilization, reliability and security by enabling commodity VMs to be transparently split among different physical servers.

数据中心是云计算的骨干，由于其经济利益，它已成为重要的计算范式。 但是，云计算的可靠性和安全方面仍然需要更多的调查。 在云计算中，虚拟机（也称为虚拟服务器或VMS）是计算的主要单位之一：客户租赁VM，每台封装操作系统和客户的应用程序。在云计算数据中心中，许多物理服务器（每个运行的管理程序虚拟化软件）提供运行虚拟服务器所需的计算资源。在紧急情况下，例如硬件故障或物理服务器的安全漏洞，必须立即将VM移离其正在运行的受影响的物理服务器。但是，没有一个不受影响的物理服务器可以及时在该确切实例上运行VM所需的确切资源。 同时，两个或多个服务器可能会集体拥有运行VM所需的资源。该项目旨在允许将VM分开，以便在这种情况下可以在两个或更多服务器上运行。这有望增加私人，商业和政府云计算提供商的可靠性，安全性和利用率。 该项目将探索一个创新的拆分VM执行概念，这是一种新技术，它将允许VM分解为较小的零件，并继续执行为一个，而这些件在不同的物理服务器上。 该项目的一个特定重点将是将VM分为两部分，并表明可以透明有效地进行此类操作。 本研究也将解决居住在不同物理级别上的VM的分裂部分之间的记忆相一致性和中断管理问题。 将开发用于同步和控制VM的两部分的新协议，以便在不同的物理服务器上运行的基础虚拟化软件可以在拆分VM模式下运行VM，从而使两种拆分VM都具有相同的内存视图，并且可以在两者之间进行跨性别效果。在单独的物理服务器上运行。 这些分裂机制将在流行的开源Linux操作系统和开源XEN虚拟化软件上开发和原型，并将新代码与社区共享。 将评估拆分操作的性能以及分裂后执行VM的执行，以洞悉拟议想法的性能并帮助量化其可靠性和安全益处。 拟议的工作也将是指导未来关于将VM分为许多部分的研究，而不仅仅是两个。 因此，该拆分VM项目是通过使商品VM在不同的物理服务器之间透明的分配，迈向改善云数据中心利用率，可靠性和安全性的第一步。