A lightweight method for virtual machine introspection

A method for the introspection of virtual machines is proposed. The main distinctive feature of this method is that it makes it possible to obtain information about the system operation using the minimum knowledge about its internal organization. The proposed approach uses rarely changing parts of the application binary interface, such as identifiers and parameters of system calls, calling conventions, and the formats of executable files. The lightweight property of the introspection method is due to the minimization of the knowledge about the system and by its high performance. The introspection infrastructure is based on the QEMU emulator, version 2.8. Presently, monitoring the file operations, processes, and API function calls are implemented. The available introspection tools (RTKDSM, Panda, and DECAF) get data for the analysis using kernel structures. All the data obtained (addresses of structures, etc.) is written to special profiles. Since the addresses and offsets strongly depend not only on the version of the operating system but also on the parameters of its assembly, these tools have to store a large number of profiles. We propose to use parts of the application binary interface because they are rarely modified and it is often possible to use one profile for a family of OSs. The main idea underlying the proposed method is to intercept the system and library function calls and read parameters and returned values. The processor provides special instructions for calling system and user defined functions. The capabilities of QEMU are extended by an instrumentation mechanism to enable one to track each executed instruction and find the instructions of interest among them. When a system call occurs, the control is passed to the system call detector that checks the number of the call and decides to which module the job should be forwarded. In the case of an API function call, the situation is similar, but the API function detector checks the function address. An introspection tool consisting of a set of modules is developed. These modules are dynamic libraries that are plugged in QEMU. The modules can interact by exchanging data.     

基于负载不确定性的虚拟机整合方法

物理主机工作负载的不确定性容易造成物理主机过载和资源利用率低,从而影响数据中心的能源消耗和服务质量。针对该问题,通过分析物理主机的工作负载记录与虚拟机资源请求的历史数据,提出了基于负载不确定性的虚拟机整合（WU-VMC）方法。为了稳定云数据中心各主机的工作负载,该方法首先利用虚拟机的资源请求拟合物理主机工作负载,并利用梯度下降方法计算虚拟机与物理主机的虚拟机匹配度;然后,利用匹配度进行虚拟机整合,从而解决负载不确定造成的能耗增加和服务质量下降等问题。仿真实验结果表明,WU-VMC方法降低了数据中心的能源消耗,减少了虚拟机迁移次数,提高了数据中心的资源利用率及服务质量。     

A method for managing green power of a virtual machine cluster in cloud

A green power management scheme is proposed to determine how many physical machines should be run or turned off based on the gross occupied resource weight ratio of the virtual machine cluster. The gross occupied resource weight ratio is defined as the ratio of the sum of resource weights of all virtual machines over the sum of available resource weights of all running physical machines. When the gross occupied resource weight ratio is greater than the maximum tolerant occupied resource weight ratio, preset to ensure quality of service, a standby physical machine in the non-running physical machines is selected and wakened up to join as one of the running physical machines. On the other hand, when the gross occupied resource weight ratio is less than the minimum critical occupied resource weight ratio, preset to trigger energy saving algorithms, one of the running physical machines, selected as a migration physical machine with the virtual machines therein removed after live migration, is moved from other running physical machines, and then turned off. As a result, a resource allocation process is realized to distribute loads of the running physical machines such that the total number of the running physical machines can be flexibly dispatched to achieve the objective of green power management.     

基于虚拟机部署策略的云平台容错即服务方法

针对如何充分利用云基础架构层资源,满足上层云应用系统租户对应用系统容错的需求多样性和高可靠性要求的问题,提出一种面向租户和云服务提供商的、基于虚拟机部署策略的云平台容错即服务方法。该方法根据租户的特定容错需求适配适合的容错方法及容错级别,据此计算并最优化云服务提供商的收益和资源使用量,在此基础上对提供容错服务的虚拟机进行优化部署,充分利用底层虚拟机资源为租户的云应用系统提供更为可靠的容错服务。实验结果表明,所提方法能够在保障云服务提供商收益的基础上,为多租户云应用系统实现更灵活且可靠性更高的容错服务。     

基于虚拟机技术的进程分析方法

针对现有进程分析方法存在的缺陷,提出了一种在Windows平台虚拟环境下分析进程的方法。该方法首先在宿主机下分析虚拟机的内存,捕捉当前线程,并通过内核数据结构得到当前线程所在进程, 然后通过页目录表物理地址计算进程页面,对内存进行清零来结束进程。实例分析表明本方法在保护宿主机安全的同时,能快速监测到程序,并且可以有效地结束进程。     

基于硬件虚拟化的虚拟机进程代码分页式度量方法

云环境下恶意软件可利用多种手段篡改虚拟机（VM）中关键业务代码,威胁其运行的稳定性。传统的基于主机的度量系统易被绕过或攻击而失效,针对在虚拟机监视器（VMM）层难以获取虚拟机中运行进程完整代码段并对其进行完整性验证的问题,提出基于硬件虚拟化的虚拟机进程代码分页式度量方法。该方法以基于内核的虚拟机（KVM）作为虚拟机监视器,在VMM层捕获虚拟机进程的系统调用作为度量流程的触发点,基于相对地址偏移解决了不同版本虚拟机之间的语义差异,实现了分页式度量方法在VMM层透明地验证虚拟机中运行进程代码段的完整性。实现的原型系统——虚拟机分页式度量系统（VMPMS）能有效度量虚拟机中进程,性能损耗在可接受范围内。     

A distributed implementation of a virtual machine for Java

The cluster virtual machine (VM) for Java provides a single system image of a traditional Java Virtual Machine (JVM) while executing in a distributed fashion on the nodes of a cluster. The cluster VM for Java virtualizes the cluster, supporting any pure Java application without requiring that application be tailored specifically for it. The aim of our cluster VM is to obtain improved scalability for a class of Java Server Applications by distributing the application's work among the cluster's computing resources. The implementation of the cluster VM for Java is based on a novel object model which distinguishes between an application's view of an object (e.g. every object is a unique data structure) and its implementation (e.g. objects may have consistent replications on different nodes). This enables us to exploit knowledge on the use of individual objects to improve performance (e.g. using object replications to increase locality of access to objects). We have already completed a prototype that runs pure Java applications on a cluster of NT workstations connected by a Myrinet fast switch. The prototype provides a single system image to applications, distributing the application's threads and objects over the cluster. We used the cluster VM to run, without change, a real Java Server Application containing over 10 Kloc

1 Kloc means Kilo lines of code—used to describe the size of applications in terms of source lines count.

for the source code and achieved high scalability for it on a cluster. We also achieved linear speedup for another application with a large number of independent threads. This paper discusses the architecture and implementation of the cluster VM. It focuses on achieving a single system image for a traditional JVM on a cluster while describing, in short, how we aim to obtain scalability. Copyright © 2001 John Wiley & Sons, Ltd.     

基于底层虚拟机的标识符混淆方法

针对现有代码混淆仅限于某一特定编程语言或某一平台,并不具有广泛性和通用性,以及控制流混淆和数据混淆会引入额外开销的问题,提出一种基于底层虚拟机（LLVM）的标识符混淆方法。该方法实现了4种标识符混淆算法,包括随机标识符算法、重载归纳算法、异常标识符算法以及高频词替换算法,同时结合这些算法,设计新的混合混淆算法。所提混淆方法首先在前端编译得到的中间文件中候选出符合混淆条件的函数名,然后使用具体的混淆算法对这些函数名进行处理,最后使用具体的编译后端将混淆后的文件转换为二进制文件。基于LLVM的标识符混淆方法适用于LLVM支持的语言,不影响程序正常功能,且针对不同的编程语言,时间开销在20%内,空间开销几乎无增加;同时程序的平均混淆比率在77.5%,且相较于单一的替换算法和重载算法,提出的混合标识符算法理论分析上可以提供更强的隐蔽性。实验结果表明,所提方法具有性能开销小、隐蔽性强、通用性广的特点。     

An event-driven simulation method for motor driver in virtual machine tool system

In this paper, an event-driven simulation method is proposed for the motor driver in a virtual machine tool system (VMT), of which simulation speed is always a puzzle. This method utilizes a set of pre-defined events to trigger the execution of simulator in a non-deterministic manner and at the most efficient moment. Comparing to the conventional time domain simulation method, it dramatically reduces the CPU time consumption without losing simulation accuracy, therefore it improves the simulation efficiency. The effectiveness of this method is verified through a PMSM (Permanent Magnet Synchronous Motor) motor driver model in studying Servo/Mechanical interaction within a VMT.     

应用托管环境下的虚拟机优化调度方法

在面对云服务中典型的应用托管需求时,现有的基础设施即服务IaaS大多采用应用无关的方式进行虚拟机调度,无法针对类型不同的应用托管需求调整调度策略,从而会产生虚拟机集群的负载倾斜及资源利用率不高的情况,甚至会影响所托管的应用。针对上述问题,提出了一种应用托管环境下的虚拟机优化调度方法,通过对所托管应用的分析和物理资源的监控,以贪心方式实现虚拟机周期性的调度策略。实际项目中的应用托管实例表明,该虚拟机调度方法可有效减少所使用的物理服务器数量,并提高物理服务器资源利用率。     

Kernel-based virtual machine事件跟踪机制的设计与实现

分析了基于处理器硬件虚拟化技术实现的KVM子系统的架构.针对KVM跟踪独立事件信息的局限性,提出一种新的KVM事件跟踪机制(kvmtrnee)来达到性能调节的目的,并使用relayfs接口进行了设计与实现.同时探讨了Linux kernel Markers实现机制及其在kvmtraee的实际应用.     

A portable virtual machine for Ada

A portable compiler can be constructed by letting it generate code for a virtual machine, which is then implemented on the real target machines. The design of a virtual machine which is especially suitable as a target machine for compiled Ada programs is described. The main design goals, implementability on mini-computers and portability, are discussed and the resulting design is described in some detail. Some implementation strategies for the machine are proposed and the feasibility of the virtual machine approach is discussed.     

A QoS-aware virtual machine scheduling method for energy conservation in cloud-based cyber-physical systems

Nowadays, with the development of cyber-physical systems (CPS), there are an increasing amount of applications deployed in the CPS to connect cyber space with physical world better and closer than ever. Furthermore, the cloud-based CPS bring massive computing and storage resource for CPS, which enables a wide range of applications. Meanwhile, due to the explosive expansion of applications deployed on the CPS, the energy consumption of the cloud-based CPS has received wide concern. To improve the energy efficiency in the cloud environment, the virtualized technology is employed to manage the resources, and the applications are generally hosted by virtual machines (VMs). However, it remains challenging to meet the Quality-of-Service (QoS) requirements. In view of this challenge, a QoS-aware VM scheduling method for energy conservation, named QVMS, in cloud-based CPS is designed. Technically, our scheduling problem is formalized as a standard multi-objective problem first. Then, the Non-dominated Sorting Genetic Algorithm III (NSGA-III) is adopted to search the optimal VM migration solutions. Besides, SAW (Simple Additive Weighting) and MCDM (Multiple Criteria Decision Making) are employed to select the most optimal scheduling strategy. Finally, simulations and experiments are conducted to verify the effectiveness of our proposed method.

     

基于虚拟机迁移的DoS攻击防御方法

利用云计算资源共享的特性,攻击者可以通过不停消耗带宽资源,使得同一物理主机上的其他用户无法接受正常服务,造成拒绝服务（denial of service,DoS）攻击。这种攻击区别于传统网络体系中的DoS攻击,因此难以应用传统防御方法解决。针对这一问题,提出一种基于虚拟机迁移的DoS攻击防御方法,通过选择迁移目标、设计触发机制和选择迁移目的地,形成迅速减轻DoS攻击影响的虚拟机迁移策略。实验结果表明,针对攻击者的不同攻击方式,该方法均可有效地快速防御DoS攻击,保证云服务的正常运行。相比其他策略,所提方法在迁移开销上略有增加,但防御效果明显,可行性更高。     

虚拟机软件结合LoadRunner的一种测试方案探讨

基于虚拟化技术进行软件自动化测试是测试主流技术发展的一个方向。介绍了虚拟机软件VMware结合测试工具软件LoadRunner的一种软件测试方案,详细介绍了测试方法、测试环境、测试用例以及数据处理方法。通过对同一B/S系统在真实环境和虚拟环境中进行对比性能测试,并基于实测数据加以分析,论证了该方案的优越性,得出了能否应用的结论。     

Lightweight monitors for the Java virtual machine

Java supports the monitor construct for language‐level synchronization in the context of multi‐threading. This paper introduces the lightweight monitor, an efficient user‐level monitor implementation. The lightweight monitor is useful for single‐threaded Java programs as well as for multi‐threaded Java programs with little lock contention. A 32‐bit lock is embedded in each object for efficient lock access while other monitor data structures are managed using a hash table. We highly optimized the lock manipulation code, which is translated and inlined by a just‐in‐time (JIT) compiler. In the most probable cases, only nine SPARC instructions are spent for lock acquisition and five instructions are spent for lock release. Our experimental results indicate that the lightweight monitor is faster than the monitor implementation in the SUN JDK 1.2 RC1 by up to 21 times in the absence of lock contention and by up to seven times in the presence of lock contention. Copyright © 2004 John Wiley & Sons, Ltd.