Molecular orientational correlations and local order in n-alkane liquids

This paper proposes a novel method of achieving fast networking in hosted virtual machine (VM) environments. This method, called socket-outsourcing, replaces the socket layer in a guest operating system (OS) with the socket layer of the host OS. Socket-outsourcing increases network performance by eliminating duplicate message copying in both the host OS and the guest OS. Furthermore, socket-outsourcing significantly enhances inter-VM communication within the same host OS since it enables network packets to bypass the protocol stack in guest OSes. Socketoutsourcing was implemented in two representative operating systems (Linux and NetBSD) and on two virtual machine monitors (Linux KVM and PansyVM). These virtual machine monitors provided support for socket-outsourcing through shard memory, event queues, and VM-specific Remote Procedure Call between a guest OS and a host OS. The experimental results revealed that a guest OS outsourcing the socket layer achieved the same network throughput as a native OS using up to four Gigabit Ethernet links. Moreover, the benchmark results obtained from an N-tier Web application that generated a significant amount of inter-VM communication indicated that socket-outsourcing improved performance by up to 45 percent compared with conventional hosted VM environments.

show abstract

Introducing Role-Based Access Control to a Secure Virtual Machine Monitor: Security Policy Enforcement Mechanism for Distributed Computers

Hirano

Shinagawa

Eiraku

et al. 2008

View full text Add to dashboard Cite

Hypervisor-based background encryption

Omote

Chubachi

Shinagawa

et al. 2012

View full text Add to dashboard Cite

To prevent data breaches, many organizations deploy full disk encryption to their computers. While OS-based encryption is widely accepted in practical situations, hypervisorbased encryption offers significant advantages such as OS independence and providing more secure environments. Unfortunately, the initial deployment cost of hypervisor-based encryption systems is rarely discussed. In this paper, we present a hypervisor-based encryption scheme that allows instant deployment of full disk encryption into existing systems without disturbing user's activities. To avoid waiting for encryption to be completed, hypervisors perform background encryption that does not incur significant performance penalty on guest OSs by carefully watching guest OS activities and moderating the degree of encryption speed. Our scheme does not require conversion of disk images or modification of OS configurations to install hypervisors by exploiting BitVisor, a thin hypervisor for enforcing security, that can be easily injected to existing systems. Our experimental results on Windows 7 show that application benchmark scores are not significantly affected by the background encryption and the overhead on sequential disk access throughput is at most 24%. The throughput of our background encryption is comparable to that of existing OSbased background encryption systems.

show abstract

BitVisor

et al. 2009

View full text Add to dashboard Cite

Virtual machine monitors (VMMs), including hypervisors, are a popular platform for implementing various security functionalities. However, traditional VMMs require numerous components for providing virtual hardware devices and for sharing and protecting system resources among virtual machines (VMs), enlarging the code size of and reducing the reliability of the VMMs. This paper introduces a hypervisor architecture, called parapassthrough, designed to minimize the code size of hypervisors by allowing most of the I/O access from the guest operating system (OS) to pass-through the hypervisor, while the minimum access necessary to implement security functionalities is completely mediated by the hypervisor. This architecture uses device drivers of the guest OS to handle devices, thereby reducing the size of components in the hypervisor to provide virtual devices. This architecture also allows to run only single VM on it, eliminating the components for sharing and protecting system resources among VMs.We implemented a hypervisor called BitVisor and a parapassthrough driver for enforcing storage encryption of ATA devices based on the parapass-through architecture. The experimental result reveals that the hypervisor and ATA driver require approximately 20 kilo lines of code (KLOC) and 1.4 KLOC respectively.

show abstract

Improving Virtualized Windows Network Performance by Delegating Network Processing

Koh

Shinjo

et al. 2009

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Hideki Eiraku

Fast networking with socket-outsourcing in hosted virtual machine environments

Introducing Role-Based Access Control to a Secure Virtual Machine Monitor: Security Policy Enforcement Mechanism for Distributed Computers

Hypervisor-based background encryption

BitVisor

Improving Virtualized Windows Network Performance by Delegating Network Processing

Contact Info

Product

Resources

About