11 World-Leading Research with Real-World Impact! ZeroVM Backgroud Prosunjit Biswas Institute for Cyber Security University of Texas at San Antonio April.

Slides:



Advertisements
Similar presentations
Applications of Feather-Weight Virtual Machines (FVMs) Hadi Salimi Distributed Systems Lab, School of Computer Engineering, Iran University of Science.
Advertisements

Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
Threads, SMP, and Microkernels Chapter 4. Process Resource ownership - process is allocated a virtual address space to hold the process image Scheduling/execution-
Chapter 4 Threads, SMP, and Microkernels Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design.
Lightweight Remote Procedure Call Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented by Alana Sweat.
Operating Systems CMPSCI 377 Lecture 11: Memory Management
Network Implementation for Xen and KVM Class project for E : Network System Design and Implantation 12 Apr 2010 Kangkook Jee (kj2181)
OS Spring’03 Introduction Operating Systems Spring 2003.
OPERATING SYSTEMS Introduction
Inter-Process Communication  most OSs provide several abstractions for inter- process communication: message passing, shared memory, etc.  communication.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.
Virtualization for Cloud Computing
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Presented by: Alvaro Llanos E.  Motivation and Overview  Frangipani Architecture overview  Similar DFS  PETAL: Distributed virtual disks ◦ Overview.
Efficient Software-Based Fault Isolation—sandboxing Presented by Carl Yao.
Stack Management Each process/thread has two stacks  Kernel stack  User stack Stack pointer changes when exiting/entering the kernel Q: Why is this necessary?
Previous Next 06/18/2000Shanghai Jiaotong Univ. Computer Science & Engineering Dept. C+J Software Architecture Shanghai Jiaotong University Author: Lu,
Microkernels, virtualization, exokernels Tutorial 1 – CSC469.
B.Ramamurthy9/19/20151 Operating Systems u Bina Ramamurthy CS421.
Distributed Systems. Interprocess Communication (IPC) Processes are either independent or cooperating – Threads provide a gray area – Cooperating processes.
Operating System Support for Virtual Machines Samuel T. King, George W. Dunlap,Peter M.Chen Presented By, Rajesh 1 References [1] Virtual Machines: Supporting.
Eric Keller, Evan Green Princeton University PRESTO /22/08 Virtualizing the Data Plane Through Source Code Merging.
VirtualBox What you need to know to build a Virtual Machine.
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
CS533 Concepts of Operating Systems Jonathan Walpole.
By Teacher Asma Aleisa Year 1433 H.   Goals of memory management  To provide a convenient abstraction for programming  To allocate scarce memory resources.
CE Operating Systems Lecture 3 Overview of OS functions and structure.
Ihr Logo Operating Systems Internals & Design Principles Fifth Edition William Stallings Chapter 2 (Part II) Operating System Overview.
Issues Autonomic operation (fault tolerance) Minimize interference to applications Hardware support for new operating systems Resource management (global.
Disco : Running commodity operating system on scalable multiprocessor Edouard et al. Presented by Vidhya Sivasankaran.
1 Threads, SMP, and Microkernels Chapter Multithreading Operating system supports multiple threads of execution within a single process MS-DOS.
Processor Architecture
LRPC Firefly RPC, Lightweight RPC, Winsock Direct and VIA.
Efficient Software-Based Fault Isolation By Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham Presented by Pehr Collins.
Efficient Software Based Fault Isolation Author: Robert Wahobe,Steven Lucco,Thomas E Anderson, Susan L Graham Presenter: Maitree kanungo Date:02/17/2010.
Efficient Software-based Fault Isolation Robert Wahbe, Steven Lucco, Thomas E. Anderson & Susan L. Graham Presented By Tony Bock.
1 Isolating Web Programs in Modern Browser Architectures CS6204: Cloud Environment Spring 2011.
Efficient Software-Based Fault Isolation Robert Wahbe, Steven Lucco, Thomas E. Anderson, Susan L. Graham.
Efficient software-based fault isolation Robert Wahbe, Steven Lucco, Thomas Anderson & Susan Graham Presented by: Stelian Coros.
Efficient Software-Based Fault Isolation Authors: Robert Wahbe Steven Lucco Thomas E. Anderson Susan L. Graham Presenter: Gregory Netland.
Threads, SMP, and Microkernels Chapter 4. Processes and Threads Operating systems use processes for two purposes - Resource allocation and resource ownership.
Processes Chapter 3. Processes in Distributed Systems Processes and threads –Introduction to threads –Distinction between threads and processes Threads.
Memory Protection: Kernel and User Address Spaces Andy Wang Operating Systems COP 4610 / CGS 5765.
Welcome to Intro to Operating Systems Course Website:
Introduction to Operating Systems Concepts
Computer System Structures
Efficient Software-Based Fault Isolation
Containers as a Service with Docker to Extend an Open Platform
Introduction to Operating Systems
Memory Protection: Kernel and User Address Spaces
Real-time Software Design
Replication Middleware for Cloud Based Storage Service
OS Virtualization.
Memory Protection: Kernel and User Address Spaces
Towards A Secure Controller Platform for OpenFlow Applications
Memory Protection: Kernel and User Address Spaces
Memory Protection: Kernel and User Address Spaces
Chapter 15, Exploring the Digital Domain
Chapter 2: The Linux System Part 1
Google App Engine Ying Zou 01/24/2016.
Prof. Leonardo Mostarda University of Camerino
Principles of Programming Languages
Operating Systems: A Modern Perspective, Chapter 3
Sai Krishna Deepak Maram, CS 6410
SCONE: Secure Linux Containers Environments with Intel SGX
Memory Protection: Kernel and User Address Spaces
Presentation transcript:

11 World-Leading Research with Real-World Impact! ZeroVM Backgroud Prosunjit Biswas Institute for Cyber Security University of Texas at San Antonio April 23, 2014 Institute of Cyber Security, UTSA Institute for Cyber Security

22 World-Leading Research with Real-World Impact! Motivation Behind ZeroVM Institute for Cyber Security 1.In Amazon map/reduces a considerable amount of overhead was due to fetching the data from s3 to EC2 Instances and put it back to s3. 2.The overhead was hurting when the customers need to remake to cluster and do the map/reduce again. 3.A significant amount of customer’s money was spent due to moving the data back and forth.

33 World-Leading Research with Real-World Impact! Motivation Behind ZeroVM(continued) Institute for Cyber Security 1.can we bring to Application to the data(very limited I/O overhead)? 2.How can we ensure no harm even if the application is malicious? Challenge with High I/O Challenge with Application Isolation

44 World-Leading Research with Real-World Impact! What is ZeroVM Institute for Cyber Security ZeroVM is an open–source lightweight virtualization platform based on the Chromium Native Client project.

55 World-Leading Research with Real-World Impact! ZeroVM Properties Institute for Cyber Security 1. ZeroVM virtualizes Application not Operating System. 2. Single threaded (thus deterministic) execution 3. Constraint Resource  Channel based I/O  Predefine socket port / network  Restricted Memory Access  Limited Read/ Write (in bytes)  Limited life time / Predefined timeout

66 World-Leading Research with Real-World Impact! ZeroVM Properties Institute for Cyber Security 1. ZeroVM virtualizes Application not Operating System. 2. Single threaded (thus deterministic) execution 3. Constraint Resource  Channel based I/O  Predefine socket port / network  Restricted Memory Access  Limited Read/ Write (in bytes)  Limited life time / Predefined timeout

77 World-Leading Research with Real-World Impact! Popular Virtualizations Institute for Cyber Security 1. ZeroVM virtualizes Application not Operating System. 2. Does zeroVM uses process level virtualization ? OS Level Virtualization Process Level Virtualization No

88 World-Leading Research with Real-World Impact! Popular Virtualizations Institute for Cyber Security OS Level Virtualization Process Level Virtualization Pros: 1.Complete Isolation  Dedicated V. Memory  Dedicated V. Storage  Dedicated V. CPU 2. Flexible Architecture Almost all OS is supported 3. Fault Tolerance Cons: 1.High Resource Overhead 2.High Maintenance Cost. Pros: 1.Easy to maintain 2. Comparative low overhead. Cons: 1.Single Large Fault domain a.One malicious app may crush the whole system. 2.No Complete isolation.

99 World-Leading Research with Real-World Impact! ZeroVM Virtualization Institute for Cyber Security Process Level Virtualization Pros: 1.Nearly Complete Isolation -Uses Google Native Client (NaCl) Project 2.Low Resource overhead. 3. Fault Tolerant Cons: 1.Run Only special executables/ binary No support for existing

10 World-Leading Research with Real-World Impact! ZeroVM Properties Institute for Cyber Security 1. ZeroVM virtualizes Application not Operating System. 2. Single threaded (thus deterministic) execution 3. Constraint Resource  Channel based I/O  Predefine socket port / network  Restricted Memory Access  Limited Read/ Write (in bytes)  Limited life time / Predefined timeout

11 World-Leading Research with Real-World Impact! ZeroVM Properties Institute for Cyber Security 1. ZeroVM virtualizes Application not Operating System. 2. Single threaded (thus deterministic) execution 3. Constraint Resource  Channel based I/O  Predefine socket port / network  Restricted Memory Access  Limited Read/ Write (in bytes)  Limited life time / Predefined timeout Single Threaded Execution: 1.No Fork 2.No Context Switch 3.No Fault due to Undeterministi c concurrency

12 World-Leading Research with Real-World Impact! ZeroVM Properties Institute for Cyber Security 1. ZeroVM virtualizes Application not Operating System. 2. Single threaded (thus deterministic) execution 3. Constraint Resource  Channel based I/O  Predefine socket port / network  Restricted Memory Access  Limited Read/ Write (in bytes)  Limited life time / Predefined timeout

13 World-Leading Research with Real-World Impact! Channel Based Input / Output Institute for Cyber Security 1. ZeroVM virtualizes Application not Operating System. 2. Single threaded (thus deterministic) execution 3. Constraint Resource  Channel based I/O  Predefine socket port / network  Restricted Memory Access  Limited Read/ Write (in bytes)  Limited life time / Predefined timeout Before execution ZeroVM is given a manifest/ configuration file which specify predefined Resources through Channel. Input file, Output file / File System Network (socket, DNS) Memory Channel = /tmp/input.txt, /dev/stdin, 0, 1, 0x1000, 0x1000, 0, 0 Which means : Zerovm input (/dev/stdin) comes from : /tmp/input.txt of local filesystem. 0: Only sequential Read / Write is allowed 0x1000: only 1000 bytes is allowed to be read from input file. 0: 0 bytes can be written to /tmp/input.txt

14 World-Leading Research with Real-World Impact! An example Manifest file Institute for Cyber Security 1. ZeroVM virtualizes Application not Operating System. 2. Single threaded (thus deterministic) execution 3. Constraint Resource  Channel based I/O  Predefine socket port / network  Restricted Memory Access  Limited Read/ Write (in bytes)  Limited life time / Predefined timeout Channel = /dev/null, /dev/stdin, 0, 1, , , 0, 0 Channel = /dev/stdout, /dev/stdout, 0, 1, 0, 0, , Channel = /dev/stderr, /dev/stderr, 0, 1, 0, 0, , Version = Program = hello.nexe Memory = , 1 Timeout = 1

15 World-Leading Research with Real-World Impact! ZeroVM Properties Institute for Cyber Security 1. ZeroVM virtualizes Application not Operating System. 2. Single threaded (thus deterministic) execution 3. Constraint Resource  Channel based I/O  Predefine socket port / network  Restricted Memory Access  Limited Read/ Write (in bytes)  Limited life time / Predefined timeout Single Threaded Execution: 1.No Fork 2.No Context Switch 3.No Fault due to Undeterministic concurrency

16 World-Leading Research with Real-World Impact! Binary Support for ZeroVM Institute for Cyber Security ZeroVM executables have to be precompiled in.nexe format. Currently only C (C99) and python executables are supported. Existing C executables and python interpreter need recompilation to modify / eliminate sensitive system calls.

17 World-Leading Research with Real-World Impact! ZeroVM from a theoretical standpoint Institute for Cyber Security ZeroVM Google Native Client Software Fault Isolation Functional Dependency and Security Feature

18 World-Leading Research with Real-World Impact! ZeroVM from a theoretical standpoint Institute for Cyber Security ZeroVM Google Native Client Software Fault Isolation Functional Dependency and Security Feature

19 World-Leading Research with Real-World Impact! Software Fault Isolation Institute for Cyber Security Trusted Code ( Ex: Distributed by Google ) Untrusted Code ( Ex: Third party extensions) Ex: Google Chrome Project Malicious access Fault Isolation Techniques: 1.Address Space Abstraction by OS Cons: 1. Communication between address space is very costly. Valid access

20 World-Leading Research with Real-World Impact! Software Fault Isolation Institute for Cyber Security Fault Domain: -- Contiguous region of memory. -- have different code and data segment -- Code from different trust level have own fault domain. Cross Domain Communication: -- No direct memory access -- All call are implemented by RPC Single Domain Restricted Access: -- the module cannot change Code segment. (dangerous, self modifying code) -- Every jump instruction must not pass single domain. -- Most Jumps are statically verified otherwise -- verified at run time with help of checking code. Fault domain1 Fault doman2 Fault domain3 Distributed code / extensions must be recompiled/rewritten.

21 World-Leading Research with Real-World Impact! Google Native Client (NaCl) Institute for Cyber Security Fault Domain: -- Contiguous region of memory. -- have different code and data segment -- Code from different trust level have own fault domain. Cross Domain Communication: -- No direct memory access -- All call are implemented by RPC Single Domain Restricted Access: -- the module cannot change Code segment. (dangerous, self modifying code) -- Every jump instruction must not pass single domain. -- Most Jumps are statically verified otherwise -- verified at run time with help of checking code. Fault domain1 Fault doman2 Fault domain3 Distributed code / extensions must be recompiled/rewritten.

Thank You World-Leading Research with Real-World Impact!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.