Xen虚拟机研究
|
摘要
Xen是运行于x86体系结构上的虚拟机监控器,它支持多个客户操作系统以高性能和强隔离性同时运行。Xen是遵循GNU许可的开源软件。随着现代计算机的发展和Intel x86体系结构的流行,Xen成为一个研究热点。
本文系统地总结和分析前人的研究成果。对基于Xen的虚拟机在操作系统安全性、可靠性、面向特定应用的性能、面向特定应用的部署等方面进行了深入细致的研究。本文的主要内容为:
1.提出了一个优化Xen虚拟机操作系统安全性的模型。新模型中,利用保护环和安全内核的功能,虚拟机监控器Xen中被用来保护运行时安全内核。虚拟机监控器运行在有最高特权级的保护环上,安全内核和用户进程分别运行在次高特权级和最低特权级的保护环上。当次高特权级的安全内核试图写某些关键的系统资源时,写操作必须经过运行于最高特权级的Xen的验证和许可。结果,该模型能够阻止恶意代码修改并绕过运行时安全内核。
2.提出了一种用形式化方法优化Xen虚拟机块设备IO可靠性的方法。用通信顺序进程和软件体系结构等形式化方法描述了Xen的块设备IO体系结构,增加了约束其构件并发交互行为的设计准则,理论上确保了并发交互的不死锁,提高了系统的可靠性。以这些设计准则为指导,重新优化了相关程序。实验表明优化带来了IO吞吐量的一些降低。但系统的可靠性得到了增强,优化仍具有价值。
3.提出了一种记录Xen虚拟机操作系统系统调用日志的原型。原型让客户操作系统以非特权模式运行在虚拟机监控器Xen上,在Xen中增加了重定向模块和日志记录模块,当一个应用程序调用系统调用时,它从最低特权级被重定向到处于最高特权级的虚拟机监控器Xen,完成日志记录后,返回到处于较高特权级的客户操作系统以完成系统调用;与传统的记录系统调用日志的方法相比,原型使攻击者毁坏或篡改这些日志更加困难。
4.提出了一个基于Xen的入侵检测系统原型。SNARE是Linux操作系统的一个著名的入侵检测系统,然而,它也是易受攻击的。一个新的方法被用来保护它免受攻击,运用虚拟机监控器的功能,SNARE被移植到运行在虚拟机监控器Xen上的两个虚拟机中,SNARE的两个主要部分(内核补丁和审计后台进程)被分隔而分别放入两个被Xen强隔离的虚拟机。Xen提供了两个虚拟机间共享内存的机制,运用这一机制,运行在一个虚拟机上的内核补丁记录并转移审计日志到运行在另一个虚拟机上的审计后台进程。与传统的SNARE相比,新方法使攻击者毁坏或篡改这些日志更加困难。
5.针对一类流行的IP网络应用,提出了一个性能优化的虚拟机网络原型。多个虚拟机运行在虚拟机监控器Xen上,Xen创建和管理这些虚拟机。优化原型的核心是一个新的虚拟网卡,所有的虚拟机通过它被互连成一个网络,用于虚拟机间的通信。与Xen的标准相应模型相比,实验和分析表明该原型改善了虚拟机间的通信性能,减少了约42%的用户请求响应时间。
6.针对一个特定的应用场景(制造业产业链上企业的协同商务),提出了基于Xen虚拟机的三层协同商务服务部署体系结构。该体系结构能够支持制造业产业链上的多个企业组成一个虚拟企业,共享数据库,方便、灵活、安全地实现虚拟企业内的成员企业间的商务协同。应用服务器的Xen虚拟机部署方式不仅明显降低了服务部署的TCO成本,而且也方便了应用服务的部署。
Xen is a virtual machine monitor for x86 that supports execution of multiple guest operating systems with high performance and strong resource isolation. Xen is open source software released under the terms of the GNU General Public license. With the development of modern computer and the popularity of Intel x86 architecture, more researches are focused on Xen.
In this thesis, the previous researches are surveyed and analyzed comprehensively. For virtual machine based on Xen, we present deep and elaborate research on few topics such as secure operating system, system reliability, performance and deployment for specific application.
The main results are as follows:
1. A novel model for enhancing security of operating system is proposed. In the model, Xen is used to protect the runtime security kernel. The virtual machine monitor runs in the most-privileged ring, security kernel and user process runs respectively in the much-privileged and least-privileged ring. When the much-privileged security kernel attempts to write some critical system resources, it is mandatory for the write permission to be verified and approved by Xen. So, the model can prevent malicious code from modifying and then bypassing the runtime security kernel.
2. A formal method is proposed to optimize reliability of IO architecture of block device in Xen. Theories such as CSP and software architecture are utilized to formalize the architecture. Design rules are proposed to constrain concurrent interactions among components of architecture for block device. So, deadlocks are prevented in theory and reliability is improved. With the guide of the design rules, related programs are overhauled. Preliminary experiments indicated that overhead aroused by the revise is increased little. However, reliability of the system is enhanced. So, the overhaul is still worth.
3. A novel prototype for logging system call is designed. In the design, guest operating system runs on the top of Xen as non-privileged mode. The redirecting and monitoring modules are added into Xen. When a guest application is calling a system call, it is trapped and redirected from the least privileged level into the virtual machine monitor running in the most privileged level. After logging is finished, it returns to guest operating system running in the more privileged level and starts the system call. Compared to the traditional methods for logging system call, the novel method makes it is more difficult to destroy or tamper the logs.
4. An intrusion detection system based on Xen is designed. SNARE is a well-known intrusion detection system for the Linux. However, it is also vulnerable. A novel approach is designed to protect SNARE from being tampered. SNARE is ported on two virtual machines running over the Xen. The SNARE kernel patch and audit daemon, which are two principal components of SNARE, are separated into two virtual machines isolated strongly by Xen. The mechanism for sharing memory between virtual machines is provided by Xen. By the mechanism, SNARE kernel patch running on one virtual machine records and transfers the audit logs into the audit daemon running on another virtual machine. Compared to the traditional SNARE, the novel method makes it is more difficult to destroy or tamper the audit logs.
5. For a class of popular IP network applications, a prototype of optimized computer network for virtual machines is proposed. A few virtual machines run on the top of Xen. Xen creates and manages these virtual machines. A new virtual network card is the core of the prototype. All virtual machines are interconnected by the device into a network, which is designed for communicating between the virtual machines. Compared to default model of Xen, the prototype improved the communication performance and reduced the response time for request by 42% which is supported by preliminary experiments and evaluations.
6. For a specific application scenario (collaborative business service of one manufacturing industrial chain), the 3-tier architecture for deploying the service based on Xen is presented to group enterprises of the chain into one virtual enterprise. For membership enterprises of one virtual enterprise,the virtual enterprise is used to support sharing database and running collaborative business service easily, flexibly and securely. Because Xen is used to deploy the application servers, the total cost of ownership is reduced sharply and it is easier to deploy the application servers.
本文系统地总结和分析前人的研究成果。对基于Xen的虚拟机在操作系统安全性、可靠性、面向特定应用的性能、面向特定应用的部署等方面进行了深入细致的研究。本文的主要内容为:
1.提出了一个优化Xen虚拟机操作系统安全性的模型。新模型中,利用保护环和安全内核的功能,虚拟机监控器Xen中被用来保护运行时安全内核。虚拟机监控器运行在有最高特权级的保护环上,安全内核和用户进程分别运行在次高特权级和最低特权级的保护环上。当次高特权级的安全内核试图写某些关键的系统资源时,写操作必须经过运行于最高特权级的Xen的验证和许可。结果,该模型能够阻止恶意代码修改并绕过运行时安全内核。
2.提出了一种用形式化方法优化Xen虚拟机块设备IO可靠性的方法。用通信顺序进程和软件体系结构等形式化方法描述了Xen的块设备IO体系结构,增加了约束其构件并发交互行为的设计准则,理论上确保了并发交互的不死锁,提高了系统的可靠性。以这些设计准则为指导,重新优化了相关程序。实验表明优化带来了IO吞吐量的一些降低。但系统的可靠性得到了增强,优化仍具有价值。
3.提出了一种记录Xen虚拟机操作系统系统调用日志的原型。原型让客户操作系统以非特权模式运行在虚拟机监控器Xen上,在Xen中增加了重定向模块和日志记录模块,当一个应用程序调用系统调用时,它从最低特权级被重定向到处于最高特权级的虚拟机监控器Xen,完成日志记录后,返回到处于较高特权级的客户操作系统以完成系统调用;与传统的记录系统调用日志的方法相比,原型使攻击者毁坏或篡改这些日志更加困难。
4.提出了一个基于Xen的入侵检测系统原型。SNARE是Linux操作系统的一个著名的入侵检测系统,然而,它也是易受攻击的。一个新的方法被用来保护它免受攻击,运用虚拟机监控器的功能,SNARE被移植到运行在虚拟机监控器Xen上的两个虚拟机中,SNARE的两个主要部分(内核补丁和审计后台进程)被分隔而分别放入两个被Xen强隔离的虚拟机。Xen提供了两个虚拟机间共享内存的机制,运用这一机制,运行在一个虚拟机上的内核补丁记录并转移审计日志到运行在另一个虚拟机上的审计后台进程。与传统的SNARE相比,新方法使攻击者毁坏或篡改这些日志更加困难。
5.针对一类流行的IP网络应用,提出了一个性能优化的虚拟机网络原型。多个虚拟机运行在虚拟机监控器Xen上,Xen创建和管理这些虚拟机。优化原型的核心是一个新的虚拟网卡,所有的虚拟机通过它被互连成一个网络,用于虚拟机间的通信。与Xen的标准相应模型相比,实验和分析表明该原型改善了虚拟机间的通信性能,减少了约42%的用户请求响应时间。
6.针对一个特定的应用场景(制造业产业链上企业的协同商务),提出了基于Xen虚拟机的三层协同商务服务部署体系结构。该体系结构能够支持制造业产业链上的多个企业组成一个虚拟企业,共享数据库,方便、灵活、安全地实现虚拟企业内的成员企业间的商务协同。应用服务器的Xen虚拟机部署方式不仅明显降低了服务部署的TCO成本,而且也方便了应用服务的部署。
Xen is a virtual machine monitor for x86 that supports execution of multiple guest operating systems with high performance and strong resource isolation. Xen is open source software released under the terms of the GNU General Public license. With the development of modern computer and the popularity of Intel x86 architecture, more researches are focused on Xen.
In this thesis, the previous researches are surveyed and analyzed comprehensively. For virtual machine based on Xen, we present deep and elaborate research on few topics such as secure operating system, system reliability, performance and deployment for specific application.
The main results are as follows:
1. A novel model for enhancing security of operating system is proposed. In the model, Xen is used to protect the runtime security kernel. The virtual machine monitor runs in the most-privileged ring, security kernel and user process runs respectively in the much-privileged and least-privileged ring. When the much-privileged security kernel attempts to write some critical system resources, it is mandatory for the write permission to be verified and approved by Xen. So, the model can prevent malicious code from modifying and then bypassing the runtime security kernel.
2. A formal method is proposed to optimize reliability of IO architecture of block device in Xen. Theories such as CSP and software architecture are utilized to formalize the architecture. Design rules are proposed to constrain concurrent interactions among components of architecture for block device. So, deadlocks are prevented in theory and reliability is improved. With the guide of the design rules, related programs are overhauled. Preliminary experiments indicated that overhead aroused by the revise is increased little. However, reliability of the system is enhanced. So, the overhaul is still worth.
3. A novel prototype for logging system call is designed. In the design, guest operating system runs on the top of Xen as non-privileged mode. The redirecting and monitoring modules are added into Xen. When a guest application is calling a system call, it is trapped and redirected from the least privileged level into the virtual machine monitor running in the most privileged level. After logging is finished, it returns to guest operating system running in the more privileged level and starts the system call. Compared to the traditional methods for logging system call, the novel method makes it is more difficult to destroy or tamper the logs.
4. An intrusion detection system based on Xen is designed. SNARE is a well-known intrusion detection system for the Linux. However, it is also vulnerable. A novel approach is designed to protect SNARE from being tampered. SNARE is ported on two virtual machines running over the Xen. The SNARE kernel patch and audit daemon, which are two principal components of SNARE, are separated into two virtual machines isolated strongly by Xen. The mechanism for sharing memory between virtual machines is provided by Xen. By the mechanism, SNARE kernel patch running on one virtual machine records and transfers the audit logs into the audit daemon running on another virtual machine. Compared to the traditional SNARE, the novel method makes it is more difficult to destroy or tamper the audit logs.
5. For a class of popular IP network applications, a prototype of optimized computer network for virtual machines is proposed. A few virtual machines run on the top of Xen. Xen creates and manages these virtual machines. A new virtual network card is the core of the prototype. All virtual machines are interconnected by the device into a network, which is designed for communicating between the virtual machines. Compared to default model of Xen, the prototype improved the communication performance and reduced the response time for request by 42% which is supported by preliminary experiments and evaluations.
6. For a specific application scenario (collaborative business service of one manufacturing industrial chain), the 3-tier architecture for deploying the service based on Xen is presented to group enterprises of the chain into one virtual enterprise. For membership enterprises of one virtual enterprise,the virtual enterprise is used to support sharing database and running collaborative business service easily, flexibly and securely. Because Xen is used to deploy the application servers, the total cost of ownership is reduced sharply and it is easier to deploy the application servers.
引文
[1]金海等.计算系统虚拟化--原理与应用.北京:清华大学出版社,2008
[2] J.E. Smith, R.Nair. Virtual Machines: Versatile Platforms for Systems and Processes.北京:电子工业出版社,2006
[3] K.Lawton, B.Denney, N.D.Guarneri, V.Ruppert, C.Bothamy. Bochs x86 PC Emulator User Manual. http://bochs.sourceforge.net/,2010
[4] R.P.Goldberg. Survey of virtual Machine Research. IEEE Computer, 1974,7(6):34-45
[5] VMware, Inc. VMware virtual machine technology. http://www.vmware.com,2010.
[6] Jay Munro. Virtual Machines and VMware. PC Magazine. 2001,12(21)
[7] Carl Waldspurger. Memory Resource Management in VMware ESX Server. Proceedings of the 5th Symposium on Operating Systems Design and Implementation(OSDI 2002),ACM SIGOPS Operating Systems Review,2002,Winter 2002 Special Issue: 181-194
[8] P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, A. Warfield. Xen and the art of virtualization. In Proceedings of the 19th ACM Symposium on Operating Systems Principles, October 2003, pages: 164-177
[9] The Xen project. http://www.cl.cam.ac.uk/Research/SRG/netos/xen/,2010
[10] The Xensource Company. http://www.xensource.com/,2010
[11] Microsoft. Microsoft virtual PC. http://www.microsoft.com/windows/virtual-pc/,2010
[12] J.Dike. A user-mode port of the linux kernel. Proceedings of the 4th annual Linux Showcase & Conference 2000,2000,4:7-7
[13] P.H.Kamp, R.N.M.Watson. Jails: Confining the Omnipotent root. Proceedings of the Second International SANME Conference, May 2000
[14] B.Venners. The lean, mean, virtual machine An introduction to the basic structure and functionalityof the Java Virtual Machine. Java World, 1996
[15] Microsoft. Common Language Infrastructure (CLI). Standard ECMA-335, 4th edition,2006
[16] R.J.Record, M.Hopkirk, S.Ginzburg. Linux emulation for SCO. In. Proceedings of the 1998 USENIX Annual Technical Conference,1998
[17] Qumranet Inc.KVM: Kernel-based Virtualization Driver White Paper. Qumranet Inc,2006
[18] D.Ung, C.Cifuentes. Machine-adaptable dynamic binary translation.ACM SIGPLAN Notices,2000,35(7):41-51
[19] N.Ramsey and C.Cifuentes. A transformational approach to binary translation of delayed branches.ACM Transactions on Programming Languages and Systems,2003,25(2):210-224
[20] C.Cifuentes, V.Malhotra. Binary Translation: Static, Dynamic, Retargetable?. Proceedings International Conference on Software Maintenance, IEEE-CS Press, 1996:340-349
[21] C.Cifuentes, K.John Gough.Decompilation of binary programs.Software—Practice & Experience,1995,25(7):811-829
[22] K.Ebcioglu. E.Altman. DAISY: dynamic compilation for 100% architectural compatibility. Research Report RC 20538, IBM TJ. Watson Research Center, Yorktown Heights, NY, 1996
[23] K.Ebcioglu, J.Fritts, S.Kosonocky. An Eight Issue Tree-VLIW Processor for Dynamic Binary Translation. Proceedings of the International Conference on Computer Design, 1998:488-495
[24] L.Baraz,T.Devor,et al. IA-32 Execution Layer: a two-phase dynamic translator designed to support IA-32 applications on Itanium?-based systems. Proceedings of the 36th annual IEEE/ACM International Symposium on Microarchitecture,2003:191-205
[25] A. Whitaker, M. Shaw, S. D. Gribble. Denali: Lightweight Virtual Machines for Distributed and Networked Applications. Technical Report 02-02-01, University of Washington, 2002
[26] A.Whitaker, M.Shaw, S.D. Gribble. Scale and performance in the Denali isolation kernel. SIGOPS, 2002,36(SI):195-209
[27] A.Whitaker, M.Shaw, S.D.Gribble. Denali: A Scalable Isolation Kernel. Proceedings of the Tenth ACM SIGOPS European Workshop, 2002
[28] A.Whitaker, R.S.Cox, M.Shaw, S.D. Gribble.Constructing Services with Interposable Virtual Hardware.Proceedings of the First Symposium on Networked Systems Design and Implementation (NSDI '04), 2004
[29] J.L.Vasseur, V.Uhlig, B.Leslie, M.Chapman, G.Heiser. Pre-Virtualization: Uniting Two Worlds.Proceedings of the twentieth ACM symposium on Operating systems principles,2005:1-2
[30] J.S.Robin, C.E.Irvine. Analysis of the Intel Pentium's ability to support a secure virtual machine monitor.In Proceedings of the 9th USENIX Security Symposium,2000:129-144
[31] K.Admas, O.Agesen. A comparison of software and hardware techniques for x86 virtualization.Proceedings of the 12th international conference on Architectural support for programming languages and operating systems,2006:2-13
[32] http://www.l4ka.org/, l4ka WebSite
[33] Intel Corporation. Virtualization Technology. Specification for the Intel Itanium Architecture (VT-i). Intel Corporation, 2005, Revision 2.0
[34] Intel Corporation. Intel 64 and IA-32 Architectures Software Developer's Manuals. Intel Corporation, 2006,Volume 3B
[35] Advanced Micro Devices Inc. AMD64 Virtualization Codenamed Pacifica Technology: Secure Virtual Machine Architecture Reference Manual. AMD Inc, 2005
[36] http://vcluster.sourceforge.net,VHPCE WebSite.
[37] http://code.google.com/p/ganeti/,Ganeti WebSite.
[38] K.Keahey, T.Freeman.Contextualization: Providing One-Click Virtual Clusters, eScience, 2008:301-308
[39] C.Hoffa, G. Mehta, T. Freeman, E. Deelman, K. Keahey, B. Berriman, J. Good. On the Use of Cloud Computing for Scientific Workflows, SWBES 2008, 2008:215-224
[40] K.Keahey, T.Freeman. Science Clouds: Early Experiences in Cloud Computing for Scientific Applications, Cloud Computing and Its Applications 2008 (CCA-08), 2008:8-17
[41] T.Freeman, K. Keahey. Flying Low: Simple Leases with Workspace Pilot, Euro-Par 2008, 2008:31-42
[42] B.Sotomayor,, K.Keahey, I.Foster. Combining Batch Execution and Leasing Using Virtual Machines, HPDC 2008.
[43] http://www.nimbusproject.org/, nimbus WebSite
[44] http://www.eucalyptus.com/, eucalyptus project WebSite
[45] http://www.opennebula.org/, opennebula project WebSite
[46] H.A.L.Cavilla, J.Whitney, A.Scannell, P.Patchin , S. M.Rumble. SnowFlock: Rapid Virtual Machine Cloning for Cloud Computing .3rd European Conference on Computer Systems (Eurosys), 2009
[47] H.A.L.Cavilla, E.D.Lara, M.Brudno, Philip Patchin. Adding the Easy Button to the Cloud with SnowFlock and MPI., 3rd Workshop on System-level Virtualization for High Performance Computing (HPCVirt 2009) , 2009:
[48] B.Cully, A.Warfield. SecondSite: Disaster Protection for the Common Server (HotDep 2006),2006:12-22
[49] http://www.osrg.net/kemari/, kemari project WebSite
[50] Y.Tamuro. Modernization of Kemari using HVM with PV Drivers, Xen Summit Asia (Tokyo) 2008
[51] Y.Tamuro. Kemari: VM Synchronization for Fault Tolerance Using DomT, Xen Summit Boston 2008
[52] D.Meyer, G.Aggarwal, B.Cully, G.Lefebvre, M.Feeley, N.Hutchinson. A.Warfield. Parallax: Virtual Disks for Virtual Machines (EuroSys 2008),2008:41-54
[53] B.Cully, G.Lefebvre, D.Meyer, M.Feeley, Norm Hutchinson. Remus: High Availability via Asynchronous Virtual Machine Replication. 5th USENIX Symposium on Networked. Systems Design and Implementation,2008 Proceedings: 161–174
[54] G.Lefebvre, B.Cully, D.Meyer, G.Aggarwal, G.Peng, M.Feeley, N.Hutchinson A.Warfield. The Difference Engine (Usenix 2007),2007:46-59
[55] www.xen.org/files/xensummitboston08/open-ovf-proposal.pdf, OVF Peoposal
[56] http://www.xen.org/products/xci.html, XCI WebSite
[57] http://www.zentific.com/, zentific WebSite
[58] http://www.convirture.com/, convirture WebSite
[59] http://isolated-exec.sourceforge.net/, Isolated Execution WebSite
[60] B.D.Payne, M.Carbone, W.Lee. Secure and Flexible Monitoring of Virtual Machines. Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual,2007:385-397
[61] http://doc.xenaccess.org/, XenAccess WebSite
[62] R.Sailer, E.Valdez, T.Jaeger,etc,al. sHype: Secure Hypervisor Approach to Trusted Virtualized Systems. IBM Research Report RC23511, 2005
[63] R.Sailer, T.Jaeger,etc,al. Building a MAC-based Security Architecture for the Xen Opensource Hypervisor. IBM Research Report RC23629, 2005
[64] http://domino.research.ibm.com/comm/research_projects.nsf/pages/ssd_vtpm.index.html, VTPM WebSite
[65]石文昌.安全操作系统研究的发展.计算机科学,2002,29(6,7)
[66] P.Loscocco, S.Smalley. Integrating flexible support for security policies into the Linuxoperating system. Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, 2001:29-42
[67] P.Loscocco, S.Smalley. Meeting critical security objectives with Security-Enhanced Linux. Proceedings of the 2001 Ottawa Linux Symposium, 2001:115-134
[68]毛德操、胡希明. Linux内核源代码情景分析.杭州:浙江大学出版社, 2001
[69] http://www.packetstormsecurity.org, Adore Website
[70] http://www.sans.org/resources/idfaq/knark.php, Knark Website
[71] http://www.tripwire.com, Tripwire Website
[72] http://www.la-samhna.de/library/rootkits/list.html, Suckit Website
[73] http://www.frameip.com/firewall/kinsmod.php, Kinsmod Website
[74] http://www.nsa.gov/selinux/, SELinux Website
[75]谢华刚.安全Linux内核.“十五”863 Linux及相关软件发展研讨会发言文集,共创软件联盟主办,北京,2001
[76]石文昌,孙玉芳.论引用监控机等若干关键计算机安全思想.小型微型计算机系统2001,22(6): 675-678
[77] J.P.Anderson. Computer security planning study. Air Force Electronic System Division, Technical Report 1972:73-51
[78] S.Govindan, A.Nath, A.Das, B.Urgaonkar, A.Sivasubramaniam. Xen and Co: Communication- aware CPU Scheduling for Consolidated Xen-based Hosting Platforms. Proceedings of The Third International ACM SIGPLAN/SIGOPS Conference on Virtual Execution Environments (VEE) , 2007:126-136
[79] A. Menon, A.Cox, W.Zwaenepoel. Optimizing Network Virtualization in Xen. Proceedings of the annual conference on USENIX Annual Technical Conference, 2006:15–28
[80] L.Cherkasova, R.Gardner. Measuring CPU Overhead for IO Processing in the Xen Virtual Machine Monitor. Proceedings of the annual conference on USENIX Annual Technical Conference, 2005:387-390
[81] A.Menon, J.Santos, Y.Turner, et al. Diagnosing performance overheads in the xen virtual machine environment. Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments, 2005:13-23
[82]梅宏,陈锋,冯耀东,杨杰.ABC:基于软件体系结构、面向构件的软件开发方法.软件学报, 2003,14(4):721-732
[83] R.Allen, D.Garlan. A formal basis for architectural connection. ACM TOSEM archive 1997, 6(3): 213-249
[84] N.Medvidovic, N.R.Taylor. A Classification and Comparison Framework for Software Architecture Description Languages. IEEE Transactions on Software Engineering, 2000, 26 (1):70-93
[85] C.Hoare. Communicating Sequential Processes. NewYork: Prentice-Hall,1991
[86] C.Hoare (著),周巢尘(译).通信顺序进程.北京:北京大学出版社,1990
[87] J.M.R.Martin. The Design and Construction of Deadlock-Free Concurrent Systems. PhD thesis. University of Buckingham,MK18 1EG,UK,1996.
[88] I.East, J.Martin, P.Welch, D.Duce, M.Green. Prioritised Service Architecture Communicating Process Architecture 2004. IOS Press, 2004
[89] K.Fraser, S.Hand, R.Neugebauer, I.Pratt, A.Warfield, M.Williamson. Reconstructing I/O. Technical Report No 596, 2004
[90] http://www.iozone.org/,IOzone Filesystem Benchmark WebSite
[91] S.T. King, P. M. Chen. Backtracking intrusions. ACM Transactions on Computer Systems (TOCS) archive 2005,23(11): 51-76
[92] S.A. Hofmeyr, S.Forrest, A.Somayaji. Intrusion Detection using Sequences of System Calls. Journal of Computer Security, 1990,6:151-180
[93] Y.Liao, V.R.Vemuri. Using Text CategorizationTechniques for IntrusionDetection. Proceedings of the 11th Usenix Security Symposium,2002
[94] P.M.Chen, B.D.Noble. When virtual is better than real. Proceedings of the 2001 Workshop on Hot Topics in Operating Systems (HotOS),2001
[95] T.Garfinkel, M.Rosenblum. A virtual machine introspection based architecture for intrusion detection. In Proceedings of the Internet Society's 2003 Symposium on Network and Distributed Systems Security, 2003:191-206
[96] X.Jiang, D.Xu, R.Eigenmann. Protection Mechanisms for Application Service Hosting Platforms. Proceedings of IEEE/ACM Int'l Symposiumon Cluster Computing and the Grid (CCGrid 2004), 2004
[97] G.Dunlap, S.King, et al. ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay. Proc. 5th OSDI, 2002.
[98] L.Cherkasova, D.Gupta, A.Vahdat. Comparison of the three CPU schedulers in Xen.SIGMETRICS Performance Evaluation Review, 2007,25(2):42--51
[99] K.J.Duda, D.R.Cheriton. Borrowed-Virtual-Timescheduling: supporting latency-sensitive threads in a general-purpose scheduler. Proceedings of the 17th ACM Symposium on Operating Systems Principles,1999
[100] C.L.Liu, J.W.Layland. Scheduling Algorithms for Multiprogramming in a Hard-Real-Time Environment.Journal of ACM,1973,20(1):46-61
[101] http://wiki.xensource.com/xenwiki/CreditScheduler, Credit-based Scheduler WebSite
[102] L.McVoy, C.Staelin. lmbench: Portable tools for performance analysis . In USENIX Annual Technical Conference, 1996:279-294
[103] http://sourceforge.net/projects/snare/, SNARE project Website
[104] http://project.honeynet.org/, honeynet Website
[105] Maurice J.Bach,译者:陈葆钰、王旭、柳纯录、冯雪山. UNIX操作系统设计.北京:北京大学出版社,1989
[106] S.Hand, T.Harris, E.Kotsovinos,et al. Controlling the xenoserver open platform. Proceedings of 2003 IEEE Conference of Open Architectures and Network Programming, 2003:3-11
[107]怀进鹏,李沁,胡春明.基于虚拟机的虚拟计算环境研究与设计.软件学报, 2007, 18(8): 2016-2026
[108] http://www.most.gov.cn/tztg/200704/t20070405_42562.htm,科学技术部. 863计划信息技术领域2007年度专题课题申请指南,2007
[109] S.Bhulail, S.Sivasubramanian, R.Mei,et al. Lecture Notes in Computer Science: Managing Traffic Performance in Converged Networks. Berlin / Heidelberg, GER: Springer, 2007, 4516: 519-532.
[110]黄文,谢寄石.基于J2EE的数据库连接服务.电子科技大学学报, 2002, 31(1): 67-71
[111] http://www.netperf.org/netperf/NetperfPage.html, The netperf benchmark Website
[112] http://www.tpc.org/information/other/techarticles.asp, TPC-W: Benchmarking Website
[113] http://cs.nyu.edu/totok/professional/software/tpcw/tpcw.html, NYU TPC-W Website
[114] http://www.xen.org/products/cloudxen.html, Xen Cloud Platform WebSite
[115]赵慧娟,王淑营,孙林夫.面向中小企业的信息化ASP服务平台的研究和应用.计算机集成制造系统,2004,10(11):260-264
[116]赵慧娟,唐慧佳,孙林夫.基于应用服务提供商的汽车产业链协同商务平台解决方案.计算机集成制造系统, 2006,12(5):1336-1343
[117] http://www.s0ftpj.org/en/tools.html, Kstat Website
[118] http://sourceforge.net/projects/stjude, Saint Jude Website
[2] J.E. Smith, R.Nair. Virtual Machines: Versatile Platforms for Systems and Processes.北京:电子工业出版社,2006
[3] K.Lawton, B.Denney, N.D.Guarneri, V.Ruppert, C.Bothamy. Bochs x86 PC Emulator User Manual. http://bochs.sourceforge.net/,2010
[4] R.P.Goldberg. Survey of virtual Machine Research. IEEE Computer, 1974,7(6):34-45
[5] VMware, Inc. VMware virtual machine technology. http://www.vmware.com,2010.
[6] Jay Munro. Virtual Machines and VMware. PC Magazine. 2001,12(21)
[7] Carl Waldspurger. Memory Resource Management in VMware ESX Server. Proceedings of the 5th Symposium on Operating Systems Design and Implementation(OSDI 2002),ACM SIGOPS Operating Systems Review,2002,Winter 2002 Special Issue: 181-194
[8] P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, A. Warfield. Xen and the art of virtualization. In Proceedings of the 19th ACM Symposium on Operating Systems Principles, October 2003, pages: 164-177
[9] The Xen project. http://www.cl.cam.ac.uk/Research/SRG/netos/xen/,2010
[10] The Xensource Company. http://www.xensource.com/,2010
[11] Microsoft. Microsoft virtual PC. http://www.microsoft.com/windows/virtual-pc/,2010
[12] J.Dike. A user-mode port of the linux kernel. Proceedings of the 4th annual Linux Showcase & Conference 2000,2000,4:7-7
[13] P.H.Kamp, R.N.M.Watson. Jails: Confining the Omnipotent root. Proceedings of the Second International SANME Conference, May 2000
[14] B.Venners. The lean, mean, virtual machine An introduction to the basic structure and functionalityof the Java Virtual Machine. Java World, 1996
[15] Microsoft. Common Language Infrastructure (CLI). Standard ECMA-335, 4th edition,2006
[16] R.J.Record, M.Hopkirk, S.Ginzburg. Linux emulation for SCO. In. Proceedings of the 1998 USENIX Annual Technical Conference,1998
[17] Qumranet Inc.KVM: Kernel-based Virtualization Driver White Paper. Qumranet Inc,2006
[18] D.Ung, C.Cifuentes. Machine-adaptable dynamic binary translation.ACM SIGPLAN Notices,2000,35(7):41-51
[19] N.Ramsey and C.Cifuentes. A transformational approach to binary translation of delayed branches.ACM Transactions on Programming Languages and Systems,2003,25(2):210-224
[20] C.Cifuentes, V.Malhotra. Binary Translation: Static, Dynamic, Retargetable?. Proceedings International Conference on Software Maintenance, IEEE-CS Press, 1996:340-349
[21] C.Cifuentes, K.John Gough.Decompilation of binary programs.Software—Practice & Experience,1995,25(7):811-829
[22] K.Ebcioglu. E.Altman. DAISY: dynamic compilation for 100% architectural compatibility. Research Report RC 20538, IBM TJ. Watson Research Center, Yorktown Heights, NY, 1996
[23] K.Ebcioglu, J.Fritts, S.Kosonocky. An Eight Issue Tree-VLIW Processor for Dynamic Binary Translation. Proceedings of the International Conference on Computer Design, 1998:488-495
[24] L.Baraz,T.Devor,et al. IA-32 Execution Layer: a two-phase dynamic translator designed to support IA-32 applications on Itanium?-based systems. Proceedings of the 36th annual IEEE/ACM International Symposium on Microarchitecture,2003:191-205
[25] A. Whitaker, M. Shaw, S. D. Gribble. Denali: Lightweight Virtual Machines for Distributed and Networked Applications. Technical Report 02-02-01, University of Washington, 2002
[26] A.Whitaker, M.Shaw, S.D. Gribble. Scale and performance in the Denali isolation kernel. SIGOPS, 2002,36(SI):195-209
[27] A.Whitaker, M.Shaw, S.D.Gribble. Denali: A Scalable Isolation Kernel. Proceedings of the Tenth ACM SIGOPS European Workshop, 2002
[28] A.Whitaker, R.S.Cox, M.Shaw, S.D. Gribble.Constructing Services with Interposable Virtual Hardware.Proceedings of the First Symposium on Networked Systems Design and Implementation (NSDI '04), 2004
[29] J.L.Vasseur, V.Uhlig, B.Leslie, M.Chapman, G.Heiser. Pre-Virtualization: Uniting Two Worlds.Proceedings of the twentieth ACM symposium on Operating systems principles,2005:1-2
[30] J.S.Robin, C.E.Irvine. Analysis of the Intel Pentium's ability to support a secure virtual machine monitor.In Proceedings of the 9th USENIX Security Symposium,2000:129-144
[31] K.Admas, O.Agesen. A comparison of software and hardware techniques for x86 virtualization.Proceedings of the 12th international conference on Architectural support for programming languages and operating systems,2006:2-13
[32] http://www.l4ka.org/, l4ka WebSite
[33] Intel Corporation. Virtualization Technology. Specification for the Intel Itanium Architecture (VT-i). Intel Corporation, 2005, Revision 2.0
[34] Intel Corporation. Intel 64 and IA-32 Architectures Software Developer's Manuals. Intel Corporation, 2006,Volume 3B
[35] Advanced Micro Devices Inc. AMD64 Virtualization Codenamed Pacifica Technology: Secure Virtual Machine Architecture Reference Manual. AMD Inc, 2005
[36] http://vcluster.sourceforge.net,VHPCE WebSite.
[37] http://code.google.com/p/ganeti/,Ganeti WebSite.
[38] K.Keahey, T.Freeman.Contextualization: Providing One-Click Virtual Clusters, eScience, 2008:301-308
[39] C.Hoffa, G. Mehta, T. Freeman, E. Deelman, K. Keahey, B. Berriman, J. Good. On the Use of Cloud Computing for Scientific Workflows, SWBES 2008, 2008:215-224
[40] K.Keahey, T.Freeman. Science Clouds: Early Experiences in Cloud Computing for Scientific Applications, Cloud Computing and Its Applications 2008 (CCA-08), 2008:8-17
[41] T.Freeman, K. Keahey. Flying Low: Simple Leases with Workspace Pilot, Euro-Par 2008, 2008:31-42
[42] B.Sotomayor,, K.Keahey, I.Foster. Combining Batch Execution and Leasing Using Virtual Machines, HPDC 2008.
[43] http://www.nimbusproject.org/, nimbus WebSite
[44] http://www.eucalyptus.com/, eucalyptus project WebSite
[45] http://www.opennebula.org/, opennebula project WebSite
[46] H.A.L.Cavilla, J.Whitney, A.Scannell, P.Patchin , S. M.Rumble. SnowFlock: Rapid Virtual Machine Cloning for Cloud Computing .3rd European Conference on Computer Systems (Eurosys), 2009
[47] H.A.L.Cavilla, E.D.Lara, M.Brudno, Philip Patchin. Adding the Easy Button to the Cloud with SnowFlock and MPI., 3rd Workshop on System-level Virtualization for High Performance Computing (HPCVirt 2009) , 2009:
[48] B.Cully, A.Warfield. SecondSite: Disaster Protection for the Common Server (HotDep 2006),2006:12-22
[49] http://www.osrg.net/kemari/, kemari project WebSite
[50] Y.Tamuro. Modernization of Kemari using HVM with PV Drivers, Xen Summit Asia (Tokyo) 2008
[51] Y.Tamuro. Kemari: VM Synchronization for Fault Tolerance Using DomT, Xen Summit Boston 2008
[52] D.Meyer, G.Aggarwal, B.Cully, G.Lefebvre, M.Feeley, N.Hutchinson. A.Warfield. Parallax: Virtual Disks for Virtual Machines (EuroSys 2008),2008:41-54
[53] B.Cully, G.Lefebvre, D.Meyer, M.Feeley, Norm Hutchinson. Remus: High Availability via Asynchronous Virtual Machine Replication. 5th USENIX Symposium on Networked. Systems Design and Implementation,2008 Proceedings: 161–174
[54] G.Lefebvre, B.Cully, D.Meyer, G.Aggarwal, G.Peng, M.Feeley, N.Hutchinson A.Warfield. The Difference Engine (Usenix 2007),2007:46-59
[55] www.xen.org/files/xensummitboston08/open-ovf-proposal.pdf, OVF Peoposal
[56] http://www.xen.org/products/xci.html, XCI WebSite
[57] http://www.zentific.com/, zentific WebSite
[58] http://www.convirture.com/, convirture WebSite
[59] http://isolated-exec.sourceforge.net/, Isolated Execution WebSite
[60] B.D.Payne, M.Carbone, W.Lee. Secure and Flexible Monitoring of Virtual Machines. Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual,2007:385-397
[61] http://doc.xenaccess.org/, XenAccess WebSite
[62] R.Sailer, E.Valdez, T.Jaeger,etc,al. sHype: Secure Hypervisor Approach to Trusted Virtualized Systems. IBM Research Report RC23511, 2005
[63] R.Sailer, T.Jaeger,etc,al. Building a MAC-based Security Architecture for the Xen Opensource Hypervisor. IBM Research Report RC23629, 2005
[64] http://domino.research.ibm.com/comm/research_projects.nsf/pages/ssd_vtpm.index.html, VTPM WebSite
[65]石文昌.安全操作系统研究的发展.计算机科学,2002,29(6,7)
[66] P.Loscocco, S.Smalley. Integrating flexible support for security policies into the Linuxoperating system. Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, 2001:29-42
[67] P.Loscocco, S.Smalley. Meeting critical security objectives with Security-Enhanced Linux. Proceedings of the 2001 Ottawa Linux Symposium, 2001:115-134
[68]毛德操、胡希明. Linux内核源代码情景分析.杭州:浙江大学出版社, 2001
[69] http://www.packetstormsecurity.org, Adore Website
[70] http://www.sans.org/resources/idfaq/knark.php, Knark Website
[71] http://www.tripwire.com, Tripwire Website
[72] http://www.la-samhna.de/library/rootkits/list.html, Suckit Website
[73] http://www.frameip.com/firewall/kinsmod.php, Kinsmod Website
[74] http://www.nsa.gov/selinux/, SELinux Website
[75]谢华刚.安全Linux内核.“十五”863 Linux及相关软件发展研讨会发言文集,共创软件联盟主办,北京,2001
[76]石文昌,孙玉芳.论引用监控机等若干关键计算机安全思想.小型微型计算机系统2001,22(6): 675-678
[77] J.P.Anderson. Computer security planning study. Air Force Electronic System Division, Technical Report 1972:73-51
[78] S.Govindan, A.Nath, A.Das, B.Urgaonkar, A.Sivasubramaniam. Xen and Co: Communication- aware CPU Scheduling for Consolidated Xen-based Hosting Platforms. Proceedings of The Third International ACM SIGPLAN/SIGOPS Conference on Virtual Execution Environments (VEE) , 2007:126-136
[79] A. Menon, A.Cox, W.Zwaenepoel. Optimizing Network Virtualization in Xen. Proceedings of the annual conference on USENIX Annual Technical Conference, 2006:15–28
[80] L.Cherkasova, R.Gardner. Measuring CPU Overhead for IO Processing in the Xen Virtual Machine Monitor. Proceedings of the annual conference on USENIX Annual Technical Conference, 2005:387-390
[81] A.Menon, J.Santos, Y.Turner, et al. Diagnosing performance overheads in the xen virtual machine environment. Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments, 2005:13-23
[82]梅宏,陈锋,冯耀东,杨杰.ABC:基于软件体系结构、面向构件的软件开发方法.软件学报, 2003,14(4):721-732
[83] R.Allen, D.Garlan. A formal basis for architectural connection. ACM TOSEM archive 1997, 6(3): 213-249
[84] N.Medvidovic, N.R.Taylor. A Classification and Comparison Framework for Software Architecture Description Languages. IEEE Transactions on Software Engineering, 2000, 26 (1):70-93
[85] C.Hoare. Communicating Sequential Processes. NewYork: Prentice-Hall,1991
[86] C.Hoare (著),周巢尘(译).通信顺序进程.北京:北京大学出版社,1990
[87] J.M.R.Martin. The Design and Construction of Deadlock-Free Concurrent Systems. PhD thesis. University of Buckingham,MK18 1EG,UK,1996.
[88] I.East, J.Martin, P.Welch, D.Duce, M.Green. Prioritised Service Architecture Communicating Process Architecture 2004. IOS Press, 2004
[89] K.Fraser, S.Hand, R.Neugebauer, I.Pratt, A.Warfield, M.Williamson. Reconstructing I/O. Technical Report No 596, 2004
[90] http://www.iozone.org/,IOzone Filesystem Benchmark WebSite
[91] S.T. King, P. M. Chen. Backtracking intrusions. ACM Transactions on Computer Systems (TOCS) archive 2005,23(11): 51-76
[92] S.A. Hofmeyr, S.Forrest, A.Somayaji. Intrusion Detection using Sequences of System Calls. Journal of Computer Security, 1990,6:151-180
[93] Y.Liao, V.R.Vemuri. Using Text CategorizationTechniques for IntrusionDetection. Proceedings of the 11th Usenix Security Symposium,2002
[94] P.M.Chen, B.D.Noble. When virtual is better than real. Proceedings of the 2001 Workshop on Hot Topics in Operating Systems (HotOS),2001
[95] T.Garfinkel, M.Rosenblum. A virtual machine introspection based architecture for intrusion detection. In Proceedings of the Internet Society's 2003 Symposium on Network and Distributed Systems Security, 2003:191-206
[96] X.Jiang, D.Xu, R.Eigenmann. Protection Mechanisms for Application Service Hosting Platforms. Proceedings of IEEE/ACM Int'l Symposiumon Cluster Computing and the Grid (CCGrid 2004), 2004
[97] G.Dunlap, S.King, et al. ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay. Proc. 5th OSDI, 2002.
[98] L.Cherkasova, D.Gupta, A.Vahdat. Comparison of the three CPU schedulers in Xen.SIGMETRICS Performance Evaluation Review, 2007,25(2):42--51
[99] K.J.Duda, D.R.Cheriton. Borrowed-Virtual-Timescheduling: supporting latency-sensitive threads in a general-purpose scheduler. Proceedings of the 17th ACM Symposium on Operating Systems Principles,1999
[100] C.L.Liu, J.W.Layland. Scheduling Algorithms for Multiprogramming in a Hard-Real-Time Environment.Journal of ACM,1973,20(1):46-61
[101] http://wiki.xensource.com/xenwiki/CreditScheduler, Credit-based Scheduler WebSite
[102] L.McVoy, C.Staelin. lmbench: Portable tools for performance analysis . In USENIX Annual Technical Conference, 1996:279-294
[103] http://sourceforge.net/projects/snare/, SNARE project Website
[104] http://project.honeynet.org/, honeynet Website
[105] Maurice J.Bach,译者:陈葆钰、王旭、柳纯录、冯雪山. UNIX操作系统设计.北京:北京大学出版社,1989
[106] S.Hand, T.Harris, E.Kotsovinos,et al. Controlling the xenoserver open platform. Proceedings of 2003 IEEE Conference of Open Architectures and Network Programming, 2003:3-11
[107]怀进鹏,李沁,胡春明.基于虚拟机的虚拟计算环境研究与设计.软件学报, 2007, 18(8): 2016-2026
[108] http://www.most.gov.cn/tztg/200704/t20070405_42562.htm,科学技术部. 863计划信息技术领域2007年度专题课题申请指南,2007
[109] S.Bhulail, S.Sivasubramanian, R.Mei,et al. Lecture Notes in Computer Science: Managing Traffic Performance in Converged Networks. Berlin / Heidelberg, GER: Springer, 2007, 4516: 519-532.
[110]黄文,谢寄石.基于J2EE的数据库连接服务.电子科技大学学报, 2002, 31(1): 67-71
[111] http://www.netperf.org/netperf/NetperfPage.html, The netperf benchmark Website
[112] http://www.tpc.org/information/other/techarticles.asp, TPC-W: Benchmarking Website
[113] http://cs.nyu.edu/totok/professional/software/tpcw/tpcw.html, NYU TPC-W Website
[114] http://www.xen.org/products/cloudxen.html, Xen Cloud Platform WebSite
[115]赵慧娟,王淑营,孙林夫.面向中小企业的信息化ASP服务平台的研究和应用.计算机集成制造系统,2004,10(11):260-264
[116]赵慧娟,唐慧佳,孙林夫.基于应用服务提供商的汽车产业链协同商务平台解决方案.计算机集成制造系统, 2006,12(5):1336-1343
[117] http://www.s0ftpj.org/en/tools.html, Kstat Website
[118] http://sourceforge.net/projects/stjude, Saint Jude Website