Institute of Computing Technology, Chinese Academy IR
| S2H: Hypervisor as a setter within Virtualized Network I/O for VM isolation on cloud platform | |
| Yang, Ye1,2,3; Jiang, Haiyang1; Zhang, Guangxing1; Wang, Xin4; Lv, Yilong5; Li, Xing5; Fdida, Serge3; Xie, Gaogang2,6 | |
| 2021-12-24 | |
| 发表期刊 | COMPUTER NETWORKS
 |
| ISSN | 1389-1286 |
| 卷号 | 201页码:13 |
| 摘要 | Virtualized Network I/O (VNIO) plays a key role in providing the network connectivity to cloud services, as it delivers packets for Virtual Machines (VMs). Existing para-virtualized solutions accelerate the virtual Switch (vSwitch) data transfer via memory-sharing mechanism, that unfortunately impairs the memory isolation barrier among VMs. In this paper, we categorize existing para-virtualized solutions into two types: VM to vSwitch (V2S) and vSwitch to VM (S2V), according to the memory-sharing strategy. We then analyze their individual VM isolation issues, that is, a malicious VM may access other ones' data by exploiting the shared memory. To solve this issue, we propose a new S2H memory sharing scheme, which shares the I/O memory from vSwitch to Hypervisor. The S2H scheme can guarantee both VM isolation and network performance as the hypervisor acts as a "setter'' between VM and vSwitch for packet delivery. To show that S2H can be implemented easily and efficiently, we implement the prototype based on the de-facto para-virtualization standard vHost-User solution. Extensive experimental results show that S2H not only guarantees the isolation but also holds the comparable throughput with the same CPU cores configured, when comparing with the native vHost-User solution. |
| 关键词 | Virtualized network I/O Memory isolation Memory-sharing mechanism Cloud platform |
| DOI | 10.1016/j.comnet.2021.108577 |
| 收录类别 | SCI |
| 语种 | 英语 |
| 资助项目 | National Key R&D Program of China[2019YFB1802800] ; National Natural Science Foundation of China[61725206] ; Alibaba Group through Alibaba Innovative Research (AIR) Program |
| WOS研究方向 | Computer Science ; Engineering ; Telecommunications |
| WOS类目 | Computer Science, Hardware & Architecture ; Computer Science, Information Systems ; Engineering, Electrical & Electronic ; Telecommunications |
| WOS记录号 | WOS:000759699300019 |
| 出版者 | ELSEVIER |
| 引用统计 | |
| 文献类型 | 期刊论文 |
| 条目标识符 | http://119.78.100.204/handle/2XEOYT63/18975 |
| 专题 | 中国科学院计算技术研究所期刊论文_英文 |
| 通讯作者 | Yang, Ye |
| 作者单位 | 1.Chinese Acad Sci, Inst Comp Technol, Beijing 100190, Peoples R China 2.Univ Chinese Acad Sci, Beijing 100049, Peoples R China 3.Sorbonne Univ, Lab LIP6, F-75006 Paris, France 4.SUNY Stony Brook, Dept Elect & Comp Engn, Stony Brook, NY 11794 USA 5.Alibaba Grp, Hangzhou 311121, Peoples R China 6.Chinese Acad Sci, Comp Network Informat Ctr, Beijing 100190, Peoples R China |
| 推荐引用方式 GB/T 7714 | Yang, Ye,Jiang, Haiyang,Zhang, Guangxing,et al. S2H: Hypervisor as a setter within Virtualized Network I/O for VM isolation on cloud platform[J]. COMPUTER NETWORKS,2021,201:13. |
| APA | Yang, Ye.,Jiang, Haiyang.,Zhang, Guangxing.,Wang, Xin.,Lv, Yilong.,...&Xie, Gaogang.(2021).S2H: Hypervisor as a setter within Virtualized Network I/O for VM isolation on cloud platform.COMPUTER NETWORKS,201,13. |
| MLA | Yang, Ye,et al."S2H: Hypervisor as a setter within Virtualized Network I/O for VM isolation on cloud platform".COMPUTER NETWORKS 201(2021):13. |
| 条目包含的文件 | 条目无相关文件。 | |||||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论