28 resultados para Xen
Resumo:
在以Xen为代表的虚拟平台上,引入可信计算技术可以为其构建可信计算环境,有效增强其安全。然而由于虚拟平台支持多个虚拟机系统运行的特点,致使可信计算技术无法直接为其可信计算环境构建提供支持。本文在引入TPM的Xen可信虚拟平台上研究其可信计算环境构建,首先分析了TCG信任链模型的不足,在其基础上提出了基于信任度的信任链模型,完善了原有模型的信任表述能力;紧接着将该模型扩展至可信虚拟平台,对其信任构建问题进行了探讨提出了一种信任树的信任构建方法;然后分析了可信虚拟平台数据封装存在的问题,并给出了可行的封装解决方案;最后实现了可信虚拟平台信任系统建立Xen平台可信计算环境。本文主要取得了以下几个方面的成果: 1、针对TCG信任链模型中完整性度量无法全面反映实体运行状况和无法表述信任传递损失的缺陷,提出了一种基于信任度的信任链模型,该模型丰富了可信计算的信任链理论知识,对信任链模型扩展研究具有一定的指导价值。 2、在基于信任度的信任链模型基础上,针对可信虚拟平台多系统运行的特点,提出了基于信任树的可信虚拟平台信任构建方法,该方法符合可信虚拟平台运行的安全需求,为可信虚拟平台可信计算环境构建奠定了基础。 3、提出了一种TPM支持的多级属性封装方案,该方案实现了TPM对所有虚拟机系统数据的属性封装,同时还对属性进行了分级扩展,基于属性的安全级别实施解封,增强了属性封装的灵活性,更有效的保证了可信虚拟平台上的数据安全。 4、针对可信虚拟平台上的数据使用需求,提出了一种按需属性封装方案,该方案不仅实现了数据与任意组件属性的封装,还保障了封装数据在不同虚拟机中的正常解封,增强了封装数据的可用性,充分满足了可信虚拟平台上敏感数据封装和共享的安全要求。 总的说来,本文的研究成果为虚拟技术的应用提供了安全支撑,并且为可信计算的相关研究提供了借鉴。
Resumo:
O documento descreve o processo de instalação de ambientes virtuais para servidores, utilizando o hypervisor Xen e tendo-se um sistema Linux Ubuntu (Lucid release) como Dom0. Descreve-se o processo de instalação do Xen 3.3 e 4.0 e também a instalação de hóspedes HVM (totalmente virtualizados) e PV (paravirtualizados). São apresentados também alguns testes comparando o desempenho de sistemas rodando em máquinas reais e em máquinas virtuais.
Resumo:
El sistema operativo FreeBSD soporta distintos modos de virtualización sobre la plataforma Xen. Cada uno usa una técnicas de virtualización distinta, logrando mayor o menor integración con el hipervisor. Actualmente, están soportados en FreeBSD el modo paravirtualizado, virtualizado asistido por hardware y modos híbridos. Este trabajo consiste fundamentalmente en un estudio práctico de los distintos modos de virtualización Xen soportados en FreeBSD, basándose en pruebas de sintéticas de rendimiento. Se incluye una comparativa con gráficas de los resultados obtenidos mediante un sistema de pruebas automáticas desarrollado en shell script y R. ABSTRACT. The FreeBSD operative system supports several virtualization modes when used over the Xen platform. Each mode uses a different virtualization technique, achieving different level of integration with the hypervisor. Current supported modes on FreeBSD are paravirtualized mode, hardware virtualization assisted and hybrid modes. This work is a survey on FreeBSD virtualization over Xen, focused on performance by benchmark testing all supported virtual machine implementations. The study includes a comparative of the measured test results performed by an automatic testing tool developed on shell and R script.
Resumo:
The impact of environmental pollution on the homeostasis of sea turtles remains scarce, particularly in the southern Gulf of Mexico. As many municipalities do not rely on a waste treatment plant along the coastline of the Yucatan Peninsula, the vulnerability of these specimens could results enhanced. We searched for relationships between presence of organochlorine pesticides (OCP) and the level of several oxidative and pollutant stress indicators of the hawksbill sea turtle (Eretmochelys imbricata) during the egg-laying period 2010 at Punta Xen (Campeche, Mexico). Endosulfans, aldrin related (aldrin, endrin, dieldrin, endrin ketone, endrin aldehyde) and dichlorodiphenyldichloroethylene (DDT) families were detected in 17, 21 and 26 of the 30 sampled sea turtles, respectively. Significant correlation existed between the size of sea turtles with the concentration of methoxychlor, cholinesterase activity in plasma and heptachlors family, and catalase activity and hexachlorohexane family. Cholinesterase activity in washed erythrocytes and lipid peroxidation were positively correlated with glutathione reductase activity. Antioxidant enzyme actions seem adequate as no lipids damages were correlated with any OCPs. Future studies are necessary to evaluate the effect of OCPs on males of the area because of the significant detection of methoxychlor that target endocrine functioning and increase its concentration with size of the sea turtles.
Resumo:
This research project was a case study for managing and innovating an interdisciplinary practice: specifically across music, performance and contemporary art. Key works included painting/sound/video installation, experimental performance, electronic pop music, music video and electronic pop music performance. An idiosyncratic and transformative use of colour emerged as an underlying theme and strategy for cohesion. The project offers strategies for the challenges of interdisciplinary practice specifically addressing the limitations related to institutionalised value systems, aesthetic traditions and disciplinary languages.
Resumo:
The prevalent virtualization technologies provide QoS support within the software layers of the virtual machine monitor(VMM) or the operating system of the virtual machine(VM). The QoS features are mostly provided as extensions to the existing software used for accessing the I/O device because of which the applications sharing the I/O device experience loss of performance due to crosstalk effects or usable bandwidth. In this paper we examine the NIC sharing effects across VMs on a Xen virtualized server and present an alternate paradigm that improves the shared bandwidth and reduces the crosstalk effect on the VMs. We implement the proposed hardwaresoftware changes in a layered queuing network (LQN) model and use simulation techniques to evaluate the architecture. We find that simple changes in the device architecture and associated system software lead to application throughput improvement of up to 60%. The architecture also enables finer QoS controls at device level and increases the scalability of device sharing across multiple virtual machines. We find that the performance improvement derived using LQN model is comparable to that reported by similar but real implementations.
Resumo:
Realization of cloud computing has been possible due to availability of virtualization technologies on commodity platforms. Measuring resource usage on the virtualized servers is difficult because of the fact that the performance counters used for resource accounting are not virtualized. Hence, many of the prevalent virtualization technologies like Xen, VMware, KVM etc., use host specific CPU usage monitoring, which is coarse grained. In this paper, we present a performance monitoring tool for KVM based virtualized machines, which measures the CPU overhead incurred by the hypervisor on behalf of the virtual machine along-with the CPU usage of virtual machine itself. This fine-grained resource usage information, provided by the above tool, can be used for diverse situations like resource provisioning to support performance associated QoS requirements, identification of bottlenecks during VM placements, resource profiling of applications in cloud environments, etc. We demonstrate a use case of this tool by measuring the performance of web-servers hosted on a KVM based virtualized server.
Resumo:
O objetivo desta dissertação é avaliar o desempenho de ambientes virtuais de roteamento construídos sobre máquinas x86 e dispositivos de rede existentes na Internet atual. Entre as plataformas de virtualização mais utilizadas, deseja-se identificar quem melhor atende aos requisitos de um ambiente virtual de roteamento para permitir a programação do núcleo de redes de produção. As plataformas de virtualização Xen e KVM foram instaladas em servidores x86 modernos de grande capacidade, e comparadas quanto a eficiência, flexibilidade e capacidade de isolamento entre as redes, que são os requisitos para o bom desempenho de uma rede virtual. Os resultados obtidos nos testes mostram que, apesar de ser uma plataforma de virtualização completa, o KVM possui desempenho melhor que o do Xen no encaminhamento e roteamento de pacotes, quando o VIRTIO é utilizado. Além disso, apenas o Xen apresentou problemas de isolamento entre redes virtuais. Também avaliamos o efeito da arquitetura NUMA, muito comum em servidores x86 modernos, sobre o desempenho das VMs quando muita memória e núcleos de processamento são alocados nelas. A análise dos resultados mostra que o desempenho das operações de Entrada e Saída (E/S) de rede pode ser comprometido, caso as quantidades de memória e CPU virtuais alocadas para a VM não respeitem o tamanho dos nós NUMA existentes no hardware. Por último, estudamos o OpenFlow. Ele permite que redes sejam segmentadas em roteadores, comutadores e em máquinas x86 para que ambientes virtuais de roteamento com lógicas de encaminhamento diferentes possam ser criados. Verificamos que ao ser instalado com o Xen e com o KVM, ele possibilita a migração de redes virtuais entre diferentes nós físicos, sem que ocorram interrupções nos fluxos de dados, além de permitir que o desempenho do encaminhamento de pacotes nas redes virtuais criadas seja aumentado. Assim, foi possível programar o núcleo da rede para implementar alternativas ao protocolo IP.
Resumo:
当今随着计算系统资源和规模不断扩展,计算系统的虚拟化作为一种新型的计算模式,成为了研究热点。相对于传统的计算机架构,虚拟化计算系统在很多方面具有优势。在基于虚拟机架构的监控模型中,位于虚拟机监控器(Virtual Machine Monitor, VMM)中的监测模块获得比客户机内核更高的权限,并且对于客户机而言完全透明。所以相对与在传统操作系统环境中的监控模型,基于虚拟化架构可以对客户机操作系统进行更深入的监测。 Xen 是一个开放源代码的 VMM,由剑桥大学开发。由于其开源性质,非常适合在其基础上进行虚拟化的研究和开发。本文调研了Xen 的体系架构,以及 Xen 对 Intel 的 VT硬件虚拟化技术的支持。并研究了 Xen 的几种对客户机的内存管理方式,着重介绍了使用影子页表管理全虚拟化客户机内存的方法。 本文主要贡献是通过对上述知识的学习和分析,设计了基于Xen 虚拟机架构,对全虚拟化客户机操作系统的监控框架。并在这一框架基础上,利用对x86虚拟内存管理的页表属性控制,实现了对客户机 Windows 中指定进程的几种行为的监控实例 CASMonitor。包括通过影响 SYSENTER 指令的执行,监控Windows 中的系统调用;通过捕获虚拟机中进程对指定范围内存的写和执行操作,提供了一种可以监测程序自修改代码的技术,并能获取相关信息以对其进行后续分析处理。相对于现有的自修改代码监测技术,CASMonitor利用虚拟机架构可以实现动态,透明并且自动地监测。 关键词:虚拟化,Xen,自修改代码,监控
Resumo:
随着虚拟机架构的日渐流行,虚拟机平台的安全性越来越重要。研究虚拟机平台下的系统攻击和防范技术,对于化解系统面临的安全威胁,保障系统的安全运行具有十分重要的意义。 本文以开源的虚拟机系统 Xen 为研究对象,分别研究了针对虚拟机监控器(VMM)和客户机的攻击与防范技术。 对于虚拟机监控器, 本文分析了一个利用DMA技术攻击VMM的恶意程序,并讨论了使用 IOMMU防范该类型攻击的方法。 对于客户机,本文分析了内核 Rootkit 的常见攻击技术,并给出了一个虚拟机架构下防范 Rootkit的方法。 该方法通过写保护来保证内核关键资源的完整性,并通过 Xen对页表的保护来确保写保护的有效性。在 2.6 版本的Linux上进行的实验表明,该方法能够有效防止多种Rootkit的攻击。
Resumo:
In this work a study of damage production in gallium nitride via elastic collision process (nuclear energy deposition) and inelastic collision process (electronic energy deposition) using various heavy ions is presented. Ordinary low-energy heavy ions (Fe+ and Mo+ ions of 110 keV), swift heavy ions (Pb-208(27+) ions of 1.1 MeV/u) and slow highly-charged heavy ions (Xen+ ions of 180 keV) were employed in the irradiation. Damage accumulation in the GaN crystal films as a function of ion fluence and temperature was studied with RBS-channeling technique, Raman scattering technique, scanning electron microscopy (SEM) and transmission electron microscopy (TEM). For ordinary low-energy heavy ion irradiation, the temperature dependence of damage production is moderate up to about 413 K resulting in amorphization of the damaged layer. Enhanced dynamic annealing of defects dominates at higher temperatures. Correlation of amorphization with material decomposition and nitrogen bubble formation was found. In the irradiation of swift heavy ions, rapid damage accumulation and efficient erosion of the irradiated layer occur at a rather low value of electronic energy deposition (about 1.3 keV/nm(3)),. which also varies with irradiation temperature. In the irradiation of slow highly-charged heavy ions (SHCI), enhanced amorphization and surface erosion due to potential energy deposition of SHCI was found. It is indicated that damage production in GaN is remarkably more sensitive to electronic energy loss via excitation and ionization than to nuclear energy loss via elastic collisions.
Resumo:
为了研究低速高电荷态离子在C60薄膜中引起的势效应,用能量为200keV的高电荷态Xen+(n=3,10,13,15,17,20,22,23)离子辐照了C60薄膜。用原子力显微镜(AFM)和Raman散射技术分析了辐照过程中高电荷态Xen+离子所储存势能在C60薄膜中引起的效应,即势效应。AFM分析结果表明,辐照C60薄膜的表面粗糙度随辐照Xen+离子电荷态(即势能)的增加而减小,揭示了势效应的存在。而Raman分析结果表明,由于Xe离子的动能远大于其所储存的势能,因此,尽管有表面势效应的影响,但在Raman分析的深度范围内,弹性碰撞还是主导了C60薄膜的损伤过程。
Resumo:
Cloud computing is a technological advancementthat provide resources through internet on pay-as-you-go basis.Cloud computing uses virtualisation technology to enhance theefficiency and effectiveness of its advantages. Virtualisation isthe key to consolidate the computing resources to run multiple instances on each hardware, increasing the utilization rate of every resource, thus reduces the number of resources needed to buy, rack, power, cool, and manage. Cloud computing has very appealing features, however, lots of enterprises and users are still reluctant to move into cloud due to serious security concerns related to virtualisation layer. Thus, it is foremost important to secure the virtual environment.In this paper, we present an elastic framework to secure virtualised environment for trusted cloud computing called Server Virtualisation Security System (SVSS). SVSS provide security solutions located on hyper visor for Virtual Machines by deploying malicious activity detection techniques, network traffic analysis techniques, and system resource utilization analysis techniques.SVSS consists of four modules: Anti-Virus Control Module,Traffic Behavior Monitoring Module, Malicious Activity Detection Module and Virtualisation Security Management Module.A SVSS prototype has been deployed to validate its feasibility,efficiency and accuracy on Xen virtualised environment.
Resumo:
While virtualisation can provide many benefits to a networks infrastructure, securing the virtualised environment is a big challenge. The security of a fully virtualised solution is dependent on the security of each of its underlying components, such as the hypervisor, guest operating systems and storage.
This paper presents a single security service running on the hypervisor that could potentially work to provide security service to all virtual machines running on the system. This paper presents a hypervisor hosted framework which performs specialised security tasks for all underlying virtual machines to protect against any malicious attacks by passively analysing the network traffic of VMs. This framework has been implemented using Xen Server and has been evaluated by detecting a Zeus Server setup and infected clients, distributed over a number of virtual machines. This framework is capable of detecting and identifying all infected VMs with no false positive or false negative detection.
