S2H: Hypervisor as a setter within Virtualized Network I/O for VM isolation on cloud platform
文献类型:期刊论文
| 作者 | Yang, Ye2,3,4; Jiang, Haiyang2; Zhang, Guangxing2; Wang, Xin5; Lv, Yilong6; Li, Xing6; Fdida, Serge4; Xie, Gaogang1,3 |
| 刊名 | COMPUTER NETWORKS
 |
| 出版日期 | 2021-12-24 |
| 卷号 | 201页码:13 |
| 关键词 | Virtualized network I/O Memory isolation Memory-sharing mechanism Cloud platform |
| ISSN号 | 1389-1286 |
| DOI | 10.1016/j.comnet.2021.108577 |
| 英文摘要 | Virtualized Network I/O (VNIO) plays a key role in providing the network connectivity to cloud services, as it delivers packets for Virtual Machines (VMs). Existing para-virtualized solutions accelerate the virtual Switch (vSwitch) data transfer via memory-sharing mechanism, that unfortunately impairs the memory isolation barrier among VMs. In this paper, we categorize existing para-virtualized solutions into two types: VM to vSwitch (V2S) and vSwitch to VM (S2V), according to the memory-sharing strategy. We then analyze their individual VM isolation issues, that is, a malicious VM may access other ones' data by exploiting the shared memory. To solve this issue, we propose a new S2H memory sharing scheme, which shares the I/O memory from vSwitch to Hypervisor. The S2H scheme can guarantee both VM isolation and network performance as the hypervisor acts as a "setter'' between VM and vSwitch for packet delivery. To show that S2H can be implemented easily and efficiently, we implement the prototype based on the de-facto para-virtualization standard vHost-User solution. Extensive experimental results show that S2H not only guarantees the isolation but also holds the comparable throughput with the same CPU cores configured, when comparing with the native vHost-User solution. |
| 资助项目 | National Key R&D Program of China[2019YFB1802800] ; National Natural Science Foundation of China[61725206] ; Alibaba Group through Alibaba Innovative Research (AIR) Program |
| WOS研究方向 | Computer Science ; Engineering ; Telecommunications |
| 语种 | 英语 |
| WOS记录号 | WOS:000759699300019 |
| 出版者 | ELSEVIER |
| 源URL | [http://119.78.100.204/handle/2XEOYT63/18974]  |
| 专题 | 中国科学院计算技术研究所期刊论文_英文 |
| 通讯作者 | Yang, Ye |
| 作者单位 | 1.Chinese Acad Sci, Comp Network Informat Ctr, Beijing 100190, Peoples R China 2.Chinese Acad Sci, Inst Comp Technol, Beijing 100190, Peoples R China 3.Univ Chinese Acad Sci, Beijing 100049, Peoples R China 4.Sorbonne Univ, Lab LIP6, F-75006 Paris, France 5.SUNY Stony Brook, Dept Elect & Comp Engn, Stony Brook, NY 11794 USA 6.Alibaba Grp, Hangzhou 311121, Peoples R China |
| 推荐引用方式 GB/T 7714 | Yang, Ye,Jiang, Haiyang,Zhang, Guangxing,et al. S2H: Hypervisor as a setter within Virtualized Network I/O for VM isolation on cloud platform[J]. COMPUTER NETWORKS,2021,201:13. |
| APA | Yang, Ye.,Jiang, Haiyang.,Zhang, Guangxing.,Wang, Xin.,Lv, Yilong.,...&Xie, Gaogang.(2021).S2H: Hypervisor as a setter within Virtualized Network I/O for VM isolation on cloud platform.COMPUTER NETWORKS,201,13. |
| MLA | Yang, Ye,et al."S2H: Hypervisor as a setter within Virtualized Network I/O for VM isolation on cloud platform".COMPUTER NETWORKS 201(2021):13. |
入库方式: OAI收割
来源:计算技术研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。