Abstract: Gathering and processing sensitive data is a difficult task. In fact, there is no common recipe for building the necessary information systems. In this paper, we present a provably secure and efficient general-purpose computation system to address this problem. Our solution-- Sharemind --is a virtual machine for privacy-preserving data processing that relies on share computing techniques. This is a standard way for securely evaluating functions in a multi-party computation environment. The novelty of our solution is in the choice of the secret sharing scheme and the design of the protocol suite. We have made many practical decisions to make large-scale share computing feasible in practice. The protocols of Sharemind are information-theoretically secure in the honest-but-curious model with three computing participants. Although the honest-but-curious model does not tolerate malicious participants, it still provides significantly increased privacy preservation when compared to standard centralised databases.

Abstract: Allowing applications to survive hardware failure is an expensive undertaking, which generally involves reengineering software to include complicated recovery logic as well as deploying special-purpose hardware; this represents a severe barrier to improving the dependability of large or legacy applications. We describe the construction of a general and transparent high availability service that allows existing, unmodified software to be protected from the failure of the physical machine on which it runs. Remus provides an extremely high degree of fault tolerance, to the point that a running system can transparently continue execution on an alternate physical host in the face of failure with only seconds of downtime, while completely preserving host state such as active network connections. Our approach encapsulates protected software in a virtual machine, asynchronously propagates changed state to a backup host at frequencies as high as forty times a second, and uses speculative execution to concurrently run the active VM slightly ahead of the replicated system state.

Abstract: The integration of the human brain with computers is an interesting new area of applied neuroscience, where one application is replacement of a person’s real body by a virtual representation. Here we demonstrate that a virtual limb can be made to feel part of your body if appropriate multisensory correlations are provided. We report an illusion that is invoked through tactile stimulation on a person’s hidden real right hand with synchronous virtual visual stimulation on an aligned 3D stereo virtual arm projecting horizontally out of their shoulder. An experiment with 21 male participants showed displacement of ownership towards the virtual hand, as illustrated by questionnaire responses and proprioceptive drift. A control experiment with asynchronous tapping was carried out with a different set of 20 male participants who did not experience the illusion. After 5 minutes of stimulation the virtual arm rotated. Evidence suggests that the extent of the illusion was also correlated with the degree of muscle activity onset in the right arm as measured by EMG during this period that the arm was rotating, for the synchronous but not the asynchronous condition. A completely virtual object can therefore be experienced as part of one’s self, which opens up the possibility that an entire virtual body could be felt as one’s own in future virtual reality applications or online games, and be an invaluable tool for the understanding of the brain mechanisms underlying body ownership.

Abstract: Commodity operating systems entrusted with securing sensitive data are remarkably large and complex, and consequently, frequently prone to compromise. To address this limitation, we introduce a virtual-machine-based system called Overshadow that protects the privacy and integrity of application data, even in the event of a total OScompromise. Overshadow presents an application with a normal view of its resources, but the OS with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Thus, Overshadow offers a last line of defense for application data.Overshadow builds on multi-shadowing, a novel mechanism that presents different views of "physical" memory, depending on the context performing the access. This primitive offers an additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processor architectures.We present the design and implementation of Overshadow and show how its new protection semantics can be integrated with existing systems. Our design has been fully implemented and used to protect a wide range of unmodified legacy applications running on an unmodified Linux operating system. We evaluate the performance of our implementation, demonstrating that this approach is practical.

Abstract: A cloud management system can be configured to monitor and allocate resources of a cloud computing environment. The cloud management system can be configured to receive a request to instantiate a virtual machine. In order to instantiate the virtual machine, the cloud management system can be configured to determine the current resource usage and available resources of the cloud in order to allocate resources to the requested virtual machine. The cloud management system can be configured to scale the resources of the cloud in the event that resources are not available for a requested virtual machine.

Abstract: A cloud marketplace system can be configured to communicate with multiple cloud computing environments in order to ascertain the details for the resources and services provided by the cloud computing environments for optimizing resources utilized by virtual machines. The cloud marketplace system can be configured to determine the resource and service data for the cloud computing environments and select a set of resource servers for instantiating the virtual machines based specifications of the virtual machines and parameters of the instantiation. The cloud marketplace system can be configured to periodically monitor the cloud's resources and migrate the virtual machines if resources become available that more closely match the parameters of the virtual machines.

Abstract: Techniques are described for configuring intercommunications between multiple computing nodes, such as multiple virtual machine nodes hosted on one or more physical computing machines or systems. In some situations, virtual networks may be established and maintained for groups of computing nodes, such as those operated by or on behalf of various users. Such virtual networks may be established in some situations by automatically configuring various communication manager modules to associate communications from a computing node belonging to a virtual network with one or more networking identifiers associated with the virtual network, such that other communication manager modules may appropriately forward or otherwise process such communications.

Abstract: Execution replay of virtual machines is a technique which has many important applications, including debugging, fault-tolerance, and security. Execution replay for single processor virtual machines is well-understood, and available commercially. With the advancement of multi-core architectures, however, multiprocessor virtual machines are becoming more important. Our system, SMP-ReVirt, is the first system to log and replay a multiprocessor virtual machine on commodity hardware. We use hardware page protection to detect and accurately replay sharing between virtual cpus of a multi-cpu virtual machine, allowing us to replay the entire operating system and all applications. We have tested our system on a variety of workloads, and find that although sharing under SMP-ReVirt is expensive, for many workloads and applications, including debugging, the overhead is acceptable.

Abstract: A virtualized platform includes a virtual switch connected to the virtual network interface cards (vNICs) for a group of virtual machines running the same application program that is associated with multiple software ports. A module in the virtualized platform monitors the virtual switch's receipt of a network packet that includes control information relating to the application program and its software ports. The module applies a load balancing algorithm to select a vNIC from the vNICs connected or connectable to the virtual switch, based on the rate of processing of previous network packets by each the vNICs (e.g., as measured by the size of a network packet queue). The module might also apply the load balancing algorithm to select a software port for the application. The module then causes the virtual switch to route the network packet to the selected vNIC and software port.

Abstract: A virtual machine management/monitoring service can be configured to automatically monitor and implement user-defined (e.g., administrator-defined) configuration policies with respect to virtual machine and application resource utilization. In one implementation, the monitoring service can be extended to provide user-customized alerts based on various particularly defined events that occur (e.g., some memory or processing threshold) during operation of the virtual machines and/or application execution. The user can also specify particularly tailored solutions, which can include automatically reallocating physical host resources without additional user input on a given physical host, or moving/adding virtual machines on other physical hosts. For example, the monitoring service can be configured so that, upon identifying that a virtual machine's memory and processing resources are maxed out and/or growing, the monitoring service adds memory or processing resources for the virtual machine, or adds a new virtual machine to handle the load for the application program.

Abstract: One embodiment of the present invention is a system including: (a) plural virtualization systems configured in a cluster; (b) storage accessible to each virtualization system of the cluster, wherein for each virtual machine operative in a virtualization system of the cluster, the storage maintains a representation of virtual machine state that includes at least a description of a hardware system virtualized and an image of virtualized memory state for the virtual machine; and (c) a failover system that, responsive to an interruption of, or on, a particular one of the virtualization systems, transitions at least one affected virtual machine to another virtualization system of the cluster and resumes computations of the transitioned virtual machine based on state encoded by a corresponding one of the virtual machine states represented in the storage

Abstract: Backup systems and methods are disclosed for a virtual computing environment Certain examples include a system having a backup management server that communicates with a host server having at least one virtual machine The management server coordinates with the host server to perform backup copies of entire virtual machine disks from outside the guest operating system of the virtual machine In certain examples, such backup systems further utilize a volume shadow copy service executing on the host server to quiesce virtual machine applications to put data in a consistent state to be backed up The backup system then utilizes hypervisor snapshot capabilities of the host server to record intended changes to the virtual machine disk files while such files are being copied (eg, backed up) by the host server Such recorded changes can be later committed to the virtual machine disk files once the backup operation has completed

Abstract: System virtualization, which enjoys immense popularity in the enterprise and personal computing spaces, is recently gaining significant interest in the embedded domain. Starting from a comparison of key characteristics of enterprise systems and embedded systems, we will examine the difference in motivation for the use of system virtual machines, and the resulting differences in the requirements for the technology. We find that these differences are quite substantial, and that virtualization is unable to meet the special requirements of embedded systems. Instead, more general operating-systems technologies are required, which support virtualization as a special case. We argue that high-performance microkernels, specifically L4, are a technology that provides a good match for the requirements of next-generation embedded systems.

Abstract: A virtual-machine-based system provides a mechanism to implement application file I/O operations of protected data by implementing the I/O operations semantics in a shim layer with memory-mapped regions. The semantics of these I/O operations are emulated in a shim layer with memory-mapped regions by using a mapping between a process' address space and a file or shared memory object. Data that is protected from viewing by a guest OS running in a virtual machine may nonetheless be accessed by the process.

Abstract: Mobile phones security is becoming an important issue because they are being connected to an Internet through wireless modem technologies. System virtualization technology provides trusted computing capability by running isolated multiple virtual machines under hypervisor. In this paper, we propose a design of system virtualization for ARM CPU architecture and describe implementation of prototype called Xen on ARM using Xen hypervisor. Secure and nonsecure guest Linux virtual machines are executing under Xen on ARM isolated with each other and virtualization overhead is shown to be moderate compared to native Linux running on bare metal H/W.

Abstract: Virtual machine monitors (VMMs) are a popular platform for Internet hosting centers and cloud-based compute services. By multiplexing hardware resources among virtual machines (VMs) running commodity operating systems, VMMs decrease both the capital outlay and management overhead of hosting centers. Appropriate placement and migration policies can take advantage of statistical multiplexing to effectively utilize available processors. However, main memory is not amenable to such multiplexing and is often the primary bottleneck in achieving higher degrees of consolidation.Previous efforts have shown that content-based page sharing provides modest decreases in the memory footprint of VMs running similar operating systems and applications. Our studies show that significant additional gains can be had by leveraging both sub-page level sharing (through page patching) and in-core memory compression. We build Difference Engine, an extension to the Xen virtual machine monitor, to support each of these--in addition to standard copy-on-write full page sharing--and demonstrate substantial savings not only between VMs running similar applications and operating systems (up to 90%), but even across VMs running disparate workloads (up to 65%). In head-to-head memory-savings comparisons, Difference Engine outperforms VMware ESX server by a factor of 1.5 for homogeneous workloads and by a factor of 1.6-2.5 for heterogeneous workloads. In all cases, the performance overhead of Difference Engine is less than 7%.

Abstract: A computer implemented method, a computer program product, and data processing system clone virtual machines in a virtual desktop environment. A request to clone a new virtual machine is intercepted, wherein the request was initially sent to a virtual management server. Responsive to intercepting the request, the new virtual machine is cloned from a snapshot of a master virtual machine. A delta file is created for the new virtual machine, wherein the delta file includes a base disk reference and a copied delta file. The new virtual machine is configured to read a base disk image from a snapshot of the master virtual machine. The new virtual machine is configured to write data to the copied delta file in the delta file.

Abstract: Next Generation Data Centers are transforming labor-intensive, hard-coded systems into shared, virtualized, automated, and fully managed adaptive infrastructures. Virtualization technologies promise great opportunities for reducing energy and hardware costs through server consolidation. However, to safely transition an application running natively on real hardware to a virtualized environment, one needs to estimate the additional resource requirements incurred by virtualization overheads.In this work, we design a general approach for estimating the resource requirements of applications when they are transferred to a virtual environment. Our approach has two key components: a set of microbench-marks to profile the different types of virtualization overhead on a given platform, and a regression-based model that maps the native system usage profile into a virtualized one. This derived model can be used for estimating resource requirements of any application to be virtualized on a given platform. Our approach aims to eliminate error-prone manual processes and presents a fully automated solution. We illustrate the effectiveness of our methodology using Xen virtual machine monitor. Our evaluation shows that our automated model generation procedure effectively characterizes the different virtualization overheads of two diverse hardware platforms and that the models have median prediction error of less than 5% for both the RUBiS and TPC-W benchmarks.

Abstract: Virtual machine monitors (VMMs) have been hailed as the basis for an increasing number of reliable or trusted computing systems. The Xen VMM is a relatively small piece of software -- a hypervisor -- that runs at a lower level than a conventional operating system in order to provide isolation between virtual machines: its size is offered as an argument for its trustworthiness. However, the management of a Xen-based system requires a privileged, full-blown operating system to be included in the trusted computing base (TCB).In this paper, we introduce our work to disaggregate the management virtual machine in a Xen-based system. We begin by analysing the Xen architecture and explaining why the status quo results in a large TCB. We then describe our implementation, which moves the domain builder, the most important privileged component, into a minimal trusted compartment. We illustrate how this approach may be used to implement "trusted virtualisation" and improve the security of virtual TPM implementations. Finally, we evaluate our approach in terms of the reduction in TCB size, and by performing a security analysis of the disaggregated system.

Abstract: There is growing incentive to reduce the power consumed by large-scale data centers that host online services such as banking, retail commerce, and gaming. Virtualization is a promising approach to consolidating multiple online services onto a smaller number of computing resources. A virtualized server environment allows computing resources to be shared among multiple performance-isolated platforms called virtual machines. By dynamically provisioning virtual machines, consolidating the workload, and turning servers on and off as needed, data center operators can maintain the desired quality-of-service (QoS) while achieving higher server utilization and energy efficiency. We implement and validate a dynamic resource provisioning framework for virtualized server environments wherein the provisioning problem is posed as one of sequential optimization under uncertainty and solved using a lookahead control scheme. The proposed approach accounts for the switching costs incurred while provisioning virtual machines and explicitly encodes the corresponding risk in the optimization problem. Experiments using the Trade6 enterprise application show that a server cluster managed by the controller conserves, on average, 26% of the power required by a system without dynamic control while still maintaining QoS goals.

Abstract: A cloud management system can insert a self-management module in virtual machines. The self-management module can be configured to automatically perform management functions on the virtual machine in which it is inserted. The management functions can include activation, suspension, or termination of the virtual machine. The management functions can also include tracking and monitoring the virtual machine. The management functions can also include providing messages to the cloud management system regarding the status and usage of the virtual machine.

Abstract: A worm containment system comprising a host computing machine, a virtual machine running under the control of a virtual machine monitor, a worm detector, a diverter and a buffer. The host computing machine has a host operating system and host application(s). The virtual machine has a clone of the host operating system and a clone of the host application(s). The worm detector is configured to monitor the virtual machine traffic for signs of worm propagation. The splitter is configured to duplicate packets intended for the host computing machine into diverted packets and buffered packets. The diverter is configured to route the diverted packets to the virtual machine. The buffer is configured to store the buffered packets and then forward the buffered packets to the host operating system on indication from the worm detector that no worm propagation behavior was detected.

Abstract: Embodiments relate to systems and methods for identification and management of cloud-based virtual machines. A user requests the instantiation of a set of virtual machines from a cloud computing environment. A cloud management system requests the resources necessary to build the machines from a set of resource servers. After populating the set of virtual machines from the cloud, the cloud management system inserts a token ID into one of the virtual machines to designate that machine as a management instance. An image of that machine can be stored in the cloud management system to represent the configuration of the set of virtual machines, even when the cloud itself lacks permanent storage. When the user wishes to update the set of virtual machines, the cloud management system can insert another token ID into another virtual machine, reconfigure the software, processing, or other resources of that machine as a revised management instance.

Abstract: Methods and systems for periodically analyzing and correcting storage load imbalances in a storage network environment including virtual machines are described. These methods and systems account for various resource types, logical access paths, and relationships among different storage environment components. Load balancing may be managed in terms of input/output (I/O) traffic and storage utilization. The aggregated information is stored, and may be used to identify and correct load imbalances in a virtual server environment in order to prevent primary congestion and bottlenecks.

Abstract: A method of securing a network from vulnerability exploits, including the steps of a traffic analysis engine receiving a plurality of packets destined for an internal operating system; the traffic analysis engine selectively forwarding the packets to at least one virtual machine emulating the internal operating system; the virtual machine processing each forwarded packet; a rapid analysis engine identifying a malicious packet from the processed packets; and the rapid analysis engine creating a new signature to identify the malicious packet.

Abstract: Method for transferring storage data of a virtual machine to be migrated from a first host device to a second host device via a communication network, including: running the virtual machine on the first host device; storing, on a local storage device of the first host device, a disk image used by the virtual machine; detecting, while the virtual machine is running on the first host device, any changes made to the disk image used by the virtual machine; establishing a connection over the communication network from the first host device to the second host device; transferring, to the second host device while the virtual machine is running on the first host device, the disk image used by the virtual machine and the detected any changes made; modifying the disk image transferred to the second host device in response to the detected any changes transferred to the second host device; and starting, using the modified disk image, a migrated virtual machine on the second host device at a current state of the virtual machine running on the first host device.

Abstract: A system and method are provided for incorporating compatibility analytics and virtualization rule sets into a transformational physical to virtual (P2V) analysis for designing a virtual environment from an existing physical environment and for ongoing management of the virtual environment to refine the virtualization design to accommodate changing requirements and a changing environment.

Abstract: A cloud marketplace system can be configured to communicate with multiple cloud computing environments in order to ascertain the details for the resources and services provided by the cloud computing environments. The cloud marketplace system can be configured receive a request for information pertaining to the resources or services provided by or available in the cloud computing environments. The cloud marketplace system can be configured to generate a marketplace report detailing the resource and service data matching the request. The cloud marketplace system can be configured to utilize the resource and service data to provide migration services for virtual machines initiated in the cloud computing environments.