{"title":"跨虚拟机的安全系统范围进程调度程序","authors":"H. Tadokoro, Kenichi Kourai, S. Chiba","doi":"10.1109/PRDC.2010.34","DOIUrl":null,"url":null,"abstract":"Server consolidation using virtual machines (VMs) makes it difficult to execute processes as the administrators intend. A process scheduler in each VM is not aware of the other VM and schedules only processes in one VM independently. To solve this problem, process scheduling across VMs is necessary. However, such system-wide scheduling is vulnerable to denial-of-service (DoS) attacks from a compromised VM against the other VMs. In this paper, we propose the Monarch scheduler, which is a secure system-wide process scheduler running in the virtual machine monitor (VMM). The Monarch scheduler monitors the execution of processes and changes the scheduling behavior in all VMs. To change process scheduling from the VMM, it manipulates run queues and process states consistently without modifying guest operating systems. Its hybrid scheduling mitigates DoS attacks by leveraging performance isolation among VMs. We confirmed that the Monarch scheduler could achieve useful scheduling and the overheads were small.","PeriodicalId":382974,"journal":{"name":"2010 IEEE 16th Pacific Rim International Symposium on Dependable Computing","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"A Secure System-Wide Process Scheduler across Virtual Machines\",\"authors\":\"H. Tadokoro, Kenichi Kourai, S. Chiba\",\"doi\":\"10.1109/PRDC.2010.34\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Server consolidation using virtual machines (VMs) makes it difficult to execute processes as the administrators intend. A process scheduler in each VM is not aware of the other VM and schedules only processes in one VM independently. To solve this problem, process scheduling across VMs is necessary. However, such system-wide scheduling is vulnerable to denial-of-service (DoS) attacks from a compromised VM against the other VMs. In this paper, we propose the Monarch scheduler, which is a secure system-wide process scheduler running in the virtual machine monitor (VMM). The Monarch scheduler monitors the execution of processes and changes the scheduling behavior in all VMs. To change process scheduling from the VMM, it manipulates run queues and process states consistently without modifying guest operating systems. Its hybrid scheduling mitigates DoS attacks by leveraging performance isolation among VMs. We confirmed that the Monarch scheduler could achieve useful scheduling and the overheads were small.\",\"PeriodicalId\":382974,\"journal\":{\"name\":\"2010 IEEE 16th Pacific Rim International Symposium on Dependable Computing\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-12-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 IEEE 16th Pacific Rim International Symposium on Dependable Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PRDC.2010.34\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE 16th Pacific Rim International Symposium on Dependable Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PRDC.2010.34","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Secure System-Wide Process Scheduler across Virtual Machines
Server consolidation using virtual machines (VMs) makes it difficult to execute processes as the administrators intend. A process scheduler in each VM is not aware of the other VM and schedules only processes in one VM independently. To solve this problem, process scheduling across VMs is necessary. However, such system-wide scheduling is vulnerable to denial-of-service (DoS) attacks from a compromised VM against the other VMs. In this paper, we propose the Monarch scheduler, which is a secure system-wide process scheduler running in the virtual machine monitor (VMM). The Monarch scheduler monitors the execution of processes and changes the scheduling behavior in all VMs. To change process scheduling from the VMM, it manipulates run queues and process states consistently without modifying guest operating systems. Its hybrid scheduling mitigates DoS attacks by leveraging performance isolation among VMs. We confirmed that the Monarch scheduler could achieve useful scheduling and the overheads were small.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
