TU Darmstadt / ULB / TUbiblio

Swap and Play: Live Updating Hypervisors and Its Application to Xen

Sadeghi, Ahmad-Reza and Brasser, Ferdinand (2014):
Swap and Play: Live Updating Hypervisors and Its Application to Xen.
In: CCSW 2014: The ACM Cloud Computing Security Workshop Proceedings, DOI: http://dl.acm.org/citation.cfm?doid=2664168.2664173,
[Conference or Workshop Item]

Abstract

Hypervisors provide the means to run multiple isolated virtual machines on the same physical host. Typically, updating hypervisors requires a reboot of the host leading to disruption of services that is highly undesirable, particularly in cloud environments. Nevertheless, security updates have to be applied fast to reduce the risk of attacks, demanding a solution which eliminates the trade-off between availability and security risk. Live updating, in general, is highly challenging and has been investigated for decades. However, all solutions proposed so far require changes to the control flow of the software and/or cause performance degradation. Moreover, currently there are no solutions for live updating of hypervisors and all major products (e.g., Hyper-V, Xen, ESXi) require a reboot for updating. In this paper, we present Swap and Play, the first live update mechanism for hypervisors. Our solution is easy to use, scalable and, in particular, deployable in cloud environments. Our approach leverages the hypervisor’s small memory footprint to swap the hypervisor on-the-fly without affecting the control flow of the (new) hypervisor, or disrupting the guests. In this context, we tackle several technically involved challenges, such as transferring the state of the running hypervisor, updating the configuration of one CPU while reinitializing the configuration of all other CPUs, and passing the control to the new hypervisor, all at run-time. We implemented our approach on the popular Xen hypervisor to show its efficiency and effectiveness.

Item Type: Conference or Workshop Item
Erschienen: 2014
Creators: Sadeghi, Ahmad-Reza and Brasser, Ferdinand
Title: Swap and Play: Live Updating Hypervisors and Its Application to Xen
Language: German
Abstract:

Hypervisors provide the means to run multiple isolated virtual machines on the same physical host. Typically, updating hypervisors requires a reboot of the host leading to disruption of services that is highly undesirable, particularly in cloud environments. Nevertheless, security updates have to be applied fast to reduce the risk of attacks, demanding a solution which eliminates the trade-off between availability and security risk. Live updating, in general, is highly challenging and has been investigated for decades. However, all solutions proposed so far require changes to the control flow of the software and/or cause performance degradation. Moreover, currently there are no solutions for live updating of hypervisors and all major products (e.g., Hyper-V, Xen, ESXi) require a reboot for updating. In this paper, we present Swap and Play, the first live update mechanism for hypervisors. Our solution is easy to use, scalable and, in particular, deployable in cloud environments. Our approach leverages the hypervisor’s small memory footprint to swap the hypervisor on-the-fly without affecting the control flow of the (new) hypervisor, or disrupting the guests. In this context, we tackle several technically involved challenges, such as transferring the state of the running hypervisor, updating the configuration of one CPU while reinitializing the configuration of all other CPUs, and passing the control to the new hypervisor, all at run-time. We implemented our approach on the popular Xen hypervisor to show its efficiency and effectiveness.

Title of Book: CCSW 2014: The ACM Cloud Computing Security Workshop Proceedings
Uncontrolled Keywords: ICRI-SC
Divisions: 20 Department of Computer Science
20 Department of Computer Science > System Security Lab
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
Date Deposited: 04 Aug 2016 10:13
DOI: http://dl.acm.org/citation.cfm?doid=2664168.2664173
Identification Number: TUD-CS-2014-0918
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item