Kuniyasu Suzaki

Memory deduplication as a threat to the guest OS

Memory deduplication shares same-content memory pages and reduces the consumption of physical memory. It is effective on environments that run many virtual machines with the same operating system. Memory deduplication, however, is vulnerable to memory disclosure attacks, which reveal the existence of an application or file on another virtual machine. Such an attack takes advantage of a difference in write access times on deduplicated memory pages that are re-created by Copy-On-Write. In our experience on KSM (kernel samepage merging) with the KVM virtual machine, the attack could detect the existence of sshd and apache2 on Linux, and IE6 and Firefox on WindowsXP. It also could detect a downloaded file on the Firefox browser. We describe the attack mechanism in this paper, and also mention countermeasures against this attack.

Job Scheduling Strategies for Networks of Workstations

In this paper we first introduce the concepts of utilisation ratio and effective speedup and their relations to the system performance. We then describe a two-level scheduling scheme which can be used to achieve good performance for parallel jobs and good response for interactive sequential jobs and also to balance both parallel and sequential workloads. The two-level scheduling can be implemented by introducing on each processor a registration office. We also introduce a loose gang scheduling scheme. This scheme is scalable and has many advantages over existing explicit and implicit coscheduling schemes for scheduling parallel jobs under a time sharing environment.

Why do software packages conflict

Determining whether two or more packages cannot be installed together is an important issue in the quality assurance process of package-based distributions. Unfortunately, the sheer number of different configurations to test makes this task particularly challenging, and hundreds of such incompatibilities go undetected by the normal testing and distribution process until they are later reported by a user as bugs that we call “conflict defects”. We performed an extensive case study of conflict defects extracted from the bug tracking systems of Debian and Red Hat. According to our results, conflict defects can be grouped into five main categories. We show that with more detailed package meta-data, about 30 % of all conflict defects could be prevented relatively easily, while another 30 % could be found by targeted testing of packages that share common resources or characteristics. These results allow us to make precise suggestions on how to prevent and detect conflict defects in the future.

Dynamic load balancing using network transferable computer

This paper proposes a new dynamic load balancing (DLB) method for network traffic. In client-server systems, intense access to a particular server host often causes excessive traffic on a path connected to the server. Although mirror servers are used for load balancing of host performance, this may not be sufficient to balance the load of network traffic. In the DLB method a server has the capability to move to another network, so that flows of packets toward/from the server change and a part of packets avoid going through the crowded path. This reduction of the traffic on the congested path achieves load balancing of network traffic. The DLB method is based on network transferable computer (NTC) and mobile IP. Also a management system is provided. The management system has the following responsibilities. (1) Analyzing packets for the server. (2) Calculating the fluctuation rate of the amount of packets toward the server. (3) Estimating the future amount of packets. (4) Determining whether the server move or not and a new location of the server if necessary. The evaluation of this method is underlined by simulations, which show effective reduction of traffic on the target path.

Kernel Memory Protection by an Insertable Hypervisor Which Has VM Introspection and Stealth Breakpoints

Recent device drivers are under threat of targeted attack called Advanced Persistent Threat (APT) since some device drivers handle industrial infrastructure systems and/or contain sensitive data e.g., secret keys for disk encryption and passwords for authentication. Even if attacks are found in these systems, it is not easy to update device drivers since these systems are required to be non-stop operation and these attacks are based on zero-day attacks. DriverGuard is developed to mitigate such problems. It is a light weight hypervisor and can be inserted into pre-installed OS (Windows) from USB memory at boot time. The memory regions for sensitive data in a Windows kernel are protected by VM introspection and stealth breakpoints in the hypervisor. The hypervisor recognizes memory structure of guest OS by VM introspection and manipulates a page table entry (PTE) using stealth breakpoints technique. DriverGuard prevents malicious write-access to code region that causes Blue Screen of Death of Windows, and malicious read and write access to data region which causes information leakage. Current implementation is applied on pre-installed Windows7 and increases security of device drivers from outside of OS.

KNOPPIX/Math: portable and distributable collection of mathematical software and free documents

We propose a new computer environment for mathematicians that can be set up easily and quickly.

Using Checkpointing and Virtualization for Fault Injection

The program monitoring and control mechanisms of virtualization tools are becoming increasingly standardized and advanced. Together with check pointing, these can be used for general program analysis tools. We explore this idea with an architecture we call Checkpoint-based Fault Injection (CFI), and two concrete implementations using different existing virtualization tools: DMTCP and SBUML. The implementations show interesting trade-offs in versatility and performance as well as the generality of the architecture.

Impact on Chunk Size on Deduplication and Disk Prefetch

CAS (Content Addressable Storage) systems reduce total volume of vir- tual disk with deduplication technique. The effects of deduplication has been eva- luated and confirmed in some papers. Most evaluations, however, were achieved by small chunk size (4KB-8KB) and did not care about I/O optimization (disk pre- fetch) on a real usage. Effective disk prefetch is larger than the chunk size and causes many CAS operations. Furthermore, previous evaluations did not care about ratio of effective data in a chunk. The ratio is improved by block realloca- tion of file system, which considers access profile. Chunk size should be decided by considering these effects on a real usage. This paper evaluates effectiveness of deduplication on a large chunk of CAS system which considers the optimization for disk prefetch and effective data in a chunk. The optimization was achieved for boot procedure, because it was a mandatory operation on any operating systems. The results showed large chunk (256KB) was effective on booting Linux and could maintain the effect of deduplication.

Security considered harmful a case study of tradeoff between security and usability

Medical information systems carry sensitive data, which necessitates security and privacy. However, there is well-known trade-off between usability and security, and security can harm care providers and patients. This paper addresses the trade-off between security and usability in medical systems, and presents a case where higher security with better usability was achieved through close cooperation between computer scientists and care providers. The direct interaction might be costly for both, but appropriate tools could make the collaboration acceptable and practical.

A Lightweight Access Log Filter of Windows OS Using Simple Debug Register Manipulation

Recently, leveraging hypervisor for inspecting Windows OS which is called as VM instospection has been proposed. In this paper, we propose a thin debugging layer to provide several solutions for current VM instrospection. First, out-of-the box monitoring has not been develoed for monitoring complicated event such as registry access of Windows OS. Second, logging inside guest OS is resource-intensive and therefore detactable. Third, shared memory should be prepared for notifying events which makes the system so complicated. To solve these problems, we emdded a simple debug register manipulation inside guest VM and modify its handler of hypervisor. In proposed system, we only change a few generic and debug register to cope with highly frequent events without allocating memory and generating file I/O. As a result, resource utilization of CPU, memory and I/O can be drastically reduced compared with commodity logging software inside Windows OS. In experiment, we have shown the result of tracking registry access of malware running on Windos OS. It is shown that proposed system can achive the same function of ProcMon of Windows OS with reasonable resource utilization. Particularly, we have achieved more than 84% of memory usage and 97% of disk access reduction compared with the case of using ProcMon.