Yong Qi

A multi-objective hybrid genetic algorithm for energy saving task scheduling in CMP system

There are two important factors in the power-performance issues of chip multi-processor(CMP) system: the execution time of tasks and the system energy consumption. Most of exist energy saving methods are not designed to reduce the system energy while cut the execution time down. This paper represents a multi-objective hybrid genetic algorithm (MHGA) which can make the execution time of tasks minimize while reducing the system power consumption. We analyze the problem of energy saving task scheduling on CMP system and a novel coding scheme of genetic algorithm. Based on that, we improve the crossover and mutation operator of genetic algorithm. We propose the multi-objective genetic algorithm by using simulated annealing algorithm to enhance the search ability. Simulation results demonstrate that using our algorithm can make the efficiency of task scheduling on CMP increase, make both the execution time of task and energy consumption of system decrease.

A lightweight VMM on many core for high performance computing

Traditional Virtual Machine Monitor (VMM) virtualizes some devices and instructions, which induces performance overhead to guest operating systems. Furthermore, the virtualization contributes a large amount of codes to VMM, which makes a VMM prone to bugs and vulnerabilities.n On the other hand, in cloud computing, cloud service provider configures virtual machines based on requirements which are specified by customers in advance. As resources in a multi-core server increase to more than adequate in the future, virtualization is not necessary although it provides convenience for cloud computing. Based on the above observations, this paper presents an alternative way for constructing a VMM: configuring a booting interface instead of virtualization technology. A lightweight virtual machine monitor - OSV is proposed based on this idea. OSV can host multiple full functional Linux kernels with little performance overhead. There are only 6 hyper-calls in OSV. The Linux running on top of OSV is intercepted only for the inter-processor interrupts. The resource isolation is implemented with hardware-assist virtualization. The resource sharing is controlled by distributed protocols embedded in current operating systems.n We implement a prototype of OSV on AMD Opteron processor based 32-core servers with SVM and cache-coherent NUMA architectures. OSV can host up to 8 Linux kernels on the server with less than 10 lines of code modifications to Linux kernel. OSV has about 8000 lines of code which can be easily tuned and debugged. The experiment results show that OSV VMM has 23.7% performance improvement compared with Xen VMM.

Design and verification of a lightweight reliable virtual machine monitor for a many-core architecture

Virtual machine monitors (VMMs) play a central role in cloud computing. Their reliability and availability are critical for cloud computing. Virtualization and device emulation make the VMM code base large and the interface between OS and VMM complex. This results in a code base that is very hard to verify the security of the VMM. For example, a misuse of a VMM hyper-call by a malicious guest OS can corrupt the whole VMM. The complexity of the VMM also makes it hard to formally verify the correctness of the system’s behavior. In this paper a new VMM, operating system virtualization (OSV), is proposed. The multiprocessor boot interface and memory configuration interface are virtualized in OSV at boot time in the Linux kernel. After booting, only inter-processor interrupt operations are intercepted by OSV, which makes the interface between OSV and OS simple. The interface is verified using formal model checking, which ensures a malicious OS cannot attack OSV through the interface. Currently, OSV is implemented based on the AMD Opteron multi-core server architecture. Evaluation results show that Linux running on OSV has a similar performance to native Linux. OSV has a performance improvement of 4%–13% over Xen.

Deterministic link signature based IP traceback algorithm under IPv6

The IPv6 security architecture, IPSec, plays a positive role in the protection of IPv6 networks. To some special attacks, especially DDoS attacks, IPSec appears relatively weak, because IPSec can only defend against DDoS attacks that spoof their source addresses. In cases where attackers launch DDoS attacks with their real identity, IPSec is helpless. This paper proposes a deterministic link signature based DDoS IP traceback algorithm. It can immediately reconstruct the entire attack path after suffering a DDoS attack whether or not the source addresses are spoofed. To verify the validity of our algorithm, we implemented it under a simulated IPv6 environment with the OMNeT++ IPv6Suite.

AppSec: A Safe Execution Environment for Security Sensitive Applications

Malicious OS kernel can easily access users private data in main memory and pries human-machine interaction data, even one that employs privacy enforcement based on application level or OS level. This paper introduces AppSec, a hypervisor-based safe execution environment, to protect both the memory data and human-machine interaction data of security sensitive applications from the untrusted OS transparently. AppSec provides several security mechanisms on an untrusted OS. AppSec introduces a safe loader to check the code integrity of application and dynamic shared objects. During runtime, AppSec protects application and dynamic shared objects from being modified and verifies kernel memory accesses according to applications intention. AppSec provides a devices isolation mechanism to prevent the human-machine interaction devices being accessed by compromised kernel. On top of that, AppSec further provides a privileged-based window system to protect applications X resources. The major advantages of AppSec are threefold. First, AppSec verifies and protects all dynamic shared objects during runtime. Second, AppSec mediates kernel memory access according to applications intention but not encrypts all applications data roughly. Third, AppSec provides a trusted I/O path from end-user to application. A prototype of AppSec is implemented and shows that AppSec is efficient and practical.

Inter-domain Communication Mechanism Design and Implementation for High Performance

Running multi-OS on a physical machine is the major method to improve the utilization of computer. With the widely use of virtualization technology in cloud computing, the efficiency of inter-domain communication becomes the key factor for performance of distributed applications especially for some network-intensive applications. The communication synchronous mechanism used by traditional VMM is based on asynchronous signal provided by VMM and often leads to high latency, low performance. In this paper, we design and implement a communication mechanism named OSVSocket which uses inter-processor interruption(IPI) to synchronize and eliminate some useless packet check. We use shared-memory to reduce the time for data copying. Our prototype is implemented on a X86 VMM which is developed by ourselves. The experiment shows that OSVSocket has lower latency and higher performance compared with UNIX IPC.

Nosv: A lightweight nested-virtualization VMM for hosting high performance computing on cloud

Abstract Moving the high performance computing (HPC) to Cloud not only reduces the costs but also gives users the ability to customize their system. Besides, compared with the traditional HPC computing environments, such as grid and cluster which run HPC applications on bare-metal, cloud equipped with virtualization not only improves resource utilization but also reduces maintenance cost. While for some reasons, current virtualization-based cloud has limited performance for HPC. Such performance overhead could be caused by Virtual Machine Monitor (VMM) interceptions, virtualized I/O devices or cross Virtual Machine (VM) interference, etc. In order to guarantee the performance of HPC applications on Cloud, the VMM should interfere guest VMs as less as possible and allocate dedicated resources such as CPU cores, DRAM and devices to guest VMs running HPC applications. In this paper, we propose a novel cloud infrastructure to serve the HPC applications and normal applications concurrently. This novel infrastructure is based on a lightweight high performance VMM named nOSV. For HPC applications, nOSV constructs a strong isolated high performance guest VM with dedicated resources. At runtime, the high performance VM manages all resources by itself and is not interfered by nOSV. By supporting nested virtualization, nOSV can run HPC with commodity application and keep the flexibility of traditional Cloud. nOSV runs other virtualization environments, like Xen and Docker, as high performance guest VMs. All commodity Cloud applications are hosted in these virtualization environments and share hardware resources with each other. The prototype of nOSV shows that it provides a bare-metal like performance for HPC applications and has about 23% improvement compared to HPC applications running on Xen.

Energy saving task scheduling for heterogeneous CMP system based on multi-objective fuzzy genetic algorithm

With the chip multi-processor (CMP) being more and more widespread used in the laptop, desktop and data center area, the power-performance scheduling issues are becoming challenges to the researchers. In this paper, we propose a multi-objective fuzzy genetic algorithm to optimize the energy saving scheduling tasks on heterogeneous CMP system. According to the characteristic of heterogeneous CMP system, we present a novel encoding and decoding scheme of genetic algorithm, improve the crossover operator and the mutation operator. Based on that, we improve the genetic algorithm architecture by using the relative fuzzy membership grade fitness and the elitist strategy. Simulation results demonstrate that using our algorithm can save both the execution time and system energy cost at the same time.

An online electricity cost budgeting algorithm for maximizing green energy usage across data centers

With the sky-rocketing development of Internet services, the power usage in data centers has been significantly increasing. This ever increasing energy consumption leads to negative environmental impact such as global warming. To reduce their carbon footprints, large Internet service operators begin to utilize green energy. Since green energy is currently more expensive than the traditional brown one, it is important for the operators to maximize the green energy usage subject to their desired long-term (e.g., a month) cost budget constraint. In this paper, we propose an online algorithm GreenBudget based on the Lyapunov optimization framework. We prove that our algorithm is able to achieve a delicate tradeoff between the green energy usage and the enforcement of the cost budget constraint, and a control parameter V is the knob to arbitrarily tune such a tradeoff. We evaluate GreenBudget utilizing real-life traces of user requests, cooling efficiency, electricity price and green energy availability. Experimental results demonstrate that under the same cost budget constraint, GreenBudget can increase the green energy usage by 11.55% compared with the state-of-the-art work, without incurring any performance violation of user requests.

TrustOSV: Building Trustworthy Executing Environment with Commodity Hardware for a Safe Cloud

The Infrastructure as a Service (IaaS) cloud computing model is widely used in current IT industry, providing the cloud users virtual machines as the executing environment. However, current executing environment the cloud provided is not trustworthy. For a users executing environment faces threats from malicious cloud users who aim at attacking the underlying virtualization software (virtual machine monitor, VMM, or hypervisor). In this paper, we first make an analysis of the potential threats to a commodity hypervisor, and then propose architecture to build a more trustworthy executing environment for IaaS cloud. The main ideas of our architecture are: removing interaction between hypervisor and the exposed executing environment, enhancing platform data secrecy as well as providing feature rich environment attestation. To prove the effectiveness of our architecture, we build a prototype system, named TrustOSV, which can host multiple trustworthy isolated computing environments on multi-core x86 hardware. The final evaluation shows that TrustOSV can provide enhanced security guarantees to the exposed VMs at modest cost.