IOMMU Para-Virtualization for Efficient and Secure DMA in Virtual Machines |
Tang, Hongwei
(Shenzhen Institute of Advanced Technology, Chinese Academy of Sciences)
Li, Qiang (Institute of Computing Technology, Chinese Academy of Sciences) Feng, Shengzhong (Shenzhen Institute of Advanced Technology, Chinese Academy of Sciences) Zhao, Xiaofang (Institute of Computing Technology, Chinese Academy of Sciences) Jin, Yan (Institute of Computing Technology, Chinese Academy of Sciences) |
1 | F. Bellard, "QEMU, a Fast and Portable Dynamic Translator," in Proc. of the USENIX Annual Technical Conference, pp. 41-46, 2005. |
2 | Intel, "Intel Virtualization Technology for Directed I/O Architecture Specification." |
3 | B. Liu, L. Yang and X. Qin, "Research on Hardware I/O Passthrough in Computer Virtualization," in Proc. of the International Symposium on Computer Science, 2010. |
4 | A. Kivity, Y. Kamay, D. Laor, U. Lublin and A. Liguori, "KVM: the linux virtual machine monitor," in Proc. of Ottawa Linux Symposium, pp. 225-230, 2007. |
5 | M. Benyehuda, J. Xenidis, M. Ostrowski, K. Rister, A. Bruemmer and L. van Doorn, "The price of safety: Evaluating IOMMU performance," in Proc. of OLS '07: The 2007 Ottawa Linux Symposium, pp. 9-20, 2007. |
6 | B. A. Yassour, M. Benyehuda and O. Wasserman, "Direct device assignment for untrusted fully-virtualized virtual machines," vol. 54, pp. 150-156, Yehuda, 2008. |
7 | N. Amit, M. Benyehuda, D. Tsafrir and A. Schuster, "vIOMMU: efficient IOMMU emulation," in Proc. of the 2011 USENIX conference on USENIX annual technical conference, Portland, 2011. |
8 | M. Becher,M. Dornseif and C. N. Klein, "FireWire: all your memory are belong to us," in Proc. of CanSecWest Applied Security Conference, 2005. |
9 | R. Wojtczuk, "Subverting the Xen hypervisor," in Proc. of Black Hat, 2008. |
10 | B. A. Yassour, M. Benyehuda and O. Wasserman, "On the DMA mapping problem in direct device assignment," in Proc. of SYSTOR 2010: the Haifa Experimental Systems Conference. pp. 1-12, Israel, 2010. |
11 | M. Benyehuda, J. Mason, J. Xenidis, O. Krieger, L. van Doorn, J. Nakajima, A. Mallick and E. Wahlig, "Utilizing IOMMUs for virtualization in Linux and Xen," in Proc. of OLS '06: The 2006 Ottawa Linux Symposium, pp. 71-86, 2006. |
12 | M. Malka, N. Amit, M. Benyehuda and D. Tsafrir, "rIOMMU: Efficient IOMMU for I/O Devices that Employ Ring Buffers," in Proc. of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, Turkey, 2015. |
13 | Linux Kernel. https://www.kernel.org/. |
14 | IMB. https://software.intel.com/en-us/articles/intel-mpi-benchmarks |
15 | O. Peleg, A.Morrison, B. Serebrin and D. Tsafrir, "Utilizing the IOMMU scalably," in Proc. of the 2015 USENIX Conference on Usenix Annual Technical Conference, pp. 549-562, CA, 2015. |
16 | P. Willmann, S. Rixner, A. L. Cox, "Protection strategies for direct access to virtualized I/O devices," in Proc. of USENIX Ann. Technical Conf. (ATC), pp. 15-28, 2008. |
17 | N. Amit, M. Benyehuda and B. A. Yassour, "IOMMU: Strategies for mitigating the IOTLB bottleneck," in Proc. of Workshop on Interaction between Opearting Syst. & Comput. Archit. (WIOSCA), 2010. |
18 | Netperf. http://www.netperf.org |
19 | Apache Bench. https://httpd.apache.org/docs/2.4/programs/ab.html |
20 | R. Russell, "virtio: towards a de-facto standard for virtual I/O devices," ACM SIGOPS Operating Syst. Review (OSR), vol. 42, pp. 95-103, 2008. |
21 | AMD, "AMD I/O Virtualization Technology (IOMMU) Specification (Revision 2.62)," February 2015. |
22 | P. Stewin and I. Bystrov, "Understanding DMA Malware," in Proc. of the 9th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, July 2012. |
23 | L. Duflot and Y. A. Perez, "Can You Still Trust Your Network Card?" in Proc. of the 13th CanSecWest Conference (CanSecWest'10), 2010. |
24 | F. Sang, V. Nicomette, and Y. Deswarte, "I/O Attacks in Intel PC-based Architectures and Countermeasures," in Proc. of SysSec Workshop (SysSec'11), 2011. |
25 | J. Jose, M. Li, X. Lu, K. C. Kandalla, M. D. Arnold, and D. K. Panda, "SR-IOV support for virtualization on infiniband clusters: Early experience," in Proc. of Cluster Computing and the Grid, IEEE International Symposium on. IEEE Computer Society, pp. 385-392, 2013. |
26 | M. Shojafar, C. Canali, R. Lancellotti, and E. Baccarelli, "Minimizing computing-plus-communication energy consumptions in virtualized networked data centers," in Proc. of 21th IEEE/ACM ISCC, pp. 1184-1191, 2016. |
27 | C. Canali, and R. Lancellotti, "A class-based virtual machine placement technique for a greener cloud," in Proc. of 4th. Int. Conference on Green IT Solutions (ICGREEN 2015), 2015. |
28 | C. Canali, and R. Lancellotti, "Automated clustering of VMs for scalable cloud monitoring and management," in Proc. of the 20th International Conference on Software, Telecommunications and Computer Networks, pp.1-5, 2012. |
29 | M. Shojafar, N. Cordeschi, D. Amendola, and E. Baccarelli, "Energy-saving adaptive computing and traffic engineering for real-time-service data centers," in Proc. of the IEEE International Conference on Communication, pp. 1800-1806, 2015. |
30 | Z. Pooranian, M. Shojafar, R. Tavoli, M. Singhal, and A. Abraham, "A hybrid metaheuristic algorithm for job scheduling on computational grids," Informatica, vol. 37(2), pp. 157-164, 2013. |
31 | V. Leis, A. Kemper, and T. Neumann, "The adaptive radix tree: ARTful indexing for main-memory databases," in Proc. of ICDE, pp. 38-49, 2013. |
32 | OFED. https://www.openfabrics.org/downloads/OFED/ |