Scale and performance in the Denali isolation kernel
作者: Andrew Whitaker , Marianne Shaw , Steven D. Gribble
关键词:
摘要: This paper describes the Denali isolation kernel, an operating system architecture that safely multiplexes a large number of untrusted Internet services on shared hardware. Denali's goal is to allow new be "pushed" into third party infrastructure, relieving service authors from burden acquiring and maintaining physical infrastructure. Our kernel exposes virtual machine abstraction, but unlike conventional monitors, does not attempt emulate underlying precisely, instead modifies gain scale, performance, simplicity implementation. In this paper, we first discuss design principles kernels, then describe implementation Denali. Following this, present detailed evaluation Denali, demonstrating overhead virtualization small, our architectural choices are warranted, can successfully scale more than 10,000 machines commodity
acm.org
core.ac.uk
sci-hub.se 参考文章(35)
David B. Golub, Avadis Tevanian, Michael J. Accetta, William J. Bolosky, Richard F. Rashid, Robert V. Baron, Michael Young, Mach: A New Kernel Foundation for UNIX Development. USENIX Summer. pp. 93- 113 ,(1986)
Eric A. Brewer, David Wagner, Ian Goldberg, Randi Thomas, A secure environment for untrusted helper applications confining the Wily Hacker usenix security symposium. pp. 1- 1 ,(1996)
Dirk Balfanz, Daniel R. Simon, WindowBox: a simple security model for the connected desktop conference on usenix windows systems symposium. pp. 4- 4 ,(2000)
Henry Levy, Anna Karlin, Tashana Landray, Denise Pinnel, Alec Wolman, Neal Cardwell, Molly Brown, Geoff Voelker, Nitin Sharma, Organization-based analysis of web-object sharing and caching usenix symposium on internet technologies and systems. pp. 3- 3 ,(1999)
Robert S. Gray, Agent Tcl: a flexible and secure mobile-agent system TCLTK'96 Proceedings of the 4th conference on USENIX Tcl/Tk Workshop, 1996 - Volume 4. pp. 2- 2 ,(1998)
John Reumann, Kang G. Shin, Dilip Kandlur, Ashish Mehra, Virtual services: a new abstraction for server consolidation usenix annual technical conference. pp. 10- 10 ,(2000)
David Wetherall, Stefan Savage, David Ely, Alpine: a user-level infrastructure for network protocol development usenix symposium on internet technologies and systems. pp. 15- 15 ,(2001)
John S. Robin, Cynthia E. Irvine, Analysis of the Intel Pentium's ability to support a secure virtual machine monitor usenix security symposium. pp. 10- 10 ,(2000) , 10.21236/ADA423654
Robert P Goldberg, Architectural Principles for Virtual Computer Systems ,(1973)
Jeremy Sugerman, Beng-Hong Lim, Ganesh Venkitachalam, Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor usenix annual technical conference. pp. 1- 14 ,(2001)