Increasing web server throughput with network interface data caching
Proceedings of the 10th international conference on Architectural support for programming languages and operating systems
Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor
Proceedings of the General Track: 2002 USENIX Annual Technical Conference
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Improving the reliability of commodity operating systems
ACM Transactions on Computer Systems (TOCS)
Scale and performance in the Denali isolation kernel
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Diagnosing performance overheads in the xen virtual machine environment
Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments
Advanced virtualization capabilities of POWER5 systems
IBM Journal of Research and Development - POWER5 and packaging
A comparison of software and hardware techniques for x86 virtualization
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Optimizing network virtualization in Xen
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
High performance VMM-bypass I/O in virtual machines
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
High performance and scalable I/O virtualization via self-virtualized devices
Proceedings of the 16th international symposium on High performance distributed computing
RiceNIC: a reconfigurable network interface for experimental research and education
Proceedings of the 2007 workshop on Experimental computer science
Concurrent Direct Network Access for Virtual Machine Monitors
HPCA '07 Proceedings of the 2007 IEEE 13th International Symposium on High Performance Computer Architecture
Bridging the gap between software and hardware techniques for I/O virtualization
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Achieving 10 Gb/s using safe and transparent network interface virtualization
Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Towards high-quality I/O virtualization
SYSTOR '09 Proceedings of SYSTOR 2009: The Israeli Experimental Systems Conference
Virtualization polling engine (VPE): using dedicated CPU cores to accelerate I/O virtualization
Proceedings of the 23rd international conference on Supercomputing
Live migration of direct-access devices
ACM SIGOPS Operating Systems Review
On the DMA mapping problem in direct device assignment
Proceedings of the 3rd Annual Haifa Experimental Systems Conference
Live migration of direct-access devices
WIOV'08 Proceedings of the First conference on I/O virtualization
Standardized but flexible I/O for self-virtualizing devices
WIOV'08 Proceedings of the First conference on I/O virtualization
SR-IOV networking in Xen: architecture, design and implementation
WIOV'08 Proceedings of the First conference on I/O virtualization
Redesigning xen's memory sharing mechanism for safe and efficient I/O virtualization
WIOV'10 Proceedings of the 2nd conference on I/O virtualization
Flash memory performance on a highly scalable IOV system
WIOV'11 Proceedings of the 3rd conference on I/O virtualization
vIOMMU: efficient IOMMU emulation
USENIXATC'11 Proceedings of the 2011 USENIX conference on USENIX annual technical conference
DriverGuard: a fine-grained protection on I/O flows
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
IOMMU: strategies for mitigating the IOTLB bottleneck
ISCA'10 Proceedings of the 2010 international conference on Computer Architecture
Adding advanced storage controller functionality via low-overhead virtualization
FAST'12 Proceedings of the 10th USENIX conference on File and Storage Technologies
Reliable device sharing mechanisms for Dual-OS embedded trusted computing
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
High performance network virtualization with SR-IOV
Journal of Parallel and Distributed Computing
vBalance: using interrupt load balance to improve I/O performance for SMP virtual machines
Proceedings of the Third ACM Symposium on Cloud Computing
VALE, a switched ethernet for virtual machines
Proceedings of the 8th international conference on Emerging networking experiments and technologies
Rigorous rental memory management for embedded systems
ACM Transactions on Embedded Computing Systems (TECS) - Special section on ESTIMedia'12, LCTES'11, rigorous embedded systems design, and multiprocessor system-on-chip for cyber-physical systems
An experimental study of cascading performance interference in a virtualized environment
ACM SIGMETRICS Performance Evaluation Review
From embedded multi-core SoCs to scale-out processors
Proceedings of the Conference on Design, Automation and Test in Europe
Secure I/O device sharing among virtual machines on multiple hosts
Proceedings of the 40th Annual International Symposium on Computer Architecture
DriverGuard: Virtualization-Based Fine-Grained Protection on I/O Flows
ACM Transactions on Information and System Security (TISSEC)
I/o paravirtualization at the device file boundary
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
Proceedings of the First Workshop on Cryptography and Security in Computing Systems
| Hi-index | 0.00 |
Commodity virtual machine monitors forbid direct access to I/O devices by untrusted guest operating systems in order to provide protection and sharing. However, both I/O memory management units (IOMMUs) and recently proposed software-based methods can be used to reduce the overhead of I/O virtualization by providing untrusted guest operating systems with safe, direct access to I/O devices. This paper explores the performance and safety tradeoffs of strategies for using these mechanisms. The protection strategies presented in this paper provide equivalent inter-guest protection among operating system instances. However, they provide varying levels of intra-guest protection from driver software and incur varying levels of overhead. A simple direct-map strategy incurs the least overhead, providing native-level performance but offering no enhanced protection from misbehaving device drivers within the guest operating system. Additional protection against guest drivers can be achieved by limiting IOMMU page-table mappings to memory buffers that are actually used in I/O transfers. Furthermore, the cost incurred by this limitation can be minimized by aggressively reusing these mappings. Surprisingly, a software-only strategy that does not use an IOMMU at all performs competitively, and sometimes better than, hardware-based strategies while maintaining strict inter-guest isolation.