Hop-count filtering: an effective defense against spoofed DDoS traffic
Proceedings of the 10th ACM conference on Computer and communications security
Defense against spoofed IP traffic using hop-count filtering
IEEE/ACM Transactions on Networking (TON)
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Quantifying the performance isolation properties of virtualization systems
Proceedings of the 2007 workshop on Experimental computer science
Queue - Virtualization
virtio: towards a de-facto standard for virtual I/O devices
ACM SIGOPS Operating Systems Review - Research and developments in the Linux kernel
The Eucalyptus Open-Source Cloud-Computing System
CCGRID '09 Proceedings of the 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid
The impact of virtualization on network performance of amazon EC2 data center
INFOCOM'10 Proceedings of the 29th conference on Information communications
Analyzing and Modeling the Performance in Xen-Based Virtual Cluster Environment
HPCC '10 Proceedings of the 2010 IEEE 12th International Conference on High Performance Computing and Communications
Performance Analysis of High Performance Computing Applications on the Amazon Web Services Cloud
CLOUDCOM '10 Proceedings of the 2010 IEEE Second International Conference on Cloud Computing Technology and Science
Performance Analysis of Cloud Computing Services for Many-Tasks Scientific Computing
IEEE Transactions on Parallel and Distributed Systems
| Hi-index | 0.00 |
Virtualization, which allows multiple Virtual Machines (VMs) to reside on a single physical machine, has become an indispensable technology for today's IT infrastructure. It is known that the overhead for virtualization affects system performance; yet it remains largely unknown whether VMs are more vulnerable to networked Denial of Service (DoS) attacks than conventional physical machines. A clear understanding here is obviously critical to such networked virtualization system as cloud computing platforms. In this paper, we present an initial study on the performance of modern virtualization solutions under DoS attacks. We experiment with the full spectrum of modern virtualization techniques, from paravirtualization, hardware virtualization, to container virtualization, with a comprehensive set of benchmarks. Our results reveal severe vulnerability of modern virtualization: even with relatively light attacks, the file system and memory access performance of VMs degrades at a much higher rate than their non-virtualized counterparts, and this is particularly true for hypervisor-based solutions. We further examine the root causes, with the goal of enhancing the robustness and security of these virtualization systems. Inspired by the findings, we implement a practical modification to the VirtIO drivers in the Linux KVM package, which effectively mitigates the overhead of a DoS attack by up to 40%.