LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citrix Systems UK Ltd

•

7 gefällt mir•2,366 views

In our interconnected world of mobile and cloud computing, particularly with the rise of governmental spying, corporate espionage, and theft of data by organized crime syndicates, security is more important than ever. Many claims are being made about the security of open-source cloud technologies: How can administrators, users, and developers separate fact from fiction? This talk will equip the audience with the principles needed to evaluate security claims. We will talk the nature of risk, of vulnerabilities and exploits; the various factors that reduce the risk of vulnerabilities in software; and about TCB, threat models, and defense-in-depth. We will then apply these principles to three open-source cloud technologies: containers, KVM, and Xen, to see how they stack up. These will be backed up with numbers: lines of code, security advisories, entry points, and so on.

Internet Technologie

Security in the Cloud:
Xen, KVM, Containers
Or, Surviving and the Zombie Apocalypse

“Some people make the mistake of thinking of containers as a
better and faster way of running virtual machines. From a security
point of view, containers are much weaker.”
–Dan Walsh (Mr. SELinux)

“There's contentions all over the place that containers are not
actually as secure as hypervisors. This is not really true. Parallels
and Virtuozo, we've been running secure containers for at least 10
years.”
–James Bottomley, Linux Maintainer and Parallels CTO

“Virtual Machines might be more secure today, but containers are
definitely catching up.”
–Jerome Petazzoni, Senior Software Engineer at Docker

“You are absolutely deluded, if not stupid, if you think that a
worldwide collection of software engineers who can't write
operating systems or applications without security holes, can then
turn around and suddenly write virtualization layers without
security holes.”
–Theo de Raadt, OpenBSD project lead

Every window is an opportunity
to make a mistake

Every element of every interface is
an opportunity to make a mistake

Would this affect a system
configured reasonably for security?

Xen: Access to HV memory
>5TiB during migration

KVM: vlapic shared page
crossing a page boundary

Linux: AIO, arbitrary read of
kernel memory

Linux: Futex not checking if two
pointers were different (2)

Application-specific containers
+ seccomp2?

Weitere ähnliche Inhalte

Was ist angesagt?

The OpenXT Project is an Open Source community producing a Xen-based platform for client devices with a focus on providing strong security properties. The different primary use cases of this project versus server-based Xen systems have motivated notable technical differences and consequently OpenXT should be of interest to anyone seeking to understand the full set of capabilities on offer within the Xen ecosystem. In this presentation, Christopher Clark will describe the technical architecture of OpenXT, its current status and development activity within the project and its engagement with the upstream OpenEmbedded and Xen projects. This will include an overview of OpenXT's differentiating features such as Measured Launch, Virtual TPMs, Linux-based stubdoms, a specialized input layer and a distinct PV USB stack for Windows and Linux.

XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems

The Linux Foundation

Virtunoid: Breaking out of KVM

Nelson Elhage

The kvm virtualization way

Francisco Gonçalves

Mastering KVM virtualization is a complete guide to understand KVM virtualization. Mastering KVM Virtualization is a culmination of all the knowledge we gained by troubleshooting, configuring and fixing bug on KVM virtualization. We authored this book for system administrators, DevOps practitioners and developers who have a good hands-on knowledge of Linux and would like to sharpen their skills of open source virtualization. The chapters in this book are written with a focus on practical examples that should help you deploy a robust virtualization environment, suiting your organization's needs. Our expectation is that, once you have finished the book, you should have a good understanding of KVM virtualization, its tools to build and manage diverse virtualization environments.

Mastering kvm virtualization- A complete guide of KVM virtualization

Humble Chirammal

Static partitioning is becoming increasingly common in embedded. A static hypervisor, such as Xen dom0less, is employed to split the hardware resources into multiple domains and run a different OS in each domain. For instance, Linux and Zephyr. Only the simplest static partitioning configurations don't involve any data exchanges between the domains. Often, communication and data exchanges between two or more environments are required to complete the data processing pipeline that implements the target application. However, the VM-to-VM communication mechanisms available in static partitioning configurations are typically more limited compared to general-purpose hypervisors. For example, PV drivers are not available to Xen dom0less domains. This presentation will discuss the need for communication in static partitioning setups and it will present the technical challenges involved in getting traditional communication methods to work, including Xen PV drivers and VirtIO. The talk will also provide simpler alternatives based on shared memory and interrupt notifications to set up domain-to-domain data streams: simpler techniques that are easily exploitable both by Linux and by tiny baremetal applications as well.

ELC21: VM-to-VM Communication Mechanisms for Embedded

Stefano Stabellini

As a technical preview, SUSE Linux Enterprise Server 11 contains KVM, which is the next-generation virtualization software delivered with the Linux kernel. In this technical session we will demonstrate how to set up SUSE Linux Enterprise Server 11 for KVM, install some virtual machines and deal with different storage and networking setups. To demonstrate live migration we will also show a distributed replicated block device (DRBD) setup and a setup based on iSCSI and OCFS2, which are included in SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise 11 High Availability Extension.

Virtualization with KVM (Kernel-based Virtual Machine)

Novell

The sexy world of Linux kernel pvops project

The Linux Foundation

Kvm

Bert Desmet

Data Breaches are all over the news these days, and no organization is safe. Nobody, from the largest governments to the biggest banks to the most advanced security companies is able to adequately protect themselves. The difficulty is that there are infinite number of ways to exfiltrate data from an organization ranging from stolen/lost hardware to steganography to malicious insiders to 0Day exploits installing malware to side channels. The industry is trying to solve this problem using detection, heuristics, pattern matching and behavioral analysis. A new approach is clearly needed to fight the Data Breach problem and keep data inside an organization. Come find out how to use Hypervisors to repurpose hardware to protect sensitive data under the assumption of compromised networks, devices and users (Malicious Insiders). In addition, find out how to do so without using any type of detection, heuristics, pattern matching or behavioral analysis, but rather a strictly algorithmic approach rooted in hardware. Finally, learn about how this technology can be used in a generic manner to protect data of DataBases, Server Software, unmodified legacy applications, and unmodified consumer applications such as word processing and spreadsheet software.

XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC

The Linux Foundation

Xen Project for ARM Servers

Stefano Stabellini

Hypervisors are becoming increasingly widespread in embedded environments. Their use-case is different from server virtualization, and so are their requirements. The ability to run containerized applications is often a requirement. Xen on ARM is embracing the new challenges with innovative solutions. This talk will discuss cutting-edge Xen on ARM features for embedded deployments, including dom0less, where multiple domains are started directly by Xen at boot. The presentation will explain the reasons why Xen is an excellent runtime environment for containerized apps and will introduce a new proposal for a Xen Project sub-project to create the ideal platform for secure containers in embedded.

Xen on ARM for embedded and IoT: from secure containers to dom0less systems

Stefano Stabellini

Xen Project: Windows PV Drivers

The Linux Foundation

Drive into kvm

Udayendu Kar

The confluence of a number of relatively recent trends including the development of virtualization technologies, the deployment of micro datacenters at PoPs, and the availability of microservers, opens up the possibility of evolving the cloud, and the network it is connected to, towards a superfluid cloud: a model where parties other than infrastructure owners can quickly deploy and migrate virtualized services throughout the network (in the core, at aggregation points and at the edge), enabling a number of novel use cases including virtualized CPEs and on-the-fly services, among others. Towards this goal, we identify a number of required mechanisms and present early evaluation results of their implementation. On an inexpensive commodity server, we are able to concurrently run up to 10,000 specialized virtual machines (based on unikernels), instantiate a VM in as little as 10 milliseconds, and migrate it in under 100 milliseconds.

CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)

The Linux Foundation

Defending the security of interconnected systems is shifting to depend upon methods for determining the level of trust to be placed in devices and users, with mandatory enforcement of access control policies and robust mechanisms for ensuring the integrity of communication between mutually-authenticated entities. Virtualization-based security leverages trust in the hypervisor to provide strong mechanisms to virtual machines, enabling increased protection, in server, client and embedded deployments. The interfaces provided by the hypervisor for inter-domain communication determine critical properties for data isolation and control of information flow. Hypervisor-Mediated data eXchange describes key aspects of these data transfer primitives and has some support in Hyper-V. The first Open Source implementation of HMX is Argo, a Xen hypervisor feature developed with the OpenXT Project.

XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...

The Linux Foundation

This talk provides an overview of the Xen Project eco-system and its main use-cases in a number of important market segments: it covers server virtualization, cloud computing and embedded, automotive and related. Lars Kurth highlights why the Xen Project is relevant in these market segments: he provides an overview of the Xen Project's architecture, relevant existing functionality and ongoing and planned developments. To complement the picture, he covers open-source projects that are related to Xen and are of interest for these use-cases. Excellent Software security is key to all of these use-cases. Thus, Lars specifically covers the Xen Project's security features, track record and touches on the project's security practices. He concludes with a few resources that help you get started with the Xen Project and highlight Internship Programs which the project supports. The talk was delivered at Root Linux Conference 2017. Learn more: http://linux.globallogic.com/materials. The video is available at https://www.youtube.com/watch?v=sjQnAIJji4k

Rootlinux17: An introduction to Xen Project Virtualisation

The Linux Foundation

KVM tools and enterprise usage

vincentvdk

LFNW2014 Advanced Security Features of Xen Project Hypervisor

The Linux Foundation

Hypervisors are becoming more and more widespread in embedded environments, from automotive to medical and avionics. Their use case is different from traditional server and desktop virtualization, and so are their requirements. This talk will explain why hypervisors are used in embedded, and the unique challenges posed by these environments to virtualization technologies. Xen, a popular open source hypervisor, was born to virtualize x86 Linux systems for the data center. It is now the leading open source hypervisor for ARM embedded platforms. The presentation will show how the ARM port of Xen differs from its x86 counterpart. It will go through the fundamental design decisions that made Xen a good choice for ARM embedded virtualization. The talk will explain the implementation of key features such as device assignment and interrupt virtualization.

Xen and the art of embedded virtualization (ELC 2017)

Stefano Stabellini

Virtualization - Kernel Virtual Machine (KVM)

Wan Leung Wong

Was ist angesagt? (20)

XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems

Virtunoid: Breaking out of KVM

The kvm virtualization way

Mastering kvm virtualization- A complete guide of KVM virtualization

ELC21: VM-to-VM Communication Mechanisms for Embedded

Virtualization with KVM (Kernel-based Virtual Machine)

The sexy world of Linux kernel pvops project

Kvm

XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC

Xen Project for ARM Servers

Xen on ARM for embedded and IoT: from secure containers to dom0less systems

Xen Project: Windows PV Drivers

Drive into kvm

CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)

XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...

Rootlinux17: An introduction to Xen Project Virtualisation

KVM tools and enterprise usage

LFNW2014 Advanced Security Features of Xen Project Hypervisor

Xen and the art of embedded virtualization (ELC 2017)

Virtualization - Kernel Virtual Machine (KVM)

Andere mochten auch

This session will give a detailed report on the functionality found in newer kernel versions as it relates to Linux on System z. Areas included are advanced virtualization, storage support, RAS, security, as well as usability and serviceability. This session will also give some insight into the IBM Linux on System z development process itself. Last, not least, attendees get an overview of features, functionalities and tools specific to SUSE Linux Enterprise Server for System z.

What's New with Linux on System z

Novell

Due to the rapid shift toward cloud computing, virtual desktop infrastructure (VDI) and thin client computing, many organizations in the government desire a high assurance, multi-level secure server virtualization platform that is low-cost, open and enterprise ready. In this presentation, Jason Sonnek will present SecureServe, a recently launched effort to develop such a platform by building on the open-source Citrix XenServer. The SecureServe project will draw upon research in a number of areas, including dom0 disaggregation, Xen Security Modules mandatory access controls and static/dynamic attestation. In this presentation, Jason will describe the project objectives and requirements, the project's relation to Citrix XenClient XT and XenServer Windsor, current development status and plans for moving forward.

XPDS13: SecureServe - A Multi-level Secure Server Virtualization Platform on ...

The Linux Foundation

Disk Performance Comparison Xen v.s. KVM

nknytk

Systemz Security Overview (for non-Mainframe folks)

Mike Smith

linux security: interact with linux

Ammar WK

Linux Security

nayakslideshare

File System Implementation & Linux Security

Geo Marian

Kernel Recipes 2013 - Linux Security Modules: different formal concepts

Anne Nicolas

2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview

Shawn Wells

Scsi express overview

rbeetle

Linux is considered to be a secure operating system by default. Still there is a lot to learn about system hardening and technical auditing. This 1-hour presentation explains the need for hardening and auditing of your systems. We discussed some additional documents and tools, to further help this endeavor. This presentation is suitable for both beginners and those with experience in system hardening.

Linux Security, from Concept to Tooling

Michael Boelen

This talk with discuss the design and implementation of a new type of hypervisor derived from the Xen code base. µ-Xen has been built and optimized for modern CPUs and chipsets, and thus assumes the presence of CPU and IO MMUs that are virtualization capable. µ-Xen borrows extensively from the production-proven and tuned Xen code base, but removal of support for older hardware and PV-MMU guests has enabled significant simplification of the code. µ-Xen supports optimizations in support of running large numbers of very similar virtual machines, through the support of a native 'vmfork' optimization and efficient re-merging of shareable pages. The primary goal of µ-Xen has been to run as a late-load hypervisor on an existing OS. It has a narrow and well-defined interface to the services it expects from the underlying OS, which makes it easy to port to other OSes, or to enable it to run on bare metal. During initialisation, µ-Xen can de-privilege the running host OS into a VM container, enabling it to establish itself as the most privileged software component in the system. Thus, µ-Xen enforces the privacy and integrity of itself and VMs that it is running, against a faulty or malicious host OS, while co-operating with the host OS on the actual allocation of physical resources.

µ-Xen

The Linux Foundation

Docker and other container runtimes are gathering momentum and becoming the new industry standard for server applications. Linux namespaces, commonly used to run Docker apps, come with a large surface of attack which is difficult to reduce. Intel’s Clear Containers use KVM to run containers as VMs to provide additional isolation. It is possible to provide VM-like isolation for containers without sacrificing performance. This talk focuses on the benefits of using Xen to provide an execution environment for Docker apps. The presentation starts by listing the requirements of this environment. It explains why monitoring container syscalls is important and what its security benefits are. The talk introduces a new paravirtualized protocol to virtualize IP sockets and provides the design and implementation details. The presentation clarifies the impact of the new protocol from a security perspective. The discussion concludes by comparing performance figures with the traditional PV network frontend and backend drivers in Linux, explaining the reasons for any performance gaps.

XPDS16: A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, ...

The Linux Foundation

LF Collaboration Summit: Xen Project 4 4 Features and Futures

The Linux Foundation

Linux ppt

lincy21

Security and Linux Security

Rizky Ariestiyansyah

Security, Hack1ng and Hardening on Linux - an Overview

Kaiwan Billimoria

Andere mochten auch (17)

What's New with Linux on System z

XPDS13: SecureServe - A Multi-level Secure Server Virtualization Platform on ...

Disk Performance Comparison Xen v.s. KVM

Systemz Security Overview (for non-Mainframe folks)

linux security: interact with linux

Linux Security

File System Implementation & Linux Security

Kernel Recipes 2013 - Linux Security Modules: different formal concepts

2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview

Scsi express overview

Linux Security, from Concept to Tooling

µ-Xen

XPDS16: A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, ...

LF Collaboration Summit: Xen Project 4 4 Features and Futures

Linux ppt

Security and Linux Security

Security, Hack1ng and Hardening on Linux - an Overview

Ähnlich wie LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citrix Systems UK Ltd

Docker and kernel security

smart_bit

Making the case for sandbox v1.1 (SD Conference 2007)

Dinis Cruz

LXC, Docker, security: is it safe to run applications in Linux Containers?

Jérôme Petazzoni

Virtual machines are generally considered secure. At least, secure enough to power highly multi-tenant, large-scale public clouds, where a single physical machine can host a large number of virtual instances belonging to different customers. Containers have many advantages over virtual machines: they boot faster, have less performance overhead, and use less resources. However, those advantages also stem from the fact that containers share the kernel of their host, instead of abstracting a new independent environment. This sharing has significant security implications, as kernel exploits can now lead to host-wide escalations. We will show techniques to harden Linux Containers; including kernel capabilities, mandatory access control, hardened kernels, user namespaces, and more, and discuss the remaining attack surface.

Docker, Linux Containers (LXC), and security

Jérôme Petazzoni

The Good The Bad The Virtual

Claudio Criscione

Containers are becoming increasingly popular. They have many advantages over virtual machines: they boot faster, have less performance overhead, and use less resources. However, those advantages also stem from the fact that containers share the kernel of their host, instead of abstracting an new independent environment. This sharing has significant security implications, as kernel exploits can now lead to host-wide escalations. In this presentation, we will: - Review the actual security risks, in particular for multi-tenant environments running arbitrary applications and code - Discuss how to mitigate those risks - Focus on containers as implemented by Docker and the libcontainer project, but the discussion also stands for plain containers as implemented by LXC

Docker, Linux Containers, and Security: Does It Add Up?

Jérôme Petazzoni

Docker en kernel security

smart_bit

Pitfalls and limits of dynamic malware analysis

Tamas K Lengyel

VirtSec, and the Open Source impact

Kris Buytaert

An overview of OpenVZ virtualization technology

OpenVZ

An overview of OpenVZ virtualization technology

OpenVZ

[Confidence0902] The Glass Cage - Virtualization Security

Claudio Criscione

Teensy Programming for Everyone

Nikhil Mittal

Slides from my DevOpsExpo London talk "From oops to NoOps". They tell you in these conferences that DevOps is not about tools, but about culture. And they are partially right. I am going to tell you that it’s not only about culture or tools but also abstractions. It is a lot about how you see software and its value. About our mental model of what software is: how it runs, evolves, and interacts with the other facets of an enterprise. We used to view software as code. As a state of code. Now we think about software as change, as a flow. A dynamic system where people, machines, and processes interact continuously. At Platform.sh we spend a bunch of time asking ourselves not “How do you build?” - or even “How do you build consistently?” - but rather “What does it mean to consistently build in a world where change is good?” A world that lets you push security fixes into production as soon as they’re available because you don’t want to be an Equifax but you do want stability. In this presentation, I will go over what we think software is and why having the right ideas about software will help you get your culture right and your tooling aligned, as well as gain in productivity, and general happiness and well-being.

From 🤦 to 🐿️

Ori Pekelman

Qubes os presentation_to_clug_20150727

csirac2

The developer is an easy and valuable target for malicious minds. The reasons for that are numerous and hard to come by. This talk delivers examples, proof, discussion and awkward moments in a pretty special way. Everybody hates developers – especially web developers. And why not? The cracks and crevices of their APIs and implementations are the reason that vulnerabilities in web applications are still a widespread issue – and will continue to be in the foreseeable future. Bashing and blaming them for their wrongdoings is fun – boy, they are stupid in their mistakes! But has anyone ever dared to have an open on stage battle with an actual developer? And who of the developers dares to face their collective nemesis – the attacker? Can there be life where matter and anti-matter collide? We will know about this soon – because this is what this talk is going to be about. Developer versus attacker – vulnerability versus defense. Be prepared for swearing, violence and people leaving the stage prematurely in tears.

Dev and Blind - Attacking the weakest Link in IT Security

Mario Heiderich

A Xen Case Study

Kris Buytaert

As presented at LinuxCon/CloudOpen 2015: http://sched.co/3Y3v We tell our code lies from development to deploy. The most common of these lies start with the simple act of launching a virtual machine. These lies are critical to our applications. Some of them protect applications from themselves and each other, some even improve performance. Some, however, decrease performance, and others create barriers to simply getting things done. We lie about the systems, networks, storage, RAM, CPU and other resources our applications use, but how we tell those lies is critical to how the applications that depend on them perform. Joyent's Casey Bisson will explore the lies we tell our code and demonstrate examples of how they sometimes help and hurt us.

The lies we tell our code, LinuxCon/CloudOpen 2015-08-18

Casey Bisson

DevOps and the Death & Rebirth of Childhood Innocence

Robert Douglass

We tell our code lies from development to deploy. The most common of these lies start with the simple act of launching a virtual machine. These lies are critical to our applications. Some of them protect applications from themselves and each other, some even improve performance. Some, however, decrease performance, and others create barriers to simply getting things done. We lie about the systems, networks, storage, RAM, CPU and other resources our applications use, but how we tell those lies is critical to how the applications that depend on them perform. Joyent's Casey Bisson will explore the lies we tell our code and demonstrate examples of how they sometimes help and hurt us. Slides as presented at http://www.meetup.com/Seattle-Scalability-Meetup/events/219709036/. Video from that meetup is on YouTube, https://www.youtube.com/watch?v=LtPS2z_c2v4.

The Lies We Tell Our Code (#seascale 2015 04-22)

Casey Bisson

Ähnlich wie LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citrix Systems UK Ltd (20)

Docker and kernel security

Making the case for sandbox v1.1 (SD Conference 2007)

LXC, Docker, security: is it safe to run applications in Linux Containers?

Docker, Linux Containers (LXC), and security

The Good The Bad The Virtual

Docker, Linux Containers, and Security: Does It Add Up?

Docker en kernel security

Pitfalls and limits of dynamic malware analysis

VirtSec, and the Open Source impact

An overview of OpenVZ virtualization technology

[Confidence0902] The Glass Cage - Virtualization Security

Teensy Programming for Everyone

From 🤦 to 🐿️

Qubes os presentation_to_clug_20150727

Dev and Blind - Attacking the weakest Link in IT Security

A Xen Case Study

The lies we tell our code, LinuxCon/CloudOpen 2015-08-18

DevOps and the Death & Rebirth of Childhood Innocence

The Lies We Tell Our Code (#seascale 2015 04-22)

Mehr von The Linux Foundation

Static partitioning is used to split an embedded system into multiple domains, each of them having access only to a portion of the hardware on the SoC. It is key to enable mixed-criticality scenarios, where a critical application, often based on a small RTOS, runs alongside a larger non-critical app, typically based on Linux. The two domains cannot interfere with each other. This talk will explain how to use Xen for static partitioning. It will introduce dom0-less, a new Xen feature written for the purpose. Dom0-less allows multiple VMs to start at boot time directly from the Xen hypervisor, decreasing boot times drastically. It makes it very easy to partition the system without virtualization overhead. Dom0 becomes unnecessary. This presentation will go into details on how to setup a Xen dom0-less system. It will show configuration examples and explain device assignment. The talk will discuss its implications for latency-sensitive and safety-critical environments.

ELC2019: Static Partitioning Made Simple

The Linux Foundation

TrenchBoot is a cross-community OSS integration project for hardware-rooted, late launch integrity of open and proprietary systems. It provides a general purpose, open-source DRTM kernel for measured system launch and attestation of device integrity to trust-centric access infrastructure. TrenchBoot closes the UEFI Measurement Gap and reduces the need to trust system firmware. This talk will introduce TrenchBoot architecture and a recent collaboration with Oracle to launch the Linux kernel directly with Intel TXT or AMD SVM Secure Launch. It will propose mechanisms for integrating the Xen hypervisor into a TrenchBoot system launch. DRTM-enabled capabilities for client, server and embedded platforms will be presented for consideration by the Xen community.

XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...

The Linux Foundation

Artem will briefly cover what has been done since the first talk on Xen in Automotive domain back in 2013, what is going on now and what is still missing for broad adaptation of Xen in vehicles. The following topics will be covered: Embedded/automotive features of Xen Collaboration with AGL and GENIVI organizations for standardization Efforts on Functional Safety compliance Artem will also go over typical automotive use scenarios for Xen which may not be the same as generic computing use of hypervisor.

XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...

The Linux Foundation

XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...

The Linux Foundation

In recent years unikernels have shown immense performance potential (e.g., boot times of only a few ms, image sizes of only hundreds of KBs).The fundamental drawback of unikernels is that they require that applications be manually ported to the underlying minimalistic OS, needing both expert work and often considerable amount of time. The Unikraft project provides a unikernel code base and build system that significantly simplifies the building of unikernels. In addition to support for a number CPU architectures, languages and frameworks, Unikraft provides debugging and tracing features that are generally sorely missing from unikernel projects. In this talk we will talk about these features, show a set of preliminary performance numbers, and provide a roadmap for the project's future.

XPDDS19 Keynote: Unikraft Weather Report

The Linux Foundation

XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...

The Linux Foundation

This talk will introduce Dom0-less: a new way of using Xen to build mixed-criticality solutions. Dom0-less is a Xen feature that adds a novel approach to static partitioning based on virtualization. It allows multiple domains to start at boot time directly from the Xen hypervisor, decreasing boot times dramatically. Xen userspace tools, such as xl and libvirt, become optional. Dom0-less extends the existing device tree based Xen boot protocol to cover information required by additional domains. Binaries, such as kernels and ramdisks, are loaded by the bootloader (u-boot) and advertised to Xen via new device tree bindings. The audience will learn how to use Dom0-less to partition the system. Uboot and device tree configuration details will be explained to enable the audience to get the most out of this feature. The talk will include a status update and details on future plans.

XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx

The Linux Foundation

As the number of contributions grow, reviewer bandwidth becomes a bottleneck; and maintainers are always asking for more help. However, ultimately maintainers must at least Ack every patch that goes in; so if you're not a maintainer, how can you contribute? Why should anyone care about your opinion? This talk will try to lay out some advice and guidelines for non-maintainers, for how they can do code review in a way which will effectively reduce the load on maintainers when they do come to review a patch.

XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...

The Linux Foundation

This talk is a follow-up to our Summit 2017 presentation in which we covered our plans for Intel VMFUNC and #VE, as well as related use-cases. This year, we will provide a report on what we have accomplished in Xen 4.12, and what remains to be addressed. We will also give a brief status update of VMI on AMD hardware. The session will end with some real-world numbers of the Hypervisor Introspection solution running on Citrix Hypervisor 8.0 with #VE enabled.

XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender

The Linux Foundation

Safety certification is one of the essential requirements for software to be used in highly regulated industries. Besides technical and compliance issues (such as ISO 26262 vs IEC 611508) transitioning an existing project to become more easily safety certifiable requires significant changes to development practices within an open source project. In this session, we will lay out some challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the Xen Project has followed thus far and highlight lessons learned along the way. The talk will primarily focus on necessary process, tooling changes and community challenges that can prevent progress. We will be offering an in-depth review of how Xen Project is approaching this challenging goal and try to derive lessons for other projects and contributors.

OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...

The Linux Foundation

Safety certification is one of the essential requirements for software to be used in highly regulated industries. The Xen Project, a secure and stable hypervisor that is used in many different markets, has been exploring the feasibility of building safety certified products on top of Xen for a year, looking at key aspects of its code base and development practices. In this session, we will lay out the motivation and challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the project has followed thus far and highlight lessons learned along the way. The talk will cover technical enablers, necessary process and tooling changes and community challenges offering an in-depth review of how Xen Project is approaching this exciting and and challenging goal.

OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...

The Linux Foundation

2018 saw fundamental shifts in security boundaries which were previously taken for granted. A lot of work has been done in the past 2 years, and largely in secret under embargo, but there is plenty more work to be done to strengthen the existing mitigations and to try to recover some performance without reopening security holes. This talk will look at speculative execution sidechannels, the work which has already been done to mitigate the security holes, and future work which hopes to bring some improvements.

XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix

The Linux Foundation

The Arm architecture provides a set of guidelines that any software should abide by when accessing the memory with MMU off and update page-tables. Failing to do so may result in getting TLB conflicts or breaking coherency. In a previous talk ("Keeping coherency on Arm"), we focused on updating safely the stage-2 (aka P2M) page-tables. This talk will focus on the boot code and Xen memory management. During this session, we will introduce some of the guidelines and when they should be used. We will also discuss how Xen boot sequence needs to be reworked to avoid breaking the guidelines.

XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd

The Linux Foundation

For many years the QEMU codebase has contained PV backends for Xen guests, giving them paravirtual access to storage, network, keyboard, mouse, etc. however these backends have not been configurable as QEMU devices as their implementation did not fully adhere to the QEMU Object Model (QOM). Particularly the PV storage backend not using proper QOM devices, or qdevs, meant that the QEMU block layer needed to maintain legacy code that was cluttering up the source. This was causing push-back from the maintainers who did not want to accept any patches relating to that Xen backend until it was 'qdevified'. In this talk, I'll explain the modifications I made to QEMU to achieve 'qdevification' of the PV storage backend, how compatibility with the libxl toolstack was maintained, and what the next steps in both QEMU and libxl development should be.

XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...

The Linux Foundation

PCI is a local computer bus for attaching hardware devices in a computer, and is the main peripheral bus on modern x86 systems. As such, having a proper way to emulate it is crucial for Xen to be able to expose both fully emulated devices or passthrough devices to guests. This talk will focus on the current status of PCI emulation in Xen, how and where it is used, what are its main limitations and future plans to improve it in order to be more robust and modular.

XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D

The Linux Foundation

XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems

The Linux Foundation

Xen is a very powerful hypervisor with a talented and diverse developers community. Despite the fact it's almost everywhere (from the Cloud to the embedded world), it can be difficult to set up and manage as a system administrator. General purpose distros have Xen packages, but that's just a start in your Xen journey: you need some tooling and knowledge to have a working and scalable platform. XCP-ng was built to overcome those issues: by bringing Xen to the masses with a fully turnkey distro with Xen as its core. It's the logical sequel to the XCP project, with a community focus from the start. We'll see how it happened, what we did, and what's next. Finally, we'll see the impact of XCP-ng on the Xen Project.

XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...

The Linux Foundation

XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...

The Linux Foundation

High level toolstacks for server and cloud virtualization are very mature with large communities using and supporting them. Client virtualization is a much more niche community with unique requirements when compared to those found in the server space. In this talk, we’ll introduce a client virtualization toolstack for Xen (redctl) that we are using in Redfield, a new open-source client virtualization distribution that builds upon the work done by the greater virtualization and Linux communities. We will present a case for maturing libxl’s Go bindings and discuss what advantages Go has to offer for high level toolstacks, including in the server space.

XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...

The Linux Foundation

Today Xen is scheduling guest virtual cpus on all available physical cpus independently from each other. Recent security issues on modern processors (e.g. L1TF) require to turn off hyperthreading for best security in order to avoid leaking information from one hyperthread to the other. One way to avoid having to turn off hyperthreading is to only ever schedule virtual cpus of the same guest on one physical core at the same time. This is called core scheduling. This presentation shows results from the effort to implement core scheduling in the Xen hypervisor. The basic modifications in Xen are presented and performance numbers with core scheduling active are shown.

XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE

The Linux Foundation

Mehr von The Linux Foundation (20)