Skip to main content
SpringerLink
Log in

Performance Isolation Exposure in Virtualized Platforms with PCI Passthrough I/O Sharing

  • Conference paper
Architecture of Computing Systems – ARCS 2014 (ARCS 2014)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 8350))

Included in the following conference series:

Abstract

PCI Passthrough is an x86 virtualization technology that enables low overhead, high performance I/O virtualization. It is an established technology in server and cloud computing environments and a promising technology for sharing I/O devices in future Cyber Physical Systems that consolidate mixed-criticality applications on multi-core CPUs. In this paper, we show that current implementations of x86 PCI Passthrough are prone to Denial-of-Service attacks. We demonstrate that attacks can be launched from within Virtual Machine environments and affect the performance of every I/O device on the interconnect. This means that malicious or malfunctioning applications inside Virtual Machines can impair the I/O performance of co-residential Virtual Machines. For example, attacking an SR-IOV capable Gigabit Ethernet NIC causes its TCP throughput to drop by 326 Mbit/s; latencies for reading 32 bit words from the NIC increase by over 650%. We investigate which hardware parameters influence the impact of such attacks and introduce three protection approaches.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: ACM SIGOPS Operating Systems Review, vol. 37, pp. 164–177. ACM (2003)

    Google Scholar 

  2. Dong, Y., Yang, X., Li, J., Liao, G., Tian, K., Guan, H.: High performance network virtualization with sr-iov. Journal of Parallel and Distributed Computing (2012)

    Google Scholar 

  3. Dong, Y., Yu, Z., Rose, G.: Sr-iov networking in xen: architecture, design and implementation. In: Proceedings of the First Conference on I/O Virtualization, pp. 10–10. USENIX Association (2008)

    Google Scholar 

  4. Intel: Intel 7 series / c216 chipset family platform controller hub (pch) datasheet (2012)

    Google Scholar 

  5. Jing, W.: Performance Isolation for Mixed Criticality Real-time System on Multicore with Xen Hypervisor. Master’s thesis, Uppsala University, Department of Information Technology (2013)

    Google Scholar 

  6. Kotaba, O., Nowotsch, J., Paulitsch, M., Petters, S.M., Theiling, H.: Multicore in real-time systems–temporal isolation challenges due to shared resources. In: Workshop on Industry-Driven Approaches for Cost-effective Certification of Safety-Critical, Mixed-Criticality Systems, WICERT (2013)

    Google Scholar 

  7. Navet, N., Monot, A., Bavoux, B., Simonot-Lion, F.: Multi-source and multicore automotive ecus-os protection mechanisms and scheduling. In: International Symposium on Industrial Electronics-ISIE 2010 (2010)

    Google Scholar 

  8. Nowotsch, J., Paulitsch, M.: Leveraging multi-core computing architectures in avionics. In: 2012 Ninth European Dependable Computing Conference (EDCC), pp. 132–143 (2012)

    Google Scholar 

  9. Paoloni, G.: How to benchmark code execution times on intel ia-32 and ia-64 instruction set architectures. White paper. Intel Corporation (2010)

    Google Scholar 

  10. Reinhardt, D., Kaule, D., Kucera, M.: Achieving a scalable e/e-architecture using autosar and virtualization. In: SAE World Congress (2013)

    Google Scholar 

  11. Sang, F.L., Lacombe, E., Nicomette, V., Deswarte, Y.: Exploiting an i/ommu vulnerability. In: 2010 5th International Conference on Malicious and Unwanted Software (MALWARE), pp. 7–14. IEEE (2010)

    Google Scholar 

  12. Sugerman, J., Venkitachalam, G., Lim, B.H.: Virtualizing i/o devices on vmware workstation’s hosted virtual machine monitor. In: Proceedings of the General Track: 2002 USENIX Annual Technical Conference, pp. 1–14 (2001)

    Google Scholar 

  13. Wojtczuk, R., Rutkowska, J.: Following the white rabbit: Software attacks against intel vt-d technology (2011)

    Google Scholar 

  14. Zhuravlev, S., Blagodurov, S., Fedorova, A.: Addressing shared resource contention in multicore processors via scheduling. In: ACM SIGARCH Computer Architecture News, pp. 129–142. ACM (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Integrated Systems, Technische Universität München, Arcisstr. 21, 80290, Munich, Germany

    Andre Richter, Christian Herber, Holm Rauchfuss, Thomas Wild & Andreas Herkersdorf

Authors
  1. Andre Richter
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christian Herber
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Holm Rauchfuss
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Thomas Wild
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Andreas Herkersdorf
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institut für Technische Informatik, Universität zu Lübeck, Lübeck, Germany

    Erik Maehle

  2. Institute of Tehnical Informatics, Graz Universita of Technology, Graz, Austria

    Kay Römer

  3. Institute of Computer Science and Computer Engineering, Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany

    Wolfgang Karl

  4. CISTER-ISEP, Polytechnic Institute of Porto, Porto, Portugal

    Eduardo Tovar

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Richter, A., Herber, C., Rauchfuss, H., Wild, T., Herkersdorf, A. (2014). Performance Isolation Exposure in Virtualized Platforms with PCI Passthrough I/O Sharing. In: Maehle, E., Römer, K., Karl, W., Tovar, E. (eds) Architecture of Computing Systems – ARCS 2014. ARCS 2014. Lecture Notes in Computer Science, vol 8350. Springer, Cham. https://doi.org/10.1007/978-3-319-04891-8_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-04891-8_15

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-04890-1

  • Online ISBN: 978-3-319-04891-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation