research-article

Swap and Play: Live Updating Hypervisors and Its Application to Xen

Authors:

Franz Ferdinand Brasser,

Mihai Bucicoiu,

Ahmad-Reza SadeghiAuthors Info & Claims

CCSW '14: Proceedings of the 6th edition of the ACM Workshop on Cloud Computing Security

Pages 33 - 44

https://doi.org/10.1145/2664168.2664173

Published: 07 November 2014 Publication History

Abstract

Hypervisors provide the means to run multiple isolated virtual machines on the same physical host. Typically, updating hypervisors requires a reboot of the host leading to disruption of services that is highly undesirable, particularly in cloud environments. Nevertheless, security updates have to be applied fast to reduce the risk of attacks, demanding a solution which eliminates the trade-off between availability and security risk.

Live updating, in general, is highly challenging and has been investigated for decades. However, all solutions proposed so far require changes to the control flow of the software and/or cause performance degradation. Moreover, currently there are no solutions for live updating of hypervisors and all major products (e.g., Hyper-V, Xen, ESXi) require a reboot for updating.

In this paper, we present Swap and Play, the first live update mechanism for hypervisors. Our solution is easy to use, scalable and, in particular, deployable in cloud environments. Our approach leverages the hypervisor's small memory footprint to swap the hypervisor on-the-fly without affecting the control flow of the (new) hypervisor, or disrupting the guests. In this context, we tackle several technically involved challenges, such as transferring the state of the running hypervisor, updating the configuration of one CPU while reinitializing the configuration of all other CPUs, and passing the control to the new hypervisor, all at run-time.

We implemented our approach on the popular Xen hypervisor to show its efficiency and effectiveness.

References

[1]

Amazon data center size. http://huanliu.wordpress.com/2012/03/13/amazon-data-center-size/.

[2]

Amazon ec2 service level agreement. http://aws.amazon.com/ec2-sla/.

[3]

Amazon's physical hardware and ec2 compute unit. http://huanliu.wordpress.com/2010/06/14/amazons-physical-hardware-and-ec2-compute-unit/.

[4]

Common vulnerabilities and exposures. xen: Security vulnerabilities. http://www.cvedetails.com/vulnerability-list.php?vendor_id=6276.

[5]

Cve-2012--3516: grant table entry swaps have inadequate bounds checking. http://lists.xen.org/archives/html/xen-announce/2012-09/msg00004.html.

[6]

Free vmware vsphere hypervisor, free virtualization (esxi). http://www.vmware.com/products/vsphere-hypervisor/.

[7]

Gnu grub. http://www.gnu.org/software/grub/.

[8]

Is the hypervisor market expanding or contracting? http://blogs.aberdeen.com/it-infrastructure/is-the-hypervisor-market-expanding-or-contracting/.

[9]

Microsoft hyper-v server. http://www.microsoft.com/en-us/server-cloud/hyper-v-server/default.aspx.

[10]

Migrate hyper-v to windows server 2012. http://technet.microsoft.com/library/jj574113.aspx.

[11]

nuttcp project. http://www.nuttcp.net/.

[12]

sysbench project. http://sysbench.sourceforge.net/.

[13]

vsphere upgrade. http://pubs.vmware.com/vsphere-50/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-50-upgrade-guide. pdf.

[14]

Xen project software overview. http://wiki.xen.org/wiki/Xen_Project_Software_Overview.

[15]

The xen project, the powerful open source industry standard for virtualization. http://www.xenproject.org/.

[16]

Xen version compatibility. http://wiki.xen.org/wiki/Xen_Version_Compatibility.

[17]

Xenserver documentation. http://docs.vmd.citrix.com/XenServer/5.0.0/1. 0/en_gb/installation.html#maintenance.

[18]

G. Altekar, I. Bagrak, P. Burstein, and A. Schultz. Opus: online patches and updates for security. In Proceedings of the 14th conference on USENIX Security Symposium - volume 14, SSYM'05.

Digital Library

[19]

J. Arnold and M. F. Kaashoek. Ksplice: automatic rebootless kernel updates. In Proceedings of the 4th ACM European conference on Computer systems, EuroSys '09.

Digital Library

[20]

P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. In Proceedings of the nineteenth ACM symposium on Operating systems principles, SOSP '03.

Digital Library

[21]

A. Baumann, J. Appavoo, R. W. Wisniewski, D. D. Silva, O. Krieger, and G. Heiser. Reboots are for hardware: challenges and solutions to updating an operating system on the fly. In 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference, ATC'07.

Digital Library

[22]

A. Baumann, G. Heiser, J. Appavoo, D. Da Silva, O. Krieger, R. W. Wisniewski, and J. Kerr. Providing dynamic update in an operating system. In Proceedings of the annual conference on USENIX Annual Technical Conference, ATEC '05.

Digital Library

[23]

L. Bilge and T. Dumitras. Before we knew it: an empirical study of zero-day attacks in the real world. In Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12.

Digital Library

[24]

H. Chen, R. Chen, F. Zhang, B. Zang, and P.-C. Yew. Live updating operating systems using virtualization. In Proceedings of the 2nd international conference on Virtual execution environments, VEE '06.

Digital Library

[25]

C. Clark, K. Fraser, S. Hand, J. G. Hansen, E. Jul, C. Limpach, I. Pratt, and A. Warfield. Live migration of virtual machines. In Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - volume 2, NSDI'05.

Digital Library

[26]

R. S. Fabry. How to design a system in which modules can be changed on the fly. In Proceedings of the 2nd international conference on Software engineering, ICSE '76.

Digital Library

[27]

O. Frieder and M. E. Segal. On dynamically updating a computer program: from concept to prototype. J. Syst. Softw.

Digital Library

[28]

C. Giuffrida, A. Kuijsten, and A. S. Tanenbaum. Safe and automatic live update for operating systems. In Proceedings of the Eighteenth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '13.

Digital Library

[29]

D. Gupta and P. Jalote. On line software version change using state transfer between processes. Softw. Pract. Exper.

Digital Library

[30]

D. Gupta, P. Jalote, and G. Barua. A formal framework for on-line software version change. IEEE Trans. Softw. Eng.

Digital Library

[31]

M. Hicks and S. Nettles. Dynamic software updating. ACM Trans. Program. Lang. Syst.

Digital Library

[32]

O. Krieger, M. Auslander, B. Rosenburg, R. W. Wisniewski, J. Xenidis, D. Da Silva, M. Ostrowski, J. Appavoo, M. Butrico, M. Mergen, A. Waterland, and V. Uhlig. K42: Building a complete operating system. In Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006, EuroSys '06.

Digital Library

[33]

K. Makris and R. A. Buzzi. Immediate multi-threaded dynamic software updates using stack reconstruction. In Proceedings of the 2009 USENIX Annual Technical Conference, USENIX '09.

Digital Library

[34]

J. Moore. Hot patching in the unix kernel.

[35]

I. Neamtiu, M. Hicks, J. S. Foster, and P. Pratikakis. Contextual effects for version-consistent dynamic software updating and safe concurrent programming. In Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages, POPL '08.

Digital Library

[36]

A. Ramaswamy, S. Bratus, S. Smith, and M. Locasto. Katana: A hot patching framework for elf executables. In Availability, Reliability, and Security, 2010. ARES '10 International Conference on.

[37]

M. E. Segal and O. Frieder. Dynamic program updating: a software maintenance technique for minimizing software downtime. Journal of Software Maintenance.

Digital Library

[38]

M. E. Segal and O. Frieder. On-the-fly program modification: Systems for dynamic updating. IEEE Softw.

Digital Library

[39]

V. Soundararajan and J. M. Anderson. The impact of management operations on the virtualized datacenter. In Proceedings of the 37th annual international symposium on Computer architecture, ISCA 2010.

Digital Library

Cited By

Mo CWang LLi SHu KJiang B(2023)Rust-Shyper: A reliable embedded hypervisor supporting VM migration and hypervisor live-updateJournal of Systems Architecture10.1016/j.sysarc.2023.102948142(102948)Online publication date: Sep-2023
https://doi.org/10.1016/j.sysarc.2023.102948
Segalini ALopez Pacheco DUrvoy-Keller GHermenier FJacquemart Q(2022)Hy-FiX: Fast In-Place Upgrades of KVM HypervisorsIEEE Transactions on Cloud Computing10.1109/TCC.2021.305659010:4(2679-2690)Online publication date: 1-Oct-2022
https://doi.org/10.1109/TCC.2021.3056590
Li SWang LHu KMo CJiang B(2022)VM Migration and Live-Update for Reliable Embedded HypervisorDependable Software Engineering. Theories, Tools, and Applications10.1007/978-3-031-21213-0_4(53-69)Online publication date: 11-Dec-2022
https://doi.org/10.1007/978-3-031-21213-0_4
Show More Cited By

Index Terms

Swap and Play: Live Updating Hypervisors and Its Application to Xen
1. Software and its engineering
  1. Software organization and properties
    1. Contextual software domains
      1. Operating systems

Recommendations

My VM is Lighter (and Safer) than your Container
SOSP '17: Proceedings of the 26th Symposium on Operating Systems Principles

Containers are in great demand because they are lightweight when compared to virtual machines. On the downside, containers offer weaker isolation than VMs, to the point where people run containers in virtual machines to achieve proper isolation. In this ...
Container-based operating system virtualization: a scalable, high-performance alternative to hypervisors
EuroSys '07: Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007

Hypervisors, popularized by Xen and VMware, are quickly becoming commodity. They are appropriate for many usage scenarios, but there are scenarios that require system virtualization with high degrees of both isolation and efficiency. Examples include ...
Evaluating virtual router performance for a pluralist future internet
ICICS '12: Proceedings of the 3rd International Conference on Information and Communication Systems

Internet Service Providers resist innovating in the network core, fearing that deploying a new protocol or service compromises the network operation and their profit, as a consequence. Therefore, a new Internet model, called Future Internet, which ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCSW '14: Proceedings of the 6th edition of the ACM Workshop on Cloud Computing Security

November 2014

160 pages

ISBN:9781450332392

DOI:10.1145/2664168

General Chair:
Gail-Joon Ahn
Arizona State University, USA
,
Program Chairs:
Alina Oprea
RSA Laboratories, USA
,
Reihaneh Safavi-Naini
University of Calgary, Canada

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'14

Sponsor:

SIGSAC

CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security

November 7, 2014

Arizona, Scottsdale, USA

Acceptance Rates

CCSW '14 Paper Acceptance Rate 12 of 36 submissions, 33%;

Overall Acceptance Rate 37 of 108 submissions, 34%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
351
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)1

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Mo CWang LLi SHu KJiang B(2023)Rust-Shyper: A reliable embedded hypervisor supporting VM migration and hypervisor live-updateJournal of Systems Architecture10.1016/j.sysarc.2023.102948142(102948)Online publication date: Sep-2023
https://doi.org/10.1016/j.sysarc.2023.102948
Segalini ALopez Pacheco DUrvoy-Keller GHermenier FJacquemart Q(2022)Hy-FiX: Fast In-Place Upgrades of KVM HypervisorsIEEE Transactions on Cloud Computing10.1109/TCC.2021.305659010:4(2679-2690)Online publication date: 1-Oct-2022
https://doi.org/10.1109/TCC.2021.3056590
Li SWang LHu KMo CJiang B(2022)VM Migration and Live-Update for Reliable Embedded HypervisorDependable Software Engineering. Theories, Tools, and Applications10.1007/978-3-031-21213-0_4(53-69)Online publication date: 11-Dec-2022
https://doi.org/10.1007/978-3-031-21213-0_4
Tatashin PMoloney W(2021)In-Place VM Migration for Fast Update of Hypervisor StackIntelligent Computing10.1007/978-3-030-80119-9_29(483-493)Online publication date: 13-Jul-2021
https://doi.org/10.1007/978-3-030-80119-9_29
Juneja NSingh CTuli K(2020)Energy Management Techniques for Cloud Based EnvironmentInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology10.32628/CSEIT206293(287-294)Online publication date: 2-Apr-2020
https://doi.org/10.32628/CSEIT206293
Estrada-Solano FCaicedo ODa Fonseca N(2020)NELLY: Flow Detection Using Incremental Learning at the Server Side of SDN-Based Data CentersIEEE Transactions on Industrial Informatics10.1109/TII.2019.294729116:2(1362-1372)Online publication date: Feb-2020
https://doi.org/10.1109/TII.2019.2947291
Doddamani SSinha PLu HCheng TBagdi HGopalan KSartor JNaik MRossbach C(2019)Fast and live hypervisor replacementProceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments10.1145/3313808.3313821(45-58)Online publication date: 14-Apr-2019
https://dl.acm.org/doi/10.1145/3313808.3313821
Bagdi HKugve RGopalan K(2017)HyperFreshProceedings of the 8th Asia-Pacific Workshop on Systems10.1145/3124680.3124734(1-8)Online publication date: 2-Sep-2017
https://dl.acm.org/doi/10.1145/3124680.3124734
Samant DBellur U(2016)Handling Boot Storms in Virtualized Data Centers—A SurveyACM Computing Surveys10.1145/293270949:1(1-36)Online publication date: 14-Jun-2016
https://dl.acm.org/doi/10.1145/2932709

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten