Analysis memory allocation between virtual machine as venerability for hypervisor Текст научной статьи по специальности «Компьютерные и информационные науки»

Section 2. Information technology

DOI: http://dx.doi.org/10.20534/AJT-16-11.12-9-13

Bukharaev Nail Dr., Candidate of Physics-Mathematical Sciences Associate professor in the Department of programming technologies. Kazan Federal University. Russia E-mail: boukharay@gmail.com Altaher Ammar Wisam, PhD Student in the Department of programming technologies

Kazan Federal University. Russia E-mail: Smart.computing@yahoo.com

Analysis memory allocation between virtual machine as venerability for hypervisor

Abstract: In this paper we will give a complete description hypervisor concept. In addition, we will allocate the major types of it, we also give a technical description of the main elements.

Earlier the cloud computing became popular relatively recently, due to the fact that they provide sufficiently large computing power. The client should not buy expensive equipment, you just "renting" it for a certain period, the customer required. Below, we present the basic terms that describe the essence of cloud computing.

The aim of our research is to review the weakness of memory allocation types for virtual machine and how it could lead to possible attacks on the hypervisor, and also answering the question why hyper-v is important to use? We will examine the most common types of hypervisors that can be installed on an ordinary personal computer. That corresponds to the characteristics of Microsoft Hyper-V, an example of the hypervisor.

Keywords: hypervisor; cloud computing; virtualization.

Introduction that virtualization — this situation can also lead to er-

Threats subject to a system of virtual environment rors in the risk assessment. All this must be considered management, in particular, the server and client software when creating a comprehensive system of protection in components that enable locally or remotely control the the case of virtualization mechanisms. settings of the hypervisor and virtual machines. Sami vir- 1. Hypervisor

tual machines due to the fact that its membership include We must now consider the internal structure of

system and application software, and is also quite vulner- cloud computing. As follows from the description able with solutions that are integrated into the virtual above, the cloud is a set of hardware and software. platform and aim to ensure the safety of multiple virtual The software installed on this software should be fast machines, some of their components can be protected. enough to provide resources computer system to indi-The great danger is that the owner of the information, for vidual customer's request. For this purpose it was de-example, just does not know about the fact ofvirtualiza- veloped virtualization technology. tion and therefore do not take into account the risks, or Virtualization is usually applied to physical hard-

knows about it, but has no information about the device ware resources by combining multiple physical resourc-

es into shared pools from which users receive virtual resources. With virtualization, one physical resource can be made several virtual.

Moreover, virtual resources can have functions or features that are absent in the original physical resources.

The main element of cloud computing is the hy-pervisor. Hypervisor — a specialized operating system that is responsible for the allocation of resources. The scheme can be represented by the hypervisor Unlike conventional operating system follows.

App1

Bins/Libs

Guest OS

App2

Bins/Libs

Guest OS

App 3

Bins/Libs

Guest OS

Hypervisor

Host Operating System

Infrastructure

Figure 1. Organization of the virtual machine

1.1 Overview of hypervisors

There are two types of hypervisors:

• Type 1 hypervisors.

• Type 2 hypervisors.

Type 1 hypervisors run directly on the system hardware. Type 2 hypervisors run on top of the base operating system, which provides virtualization services, such as support for I/O and memory management.

Figure 2. Types

1.2 Client hypervisors

Microsoft Hyper-V — referred to as hypervisors first type, that is, running a hypervisor on the "bare metal".

Hypervisors first type of technologically more complex, but also more effective in the sense that they provide a minimum overhead and maximum isolation of virtual machines. Because they have won recognition in a server environment.

Type 2

of hypervisors

Microsoft hypervisor requires a parent or root OS (also sometimes say "section"), in which he actually built. This OS, respectively, is in a special situation, in particular, even though it partly virtualized, but still has access to the graphics accelerator and other components.

1.3 Memory Management

The main objective of the virtual machine is to allocate resources for the user depending on his needs.

Particular attention here should be paid to the memory allocation. This is one of the key points in the organization's security during the use of virtual computing.

Typically, only one physical server can be used to create multiple virtual machines. There are several approaches to allocate memory.

• Sharing memory between processes "pages sharing";

• Dynamic memory allocation at runtime;

• data compression.

The problem statement

The problem statement examining memory allocation and other resources with Investigation of how this weakness lead to attacks on the hypervisor.

Memory allocation From our point of view, As the tasks using the Same Physical a memory across the virtual machines, could be a risk for security of Our the data. For how of CAN we use the Same index in Different machines in the Same way the if we Constantly reallocate the a memory Between Processes, we will of the BE Able to the read the data from another virtual machine.

For example "Memory page creation" Typically, the process of memory allocation in a virtual machine. For example, the area is allocated in the memory "pages", which manages and hypervisor. If the amount of memory is not enough for all the processes that allowed the same page multiple processes. In this case, it is determined whether there are processes running on the same data. In this case, two different memory pages are combined into one. The process also creates two pointers to the same memory. If one process modifies the data on one page, the second pointer is overwritten.

1.3.1 Separation memory

The most common is another method of memory allocation, namely the allocation of a separate address space for each process.This method is similar to the allocation of memory for each application. Thus, each user is allocated a separate physical disk space. This memory itself is abstracted from the physical media. Thus, the memory can be used in various processes.

Disadvantage this memory allocation can greatly overload the processor. It turns out that we must keep in mind not only the virtual and physical address data, but also, and more links to this memory for a virtual machine

1.3.2 Allocation

However, this method of memory allocation can not be efficient from the point of view that the hypervisor can not effectively manage such a memory allocation. For example, one virtual machine there is an overabundance of memory (memory is not used) to another

machine, there is its deficit. With this memory management, in fact, it is impossible to keep track of the current memory status of each machine. In order to make the process more efficient memory allocation method called "balooning" was created or otherwise "inflation" memory. To use this method, you a must the install a memory-remapping driver on the virtual machine. With this a case, the special driver monitors the state of a memory in the virtual machines. If one's of the machines a memory Shortage Occurs, the virtual machine signals this special driver. After that the driver keeps track of memory usage in other virtual machines, and then unlocks the memory is not used in other virtual machines.

1.3.3 Chaotic exchange memory

There is another way to allocate a memory. This method assumes if one's of the virtual machines of might the BE an acute Shortage of a memory, the then there is a Chaotic Exchange of a memory pages in the Physical of layer. There are Different Approaches to the selection of a memory pages the Exchange for, Including a Chaotic Exchange. This Approach CAN load the hypervisor large enough to SLOW down and Calculation Computation process, a memory and the optimization of result not the BE CAN Achieved.

1.3.4 Memory Compression

Sharing a memory Between the virtual machines process is quite Difficult and not safe. Therefore, a memory the compression method is USED more often the. Of The hypervisor Could the compress the data of one's page in the half, and the then the put the this page on your of hard drive and the save IT. HOWEVER, this situation the in, we Obtain the Physical address to the virtual machine's a memory. Hypervisors to have the save to your pages of hard drive partitions, as with not all of the pages of twice CAN the BE compressed.

2. Proposed Solutions

As we CAN see, the Exchange of the data between the virtual machines is the Same entity with the transmission of the data on the of Internet. THUS, the virtual networks have some Inherent security Issues with a Conventional network. and this attacks "the man on the gray one's" packet sniffing and could lead to the hypervisor attack.fTom the point of our view the solution could be using the Hyper-V with the smart page for Packing and assigning addresses because In Microsoft Hyper-V R2 Service Pack 1, the Dynamic Memory feature uses a memory-ballooning process that is similar to VMware vSphere's. Built into Hyper-V's Integration Components is a guest kernel enlightenment that allows a VM to communicate with the host to recognize which

memory pages are (and are not) in use. As such, the host can add and remove guest memory as required. As we will define it below.

2.1 "Smart Pages"in Hyper-V

Of The Hyper-the V the hypervisor is Provided the following method of a memory allocation. Of The Fact That in the standard situation, the when a the virtual machine STARTS up closeup, the maximum size bed of a memory Allocated. a sufficiently large amount of a memory is not USED, the virtual machine can restart with a smaller memory size.

Approach has Been This added to the Windows Server 2012. This method adapts the virtual machine for a memory of a case each use. This method Ensures That there will of the BE enough a memory required for the correct operation of the machine. Of course the, this method is not convenient Because that it is necessary to restart the virtual machine, which can cause the system to crash.

Memory in the hyper-V consists of the following components:

The Startup the RAM — a parameter specifies the required a memory for the virtual machine the start. During working installation, the parameter Should to take Into account That the a memory Should BE enough to the start the virtual machine, and the amount of a memory Should BE minimized to enough a memory for OTHER virtual machines.

The RARAM the Minimum -. Determines the minimum amount of the BE a memory That a must Allocated to the virtual machine a the after the virtual machine STARTS of The ofvalue may BE the set just 32 MB from the maximum value.

The Maximum the RAM - Specifies the maximum amount of a memory That CAN the BE USED by the virtual machine. It CAN to take from a minimum of value up closeup to 1 the TB It Should BE Borne in yet Mind That the if the guest the operating system CAN only work with 32 GB of memory, and this option is set to 64 GB, the virtual machine will use a total of 32 GB.

The Memory buffer — a parameter determines how of much a memory you need to the allocate an Additional guest the operating system. Depending on the PERCENTAGE of the original a memory. With In the Hyper-the V, there are performance counters Database the calculate the Actual Primary a memory USED in applications. Then statement Performed a memory calculation you want to add.

The following formula is used to compute this parameter:

- the amount of memory to be added = how much memory you really need/ (size of the buffer memory/100);

Memory weight — a method by which the Hyper-

V may determine how to allocate the required memory between virtual machines.

- in the Hyper-the V the Windows Server 2012 will of the BE available through to two Mechanisms: the Generic the Routing Encapsulation and the IP Rewrite. Let Briefly examine each of Them.

2.1.1 Generic Routing Encapsulation

This approach forms GRE tunnels between the Hy-per-V hosts in order to capture virtualized networks using details described in the NVGRE Draft RFC document. NVGRE can be applied across current physical network without demanding changes to physical network Switch architecture. If our firewall is blocking the GRE tunnels in the middle of the sites, we should configure firewalls to support the forwarding GRE tunnel traffic. In short, Server virtualization is very good technology that has started to gain momentum. Server virtualization is the covering of resources of server, including identity and number of separate physical servers, operating systems, processor from users of server. The virtual environments are also known as virtual private servers, guests, containers, instances and emulations. Yes, we will move forward with the implementation of virtual infrastructure because there are a lot of advantages of Hyper-V Network Virtualization over Traditional VLANs that are:

• Limited Scalability;

• Configuration complexity and cost;

• Constrained to single subnet;

• Cross-subnet live migration of Virtual machines;

• VM Portability and IP Address across premises and subnets;

• Multi-tenancy with overlapping IP address ranges.

2.1.2 IP Rewrite

Second Mechanism for Their Ideology is Somewhat simpler. Each the CA-address is Assigned a unique constraint the PA-address. For When the package leaves the virtual machine the host the Hyper-the V replaces the IP-the header packet the CA-the PA-address on the address and Sends the packet to the network a. of the Receiving the host PERFORMS to inverse the change in addresses is, and Delivers the packet. ofAs the algorithm Described, on each Physical the host with the Hyper-the

V role a must BE configured as with the PA-in addresses is as with the CA-in addresses is USED in all the running on a Given host virtual machines using the network virtualization.

Conclusion

With In this paper, we Looked AT the internal, structure of the hypervisor. Organization of Interaction Between the parent partition, and the virtual machines. one important question found here is - a memory allocation for a the virtual machine. This "leakage" of a memory from one's the virtual machine to another leads to the "theft" of confidential data.

The second weakness of virtualization is possible vulnerabilities in data transmission between devices

and processes between the virtual machines and the parent partition. This exchange of information should be hidden from prying processes hosted on the same machine. To do this, use a VPN connection between the outside of the Processes the virtual machine. HOWEVER, using the known Vulnerabilities in this transfer, we CAN the access the information circulates inside the virtual machine, and our recommendation was using the Hyper-V because of its mechanism for data transmission.

References:

1. In Virtualization the Windows 8: a built the Hyper-V - the access free: URL: http://www.ixbt.com/soft/win-dows-8-hyper-v.shtml

2. Of site of The Microsoft. The Description of the Hyper-V - the access free: URL: http://msdn.microsoft.com/ en-us/library/cc768520(v=bts.10).aspx

3. Website Habrahabr. The Description of the Hyper-V - the access free: the URL: http://habrahabr. Of Ru / the post / 98580

4. Protocol the Description the GRE and NVGRE - the access free: URL: http://tools.ietf.org/html/draft-srid-haran-virtualization-nvgre-00

5. The Microsoft Virtualization Solutions 'of The' Understanding (of Second Edition is is) / the Microsoft / 2010 g .

6. The virtualization hypervisors About. Website the IBM - the access free: URL: http://www.ibm.com/devel-operworks/ru/library/cl-hypervisorcompare/

7. Basil Malanin, manager Have by products for Center the Data, the Microsoft / Review, of the virtualization solutions from the Microsoft. - the TechNet

8. Morozov's from Dmitry, a specialist in solutions for the data center, the Microsoft /"the virtual and Physical Infrastructure management" - the TechNet

9. Virtualizing the vSphere, the Hyper - the V , the XenServer and Of Red Of Hat's's - free the access URL: http:// www.vmgu.ru/articles/Virtualnie-mashini-doma-iv-biznese

10. The Filosofiya education: "The structures the network: Virtualization the and Adaptation the in modern society " Publisher,: Siberian Branch is of the Russian Academy of Sciences (Novosibirsk)

11. URL: https://www.business.att.com/content/whitepaper/WP_Virt_16501_v4_7-11-08.pdf

12. URL: https://www.ibm.com/developerworks/aix/library/au-virtualizationagile

13. URL: https://habrahabr.ru/post/98580

14. URL: https://msdn.microsoft.com/en-us/library/cc768520(v=bts.10).aspx

15. URL: https://technet.microsoft.com/en-us/library/hh750394.aspx

16. URL: https://tools.ietf.org/html/draft-sridharan-virtualization-nvgre-00