This Article 
 Bibliographic References 
 Add to: 
An Effective Memory Optimization for Virtual Machine-Based Systems
Oct. 2011 (vol. 22 no. 10)
pp. 1705-1713
Duy Le, The College of William and Mary, Williamsburg
Haining Wang, The College of William and Mary, Williamsburg
Utilizing the popular virtualization technology (VT), users can benefit from server consolidation on high-end systems and flexible programming interfaces on low-end systems. In these virtualization environments, the intensive memory multiplexing for I/O of Virtual Machines (VMs) significantly degrades system performance. In this paper, we present a new technique, called Batmem, to effectively reduce the memory multiplexing overhead of VMs and emulated devices by optimizing the operations of the conventional emulated Memory Mapped I/O in Virtual Machine Monitor (VMM)/hypervisor. To demonstrate the feasibility of Batmem, we conduct a detailed taxonomy of the memory optimization on selected virtual devices. We evaluate the effectiveness of Batmem in Windows and Linux systems. Our experimental results show that 1) for high-end systems, Batmem operates as a component of the hypervisor and significantly improves the performance of the virtual environment, and 2) for low-end systems, Batmem could be exploited as a component of the VM-based malware/rootkit (VMBR) and cloak malicious activities from users' awareness.

[1] P. Padala, X. Zhu, Z. Wang, S. Singhal, and K.G. Shin, "Performance Evaluation of Virtualization Technologies for Server Consolidation," Technical Report HPL-2007-59, HP Labs, 2007.
[2] M.R. Marty and M.D. Hill, "Virtual Hierarchies to Support Server Consolidation," ACM SIGARCH Computer Architecture News, vol. 35, no. 2, 2007.
[3] S.T. King, P.M. Chen, Y.-M. Wang, C. Verbowski, H.J. Wang, and J.R. Lorch, "SubVirt: Implementing Malware with Virtual Machines," Proc. IEEE Symp. Security and Privacy (SP '06), 2006.
[4] J. Rutkowska, "Introducing Blue Pill," June 2006, 06introducing-blue-pill.html, Oct. 2010.
[5] A. Kivity, Y. Kamay, D. Laor, U. Lublin, and A. Liguori, "kvm: The Linux Virtual Machine Monitor," Proc. Linux Symp., 2007.
[6] P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield, "Xen and the Art of Virtualization," Proc. 19th ACM Symp. Operating Systems Principles (SOSP '03), 2003.
[7] "Lguest: The Simple x86 Hypervisor," http:/, Oct. 2010.
[8] P.E. McKenney, "Memory Ordering in Modern Microprocessors, Part II," Linux J., vol. 2005, no. 137, p. 5, 2005.
[9] R. Huggahalli, R. Iyer, and S. Tetrick, "Direct Cache Access for High Bandwidth Network I/O," ACM SIGARCH Computer Architecture News, vol. 33, no. 2, 2005.
[10] L. Xia, J. Lange, P. Dinda, and C. Bae, "Investigating Virtual Passthrough I/O on Commodity Devices," ACM SIGOPS Operating Systems Rev., vol. 43, no. 3, pp. 83-94, 2009.
[11] P.R. Wilson, S.F. Kaplan, and Y. Smaragdakis, "The Case for Compressed Caching in Virtual Memory Systems," Proc. Ann. Conf. USENIX Ann. Technical Conf. (ATEC '99), 1999.
[12] D. Gupta, S. Lee, M. Vrable, S. Savage, A.C. Snoeren, G. Varghese, G.M. Voelker, and A. Vahdat, "Difference Engine: Harnessing Memory Redundancy in Virtual Machines," Proc. Eighth USENIX Symp. Operating System Design and Implementation (OSDI), 2008.
[13] "Run-Length Encoding Algorithm," info/AlgorithmsRLE , Oct. 2010.
[14] R. Riley, X. Jiang, and D. Xu, "Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing," Proc. 11th Int'l Symp. Recent Advances in Intrusion Detection (RAID '08), 2008.
[15] X. Chen, J. Andersen, Z.M. Mao, M. Bailey, J. Nazario, and F.J. Zhang, "Towards an Understanding of Anti-Virtualization and Anti-Debugging Behavior in Modern Malware," Proc. IEEE Int'l Conf. Dependable Systems and Networks with FTCS and DCC (DSN '08), 2008.
[16] H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda, "Panorama: Capturing System-Wide Information Flow for Malware Detection and Analysis," Proc. 14th ACM Conf. Computer and Comm. Security (CCS '07), 2007.
[17] B.D. Payne, M. Carbone, M. Sharif, and W. Lee, "Lares: An Architecture for Secure Active Monitoring Using Virtualization," Proc. IEEE Symp. Security and Privacy (SP '08), 2008.
[18] S.T. King, J. Tucek, A. Cozzie, C. Grier, W. Jiang, and Y. Zhou, "Designing and Implementing Malicious Hardware," Proc. First USENIX Workshop Large-Scale Exploits and Emergent Threats (LEET '08), 2008.
[19] S. Embleton, S. Sparks, and C. Zou, "Smm Rootkits: A New Breed of OS Independent Malware," Proc. Fourth Int'l Conf. Security and Privacy in Comm. Networks (SecureComm '08), 2008.
[20] "kvm: Coalescent Writes to MMIO," msg00296.html, Oct. 2010.
[21] J.R. Santos, Y. Turner, G. Janakiraman, and I. Pratt, "Bridging the Gap between Software and Hardware Techniques for I/O Virtualization," Proc. USENIX Ann. Technical Conf. (ATC '08), June 2008.
[22] Y. Endo, Z. Wang, J.B. Chen, and M. Seltzer, "Using Latency to Evaluate Interactive System Performance," Proc. Second USENIX Symp. Operating Systems Design and Implementation (OSDI '96), 1996.
[23] J.W. Palmer, "Web Site Usability, Design, and Performance Metrics," Information Systems Research, vol. 13, no. 2, pp. 151-167, 2002.
[24] "Vlogger at the Hacker's Choice,", Oct. 2010.
[25] "NLANR/DAST: Iperf—The TCP/UDP Bandwidth Measurement Tool,", Oct. 2010.
[26] "Superscape 3D VGA Benchmark," , Oct. 2010.
[27] "SiSoftware Sandra—Windows System Analyser," www.sisoft, Oct. 2010.
[28] "Bonnie++: File System Benchmarks," bonnie++, Oct. 2010.
[29] "AutoHotkey: Program with Hotkeys and AutoText," www., Oct. 2010.
[30] "Autokey: Text Replacement Tool for Linux," http:/autokey., Oct. 2010.
[31] P. Ferrie, "Attacks on Virtual Machine Emulators," Dec. 2006.
[32] T. Garfinkel, K. Adams, A. Warfield, and J. Franklin, "Compatibility Is Not Transparency: VMM Detection Myths and Realities," Proc. 11th USENIX Workshop Hot Topics in Operating Systems (HOTOS '07), 2007.
[33] "Kernel TRAP—KVM: Detect if VCPU Triple Faults," 2008/4/271622284, Oct. 2010.

Index Terms:
Memory management, virtual machine, security.
Duy Le, Haining Wang, "An Effective Memory Optimization for Virtual Machine-Based Systems," IEEE Transactions on Parallel and Distributed Systems, vol. 22, no. 10, pp. 1705-1713, Oct. 2011, doi:10.1109/TPDS.2011.37
Usage of this product signifies your acceptance of the Terms of Use.