Title :
A Secure System-Wide Process Scheduler across Virtual Machines
Author :
Tadokoro, Hidekazu ; Kourai, Kenichi ; Chiba, Shigeru
Author_Institution :
Dept. of Math. & Comput. Sci., Tokyo Inst. of Technol., Tokyo, Japan
Abstract :
Server consolidation using virtual machines (VMs) makes it difficult to execute processes as the administrators intend. A process scheduler in each VM is not aware of the other VM and schedules only processes in one VM independently. To solve this problem, process scheduling across VMs is necessary. However, such system-wide scheduling is vulnerable to denial-of-service (DoS) attacks from a compromised VM against the other VMs. In this paper, we propose the Monarch scheduler, which is a secure system-wide process scheduler running in the virtual machine monitor (VMM). The Monarch scheduler monitors the execution of processes and changes the scheduling behavior in all VMs. To change process scheduling from the VMM, it manipulates run queues and process states consistently without modifying guest operating systems. Its hybrid scheduling mitigates DoS attacks by leveraging performance isolation among VMs. We confirmed that the Monarch scheduler could achieve useful scheduling and the overheads were small.
Keywords :
scheduling; security of data; virtual machines; denial of service attack; guest operating system; hybrid scheduling; monarch scheduler; process scheduler; secure system; system wide scheduling; virtual machine monitor; DoS attacks; performance isolation; process scheduling; server consolidation; virtual machines;
Conference_Titel :
Dependable Computing (PRDC), 2010 IEEE 16th Pacific Rim International Symposium on
Conference_Location :
Tokyo
Print_ISBN :
978-1-4244-8975-6
Electronic_ISBN :
978-0-7695-4289-8
DOI :
10.1109/PRDC.2010.34
