Consistent Offline Update of Suspended Virtual Machines in Clouds

In Infrastructure-as-a-Service clouds, there exist many virtual machines (VMs) that are not used for a long time. For such VMs, many vulnerabilities are often found in installed software while VMs are suspended. If security updates are applied to such VMs after the VMs are resumed, the VMs easily suffer from attacks via the Internet. To solve this problem, offline update of VMs has been proposed, but some approaches have to permit cloud administrators to resume users\u27 VMs. The others are applicable only to completely stopped VMs and often corrupt virtual disks if they are applied to suspended VMs. In addition, it is sometimes difficult to accurately emulate security updates offline. In this paper, we propose OUassister, which enables consistent offline update of suspended VMs. OUassister emulates security updates of VMs offline in a non-intrusive manner and applies the emulation results to the VMs online. This separation prevents virtual disks of even suspended VMs from being corrupted. For more accurate emulation of security updates, OUassister provides an emulation environment using a technique called VM introspection. Using this environment, it automatically extracts updated files and executed scripts. We have implemented OUassister in Xen and confirmed that the time for critical online update was largely reduced.IEEE 17th International Conference on Dependable, Autonomic and Secure Computing / IEEE 17th International Conference on Pervasive Intelligence and Computing / IEEE 5th International Conference on Cloud and Big Data Computing / IEEE 4th Cyber Science and Technology Congress(DASC-PICom-CBDCom-CyberSciTech 2019), August 5-8 2019, Fukuoka, Japa

Prevention of a DoS Attack with Copy-on-write in the Overlay Filesystem

Recently, containers are widely used for lightweight virtualization. A container usually uses a disk image that stacks a thin writable layer on top of a read-only image layer. For this layering, a filesystem called OverlayFS is often used. To modify a file in the read-only lower layer, OverlayFS first copies the entire file to the upper layer and then writes requested data to it. This copy-on-write suspends a container for a long time and consumes the disk space of the upper layer when the size of the target file is large. If large files are intentionally modified by attackers, a potential denial-of-service (DoS) attack can be mounted. This paper proposes a new filesystem, called TranslayFS, based on OverlayFS to prevent this type of DoS attack. TranslayFS creates only a special file called a sparse file in the upper layer when a container modifies a file in the lower layer for the first time. Using this file, it holds only modified file data in the upper layer without copying the entire file. It returns the modified part of the file from the upper layer and the unmodified part from the lower layer. We have implemented TranslayFS in the Linux kernel and confirmed that TranslayFS could dramatically reduce the latency in the first write to a file, so that the DoS attack was not possible.19th IEEE International Conference on Dependable, Autonomic & Secure Computing (DASC 2021), October 25-28, 2021, Virtual Conferenc

Migration Performance for Legacy Data Access

We present performance data relating to the use of migration in a system we are creating to provide web access to heterogeneous document collections in legacy formats. Our goal is to enable sustained access to collections such as these when faced with increasing obsolescence of the necessary supporting applications and operating systems. Our system allows searching and browsing of the original files within their original contexts utilizing binary images of the original media. The system uses static and dynamic file migration to enhance collection browsing, and emulation to support both the use of legacy programs to access data and long-term preservation of the migration software. While we provide an overview of the architectural issues in building such a system, the focus of this paper is an in-depth analysis of file migration using data gathered from testing our software on 1,885 CD-ROMs and DVDs. These media are among the thousands of collections of social and scientific data distributed by the United States Government Printing Office (GPO) on legacy media (CD-ROM, DVD, floppy disk) under the Federal Depository Library Program (FDLP) over the past 20 years

OverlayFSを用いたコンテナに対するサービス妨害攻撃の防止

近年，Dockerなどのコンテナ型仮想化が注目を浴びている．コンテナではOverlayFSと呼ばれるファイルシステムがよく用いられる．読み込み専用の共通ディスクイメージ（下層）の上に書き込み可能な個別のディスクイメージ（上層）を重ねることができるが，ファイルを書き換える際に，下層にあるファイル全体が上層にコピーされるため，データベースのようにファイルサイズが大きい場合にはオーバヘッドが大きい．このコピー・オン・ライト機能を悪用されると，コンテナ内で意図的に巨大なファイルを書き換えることよりサービス妨害攻撃を引き起こされる可能性がある．本稿では，これを防ぐために新しいファイルシステムTranslayFSを提案する．これは，ファイルの書き換え時にスパースファイルと呼ばれる特殊なファイルを作成し，書き換え部分のみを上層に保持することでファイル全体を一括コピーしないようにする．ファイルの読み込みは，上層にデータが保存されていれば上層から，それ以外のデータについては下層から行う．我々はTranslayFSをLinuxカーネルに実装し，ファイル書き換え時の遅延を削減できることを確認した．コンピュータセキュリティシンポジウム2018（CSS 2018）, 2018年10月22日-25日, 長野市, 日

Fine-grained Autoscaling with In-VM Containers and VM Introspection

Clouds often provides a mechanism called autoscaling to deal with load increases of services running in virtual machines (VMs). When a VM is overloaded, scale-out is performed and automatically increases the number of VMs. However, when multiple services run in one VM, the entire VM is always scaled out even if only one service is over-utilized. In this case, only an over-utilized service should be scaled out, but it is not easy for clouds to accurately monitor the resource usage of services inside VMs. This paper proposes Ciel, which runs each service in a container created inside a VM for separation of services and enables fine-grained autoscaling of VMs. Using VM introspection, Ciel accurately monitors the resource usage of each in-VM container from the outside of a VM in a non-intrusive manner. If it detects an overloaded in-VM container, it creates a new VM of minimum size and boots only the container that needs to be scaled out in the VM. This can minimize both the cost of the VM and the time taken for scale-out. We have implemented Ciel using Xen and Docker and showed the effectiveness.2020 IEEE/ACM 13th International Conference on Utility and Cloud Computing (UCC 2020), 7–10 December, 2020, Leicester, UK（オンライン開催に変更

File system unification using LatticeFS

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2009.Includes bibliographical references (p. 57-58).LatticeFS is a namespace unification system designed to merge multiple source file systems into a single working file system. atticeFS can be used to merge multiple software package directories, work with multiple file systems as if they are one, and share a single storage medium among multiple machines. On a high level, LatticeFS takes as input an arbitrary number of file system paths, and mounts a new virtual drive that will appear to the user as a union of the input file systems. Of course, attempting to combine multiple file systems will inevitably be met with conflicts. Situations in which multiple input file systems contain files/directories with the same name will be common in large systems; which file/directory should the user be exposed to in this case? Previous work such as UnionFS solved the problem by giving each input file system a strict priority value, and when a conflict occurred, the file/directory with the highest priority was the one shown to the user. In LatticeFS, we have introduced a plug-in system in which different strategies for resolving conflicts can be easily swapped in and out; additionally, handlers for special file types can also be "plugged" into the system. This paper describes and evaluates all aspects of LatticeFS in detail.by Yang Su.M.Eng

A File System Component Compiler

File System development is a difficult and time consuming task, the results of which are rarely portable across operating systems. Several proposals to improve the vnode interface to allow for more flexible file system design and implementation have been made in recent years, but none is used in practice because they require costly fundamental changes to kernel interfaces, only operating systems vendors can make those changes, are still non-portable, tend to degrade performance, and do not appear to provide immediate return on such an investment. This proposal advocates a language for describing file systems, called FiST. The associated translator can generate portable C code — kernel resident or not — that implements the described file system. No kernel source code is needed and no existing vnode interface must change. The performance of the file systems automatically generated by FiST can be within a few percent of comparable hand-written file systems. The main benefits to automation are that development and maintenance costs are greatly reduced, and that it becomes practical to prototype, implement, test, debug, and compose a vastly larger set of such file systems with different properties. The proposed thesis will describe the language and its translator, use it to implement a few file systems on more than one platform, and evaluate the performance of the automatically generated code

File system metadata virtualization

The advance of computing systems has brought new ways to use and access the stored data that push the architecture of traditional file systems to its limits, making them inadequate to handle the new needs. Current challenges affect both the performance of high-end computing systems and its usability from the applications perspective. On one side, high-performance computing equipment is rapidly developing into large-scale aggregations of computing elements in the form of clusters, grids or clouds. On the other side, there is a widening range of scientific and commercial applications that seek to exploit these new computing facilities. The requirements of such applications are also heterogeneous, leading to dissimilar patterns of use of the underlying file systems. Data centres have tried to compensate this situation by providing several file systems to fulfil distinct requirements. Typically, the different file systems are mounted on different branches of a directory tree, and the preferred use of each branch is publicised to users. A similar approach is being used in personal computing devices. Typically, in a personal computer, there is a visible and clear distinction between the portion of the file system name space dedicated to local storage, the part corresponding to remote file systems and, recently, the areas linked to cloud services as, for example, directories to keep data synchronized across devices, to be shared with other users, or to be remotely backed-up. In practice, this approach compromises the usability of the file systems and the possibility of exploiting all the potential benefits. We consider that this burden can be alleviated by determining applicable features on a per-file basis, and not associating them to the location in a static, rigid name space. Moreover, usability would be further increased by providing multiple dynamic name spaces that could be adapted to specific application needs. This thesis contributes to this goal by proposing a mechanism to decouple the user view of the storage from its underlying structure. The mechanism consists in the virtualization of file system metadata (including both the name space and the object attributes) and the interposition of a sensible layer to take decisions on where and how the files should be stored in order to benefit from the underlying file system features, without incurring on usability or performance penalties due to inadequate usage. This technique allows to present multiple, simultaneous virtual views of the name space and the file system object attributes that can be adapted to specific application needs without altering the underlying storage configuration. The first contribution of the thesis introduces the design of a metadata virtualization framework that makes possible the above-mentioned decoupling; the second contribution consists in a method to improve file system performance in large-scale systems by using such metadata virtualization framework; finally, the third contribution consists in a technique to improve the usability of cloud-based storage systems in personal computing devices.Postprint (published version