About the Event
This thesis studies the mitigation of the performance and security interference between guest virtual machines (VMs) in public clouds. The goal is to characterize the impact of VM interference, uncover the root cause of the negative impact, and design novel techniques to mitigate such impact. The central premise of this thesis is that by identifying the shared resources that causes the VM interference and by exploiting the properties of the workloads that share these resources with adapted scheduling policies, public cloud services can reduce resource contention between guests and hence mitigate their interference. Current techniques for contention reduction and interference mitigation overlook the virtualization semantic gap between the cloud host infrastructure and guest virtual machines and the unique challenges posed by the multi-tenancy service model necessary to support public cloud services.
This thesis deals with both performance and security interference problems. It characterizes the impact of VM interference on inter-VM network latency using live measurements in a real public cloud and studies the root cause of the negative impact with controlled experiments on a local testbed. Two methods of improving the inter-VM network latency are explored. The first approach is a guest-centric solution that exploits the properties of application workloads to avoid interference without any support from the underlying host infrastructure. The second approach is a host-centric solution that adapts the scheduling policies for the contented resources that cause the interference without guest cooperation. Similarly, the characteristics of cache-based cross-VM attacks are studied in detail using both live cloud measurements and testbed experiments. To mitigate this security interference, a partition-based VM scheduling system is designed to reduce the effectiveness of these cache-based attacks.