Cache replacement algorithms are critical building blocks of storage systems. This paper examines the characteristics of metadata caches and argues that they inherently exhibit correlated references, even when the corresponding data accesses do not contain correlated references. The presence of correlated references reduces the effectiveness of cache replacement algorithms because these references are often mistakenly categorized as hot blocks. Clock2Q+ is specifically designed for metadata caches and has been implemented in vSAN and VDFS, two flagship storage products of VMware by Broadcom. Similar to S3-FIFO, Clock2Q+ uses three queues; however, Clock2Q+ introduces a correlation window in the Small FIFO queue, where blocks in this window do not set the reference bit. This simple enhancement allows Clock2Q+ to outperform state-of-the-art replacement algorithms. Compared to S3-FIFO, the second-best performing algorithm, Clock2Q+ achieves up to a 28.5% lower miss ratio on metadata traces. Clock2Q+ possesses the essential properties required for large-scale storage systems: it has low CPU overhead on cache hits, low memory overhead, scales efficiently to multiple CPUs, and is both ea
A study of VMware ESXi 5.1 server has been carried out to find the optimal set of parameters which suggest usage of different resources of the server. Feature selection algorithms have been used to extract the optimum set of parameters of the data obtained from VMware ESXi 5.1 server using esxtop command. Multiple virtual machines (VMs) are running in the mentioned server. K-means algorithm is used for clustering the VMs. The goodness of each cluster is determined by Davies Bouldin index and Dunn index respectively. The best cluster is further identified by the determined indices. The features of the best cluster are considered into a set of optimal parameters.
Virtualization technology has provided many benefits to organizations, but it cannot provide automation. This causes operational expenditure (OpEx) inefficiencies, which are solved by cloud computing (vCloud Director vApps). Organizations have adopted virtualization technology to reduce IT costs and meet business needs. In addition to improved CapEx efficiency, virtualization has enabled organizations to respond to business needs faster. While virtualization has dramatically optimized core IT infrastructures, organizations struggle to reduce OpEx costs. Because virtualization only addresses server consolidation, administrators are faced with the manual and resource-intensive day-to-day tasks of managing the rest of the data center: networking, storage, user management. This manuscript presents details on how leverage vApps based on a virtualized platform to improve CapEx efficiency in today s data center. The combination of virtualization and cloud computing can transform the data center into a dynamic, scalable, and agile resource capable of achieving significant CapEx and OpEx cost savings.
Web client fingerprinting has become a widely used technique for uniquely identifying users, browsers, operating systems, and devices with high accuracy. While it is beneficial for applications such as fraud detection and personalized experiences, it also raises privacy concerns by enabling persistent tracking and detailed user profiling. This paper introduces an advanced fingerprinting method using WebAssembly (Wasm) - a low-level programming language that offers near-native execution speed in modern web browsers. With broad support across major browsers and growing adoption, WebAssembly provides a strong foundation for developing more effective fingerprinting methods. In this work, we present a new approach that leverages WebAssembly's computational capabilities to identify returning devices-such as smartphones, tablets, laptops, and desktops across different browsing sessions. Our method uses subtle differences in the WebAssembly JavaScript API implementation to distinguish between Chromium-based browsers like Google Chrome and Microsoft Edge, even when identifiers such as the User-Agent are completely spoofed, achieving a false-positive rate of less than 1%. The fingerprint is
Cloud computing has transformed the way organizations manage and scale their IT infrastructure by offering flexible, scalable, and cost-effective solutions. However, the Infrastructure as a Service (IaaS) model faces performance challenges primarily due to the limitations imposed by virtualization technology. This paper focuses on designing an effective virtualization technique for IaaS, aiming to improve infrastructure-level performance. Through a systematic literature review and a design, development, and evaluation approach, various virtualization techniques such as full virtualization, paravirtualization, and hardware-assisted virtualization are explored. The study also considers the role of hypervisors like Xen, KVM, and VMware ESXi in improving performance. The proposed solution seeks to optimize resource utilization, minimize latency, and enhance overall throughput in IaaS environments. Finally, the research discusses the potential application of this virtualization technique for public cloud computing solutions tailored for Ethiopian Small and Medium Enterprises (ESMEs) using platforms like Amazon EC2.
ATLASv2 is based on a previously generated dataset included in "ATLAS: A Sequence-based Learning Approach for Attack Investigation." The original ATLAS dataset is comprised of Windows Security Auditing system logs, Firefox logs, and DNS logs via WireShark. In ATLASv2, we aim to enrich the ATLAS dataset with higher quality background noise and additional logging vantage points. This work replicates the ten attack scenarios described in ATLAS, but extends the logging to include Sysmon logs and events tracked through VMware Carbon Black Cloud. The main contribution of ATLASv2 is to improve the quality of the benign system activity and the integration of the attack scenarios. Instead of relying on automated scripts to generate activity, we had two researchers use the victim machines as their primary work stations throughout the course of the engagement. This allowed us to capture system logs on actual user behavior. Additionally, the researchers conducted the attacks in a lab setup allowing the integration of the attack into the work flow of the victim user. This allows the ATLASv2 dataset to provide realistic system logs that mirror the system log activity generated in real-world atta
This paper of work examines the SolarWinds attack, designed on Orion Platform security incident. It analyses the persistent threats agents and potential technical attack techniques to gain unauthorized access. In 2020 SolarWinds attack indicates an initial breach disclosure on Orion Platform software by malware distribution on IT and government organizations such as Homeland Security, Microsoft and Intel associated with supply chains leaks consequences from small loopholes in security systems. Hackers increased the number of infected company and businesses networks during the supply-chain attack, hackers were capable to propagate the attack by using a VMware exploit. On the special way they started to target command injections, privilege escalations, and use after free platforms of VMware. In this way, they gained access to Virtual Machines and in the east way pivot other servers. This literature review aim to analyze the security gap regarding to SolarWinds incident on Orion Platform, the impact on industry and financial sectors involving the elements of incident response plan. Therefore, this research paper ensures specifications of proper solutions for possible defense security
In this work, we propose a testbed environment to capture the attack strategies of an adversary carrying out a cyber-attack on an enterprise network. The testbed contains nodes with known security vulnerabilities which can be exploited by hackers. Participants can be invited to play the role of a hacker (e.g., black-hat, hacktivist) and attack the testbed. The testbed is designed such that there are multiple attack pathways available to hackers. We describe the working of the testbed components and discuss its implementation on a VMware ESXi server. Finally, we subject our testbed implementation to a few well-known cyber-attack strategies, collect data during the process and present our analysis of the data.
With the widespread of Artificial Intelligence (AI)- enabled security applications, there is a need for collecting heterogeneous and scalable data sources for effectively evaluating the performances of security applications. This paper presents the description of new datasets, named ToN IoT datasets that include distributed data sources collected from Telemetry datasets of Internet of Things (IoT) services, Operating systems datasets of Windows and Linux, and datasets of Network traffic. The paper aims to describe the new testbed architecture used to collect Linux datasets from audit traces of hard disk, memory and process. The architecture was designed in three distributed layers of edge, fog, and cloud. The edge layer comprises IoT and network systems, the fog layer includes virtual machines and gateways, and the cloud layer includes data analytics and visualization tools connected with the other two layers. The layers were programmatically controlled using Software-Defined Network (SDN) and Network-Function Virtualization (NFV) using the VMware NSX and vCloud NFV platform. The Linux ToN IoT datasets would be used to train and validate various new federated and distributed AI-ena
The popularity of cloud based Infrastructure-as-a- Service (IaaS) solutions is becoming increasingly popular. However, since IaaS providers and customers interact in a flexible and scalable environment, security remains a serious concern. To handle such security issues, defining a set of security parameters in the service level agreements (SLA) between both, IaaS provider and customer, is of utmost importance. In this paper, the European Network and Information Security Agency (ENISA) guidelines are evaluated to extract a set of security parameters for IaaS. Furthermore, the level of applicability and implementation of this set is used to assess popular industrial and open-source IaaS cloud platforms, respectively VMware and OpenStack. Both platforms provide private clouds, used as backend infrastructures in Industry 4.0 application scenarios. The results serve as initial work to identify a security baseline and research needs for creating secure cloud environments for Industry 4.0.
Container Orchestrator (CO) is a vital technology for managing clusters of containers, which may form a virtualized infrastructure for developing and operating software systems. Like any other software system, securing CO is critical, but can be quite challenging task due to large number of configurable options. Manual configuration is not only knowledge intensive and time consuming, but also is error prone. For automating security configuration of CO, we propose a novel Knowledge Graph based Security Configuration, KGSecConfig, approach. Our solution leverages keyword and learning models to systematically capture, link, and correlate heterogeneous and multi-vendor configuration space in a unified structure for supporting automation of security configuration of CO. We implement KGSecConfig on Kubernetes, Docker, Azure, and VMWare to build secured configuration knowledge graph. Our evaluation results show 0.98 and 0.94 accuracy for keyword and learning-based secured configuration option and concept extraction, respectively. We also demonstrate the utilization of the knowledge graph for automated misconfiguration mitigation in a Kubernetes cluster. We assert that our knowledge graph
Virtual Trusted Platform Modules (vTPMs) have been widely used in commercial cloud platforms (e.g. Google Cloud, VMware Cloud, and Microsoft Azure) to provide virtual root-of-trust for virtual machines. Unfortunately, current state-of-the-art vTPM implementations are suffering from confidential data leakage and high performance overhead. In this paper, we present SvTPM, a secure and efficient software-based vTPM implementation based on hardware-rooted Trusted Execution Environment (TEE), providing a whole life cycle protection of vTPMs in the cloud. SvTPM offers strong isolation protection, so that cloud tenants or even cloud administrators cannot get vTPM's private keys or any other sensitive data. In SvTPM, we identify and solve a couple of critical security challenges for vTPM protection with SGX, such as NVRAM replacement attack, rollback attacks, trust establishment, and a fine-grained trusted clock. We implement a prototype of SvTPM on both QEMU and KVM. Performance evaluation results show that SvTPM achieves orders of magnitude of performance gains comparing to the vTPMs protected with physical TPM. The launch time of SvTPM is 2600$\times$ faster than vTPMs built upon hardwa
Memory ballooning is dynamic memory management technique for virtual machines (VMs). Ballooning is a part of memory reclamation technique operations used by a hypervisor to allow the physical host system to retrieve unused memory from certain guest virtual machines (VMs) and share it with others. Memory ballooning allows the total amount ofRAM required by guest VMs to exceed the amount ofphysical RAM available on the host. Memory overcommitment enables a higher consolidation ratio in a hypervisor. Using memory overcommitment, users can consolidate VMs on a physical machine such that physical resources are utilized in an optimal manner while delivering good performance. Hence memory reclamation is an integral component ofmemory overcommitment. In this paper, we address that the basic cause of memory that ballooning is memory overcommitment from using memory-intensive virtual machines. We compared to others reclamation technique and identify Cost Associate with Memory Ballooning in state of Memory Overcommitment. The objective of this paper is to analyse memory ballooning technique for dynamic memory management of VMs. For this analysis, VMware based virtualization software e.g ESXi
In the past few years, computer worms are seen as one of significant challenges of cloud computing. Worms are rapidly changing and getting more sophisticated to evade detection. One major issue to defend against computer worms is collecting worms' payloads to generate their signature and study their behavior. To collect worms' payloads, we identified challenges for detecting and collecting worms' payloads and proposed high-interactive honeypot to collect payloads of zero-day polymorphic worms in homogeneous and heterogeneous cloud computing platforms. Virtual machine (VM) memory and VM disk image are inspected from outside using open-source forensics tools and VMWare Virtual Disk Development Kit. Our experiments show that the proposed approach overcomes the identified challenges.
Climate change is an existential threat to the United States and the world. Inevitably, computing will play a key role in mitigation, adaptation, and resilience in response to this threat. The needs span all areas of computing, from devices and architectures (e.g., low-power sensor systems for wildfire monitoring) to algorithms (e.g., predicting impacts and evaluating mitigation), and robotics (e.g., autonomous UAVs for monitoring and actuation) -- as well as every level of the software stack, from data management systems and energy-aware operating systems to hardware/software co-design. The goal of this white paper is to highlight the role of computing research in addressing climate change-induced challenges. To that end, we outline six key impact areas in which these challenges will arise -- energy, environmental justice, transportation, infrastructure, agriculture, and environmental monitoring and forecasting -- then identify specific ways in which computing research can help address the associated problems. These impact areas will create a driving force behind, and enable, cross-cutting, system-level innovation. We further break down this information into four broad areas of co
Cloud services have been widely employed in IT industry and scientific research. By using Cloud services users can move computing tasks and data away from local computers to remote datacenters. By accessing Internet-based services over lightweight and mobile devices, users deploy diversified Cloud applications on powerful machines. The key drivers towards this paradigm for the scientific computing field include the substantial computing capacity, on-demand provisioning and cross-platform interoperability. To fully harness the Cloud services for scientific computing, however, we need to design an application-specific platform to help the users efficiently migrate their applications. In this, we propose a Cloud service platform for symbolic-numeric computation - SNC. SNC allows the Cloud users to describe tasks as symbolic expressions through C/C++, Python, Java APIs and SNC script. Just-In-Time (JIT) compilation through using LLVM/JVM is used to compile the user code to the machine code. We implemented the SNC design and tested a wide range of symbolic-numeric computation applications (including nonlinear minimization, Monte Carlo integration, finite element assembly and multibody d
Virtualization has gained astonishing popularity in recent decades. It is applied in several application domains, including mainframes, personal computers, data centers, and embedded systems. While the benefits of virtualization are no longer to be demonstrated, it often comes at the price of performance degradation compared to native execution. In this work, we conduct a comparative study on the performance outcome of VMWare, KVM, and Docker against compute-intensive, IO-intensive, and system benchmarks. The experiments reveal that containers are the way-to-go for the fast execution of applications. It also shows that VMWare and KVM perform similarly on most of the benchmarks.
Virtualization started to gain traction in the domain of information technology in the early 2000s when managing resource distribution was becoming an uphill task for developers. As a result, tools like VMWare, Hyper V (hypervisor) started making inroads into the software repository on different operating systems. VMWare and Hyper V could support multiple virtual machines running on them with each having their own isolated environment. Due to this isolation, the security aspects of virtual machines (VMs) did not differ much from that of physical machines (having a dedicated operating system on hardware). The advancement made in the domain of linux containers (LXC) has taken virtualization to an altogether different level where resource utilization by various applications has been further optimized. But the container security has assumed primary importance amongst the researchers today and this paper is inclined towards providing a brief overview about comparisons between security of container and VMs.
This manuscript presents teaching and curriculum design for Information Technology classes. Today, students demand hands-on activities for the newest technologies. It is feasible to satisfy this appetite for exciting education by employing server virtualization technologies to teach advanced concepts with extensive hands-on assignments. Through utilization of virtualized servers, students are able to deploy, secure and manage virtual machines and networks in a contained environment. Various techniques, assessment tools and experiences will be analyzed and presented by this manuscript. Previous teaching cases for Information Systems or Information Technology classes are done using non-commercial products, such as free VMware Server or VMware Player. Such products have very limited functionality in terms of networking, storage and resource management. Several advanced datacenter functions, such as Distributed Power Management (DPM), vMotion and others, are not available in desktop versions of that type of virtualization software. This manuscript introduces the utilization of commercial software, such as vSphere 4.1, with full datacenter functionality and operations for teaching Infor
In the year of 2017, the capital expenditure of Flash-based Solid State Drivers (SSDs) keeps declining and the storage capacity of SSDs keeps increasing. As a result, the "selling point" of traditional spinning Hard Disk Drives (HDDs) as a backend storage - low cost and large capacity - is no longer unique, and eventually they will be replaced by low-end SSDs which have large capacity but perform orders of magnitude better than HDDs. Thus, it is widely believed that all-flash multi-tier storage systems will be adopted in the enterprise datacenters in the near future. However, existing caching or tiering solutions for SSD-HDD hybrid storage systems are not suitable for all-flash storage systems. This is because that all-flash storage systems do not have a large speed difference (e.g., 10x) among each tier. Instead, different specialties (such as high performance, high capacity, etc.) of each tier should be taken into consideration. Motivated by this, we develop an automatic data placement manager called "AutoTiering" to handle virtual machine disk files (VMDK) allocation and migration in an all-flash multi-tier datacenter to best utilize the storage resource, optimize the performanc