T. C. Bressoud and F. B. Schneider. Hypervisor-based fault tolerance. ACM Transactions on Computer Systems, 14(1):80--107, Feb. 1996.  Home/Search   Document Not in Database   Summary   Related Articles   Check

.... messages delivered to the destination process and its backup [9] In the Hypervisor system (based on a primary backup model) a virtual machine layer, beneath the operating system, uses a hardware register to count the instructions executed by a primary machine between two hardware interrupts [10]. This information is sent over the network to a backup machine. The backup uses instruction counts to reproduce the effects of the primary s hardware interrupts with respect to the backup s instruction stream. Delta 4 provides semi active replication with a leader follower model and a ....

T. C. Bressoud and F. B. Schneider. Hypervisor-based fault tolerance. ACM Trans. on Computer Systems, 14(1):80--107, 1996.

....reads large volumes of network or disk data, since all data has to be forwarded to the follower. Hence, this solution is not acceptable for the replication of busy server systems because their throughput might be severely affected. The system evolved from hypervisor based fault tolerance [4], which shares the idea of having a leader to enable replication of non deterministic state machines. 3 read result Leader Follower 2 LAN data 5 4 read read data RAID file server (a) Follower issues a second read request. 1 3 read result Leader Follower 2 data read LAN data RAID ....

Thomas Bressoud and Fred Schneider. Hypervisor-based fault-tolerance. ACM Transactions on Computer Systems, 14(1):80--107, February 1996.

.... messages delivered to the destination process and its backup [1] in the Hypervisor system (based on a primary backup model) a virtual machine layer, beneath the operating system, uses a hardware register to count the instructions executed by a primary machine between two hardware interrupts [7]. This information is sent over the network to a backup machine. The backup uses instruction counts to reproduce the effects of the primary s hardware interrupts with respect to the backup s instruction stream. Delta 4 provides semi active replication with a leader follower model and a ....

T. C. Bressoud and F. B. Schneider. Hypervisor-based fault tolerance. ACM Trans. on Computer Systems, 14(1):80--107, 1996.

....(iv) cannot recover state from a system, unless checkpointing state externally to some stable device, with the incurred consistency and performance problems. Passive OS monitoring using virtual machine technology was proposed for intrusion detection and analysis, or automated failover support [4, 9]. However, its use is limited to specific problems and may incur high overhead and or cost. Remote monitoring and control through standardized protocols is routinely used in the Internet management infrastructure [12] However, the control interface has a coarse granularity and is limited to ....

....of virtual machine monitors (VMM) The VMM based approaches passively observe a system as a whole while it runs as a guest (OS applications) inside a VMM, by logging interactions of the guest OS with the VMM. VMMs were used to build backup state on different nodes for recovery after a crash [4], and to provide a secure execution environment for system loggers to help with intrusion detection and analysis [9] These approaches may be used in SHS architectures but they are either too expensive or not general enough. Other recently proposed designs like [25] provide builtin support for ....

T. C. Bressoud and F. B. Schneider. Hypervisor-based Fault Tolerance. In Proc. 15th ACM symposium on Operating systems principles (SOSP), 1995.

....In Section 2 we motivate our work with a comparison of its strengths and weaknesses to other intrusion detection architectures. Section 3 discusses virtual machine monitors, how they work, their security, and the criteria they must fulfill in order to support our VMI IDS architecture. Section 4 describes our architecture for a VMI based intrusion detection systems and the design of Livewire, a prototype VMI based IDS that implements this architecture. Section 5 describes the implementation of our prototype, while Section 6 describes sample intrusion detection policies we implemented ....

....processes by modifying kernel structures and masking the presence of IDS files through the use of steganography and encryption [36] Current systems that rely on these techniques can be easily defeated. Some intrusion detection tools have addressed this problem by moving the IDS into the kernel [54, 47, 24] This approach offers some resilience in the face of a compromise, but is not a panacea. Many OSes offer interfaces for direct kernel memory access from user level. If these interfaces are not disabled, kernel code is no safer from tampering by a privileged user than normal userlevel ....

[Article contains additional citation context not shown here]

T. C. Bressoud and F. B. Schneider. Hypervisor-based fault tolerance. ACM Transactions on Computer Systems, 14(1):80--107, 1996.

....the opportunity to hot swap virtual devices transparently to a VM. For example, a generic virtual block device interface could be mapped to a conventional hard disk, a RAID array, or a distributed disk like Petal [33] Other potential services include NUMA memory management [9] fault tolerance [8], and secure logging [11] Virtual machines for content distribution: A significant challenge for Internet services is dealing with client load that can vary over several order of magnitudes. The problem of flash crowds on the web motivated replication mechanisms such as content delivery networks ....

Thomas C. Bressoud and Fred B. Schneider. Hypervisor-based fault tolerance. ACM Transactions on Computer Systems, 14(1):80--107, 1996.

....are two obvious levels at which nondeterministc events can be captured in Java: 1. At the virtual machine level 2. At the method invocation level Capturing Nondeterminism in the JVM The idea of using a virtual machine to manage nondeterminism has been first explored by Bressoud and Schneider [1], who implemented a virtual machine for HP s PA RISC architecture. In their scheme, fault tolerance is achieved by replicating the computation on two independently failing processes, using a well known technique called the state machine approach [3] To make this technique work, however, the two ....

....of non deterministic commands. Indeed, it is not obvious which non deterministic commands are executed by the JVM, although it is reasonable to expect that many will occur at the Java Native Interface. One expects that once these commands have been identified, the techniques developed in [1] and [4] could be used to guarantee the reproducibility of nondeterministic choices during recovery. Capturing Nondeterminism through Method Logging The logging of message ordering information described above can be generalized easily to distributed object computation systems. Instead of ....

T. Bressoud and F.B. Schneider. Hypervisor-based fault-tolerance. ACM Transactions on Computer Systems, 14(1):41--79, February 1996.

....an equivalent order of mutex acquisitions across replicas. 1. Introduction This paper proposes a loose synchronization algorithm (LSA) for handling the nondeterminism induced by multithreading in replica behavior. In contrast with techniques synchronizing replicas at the interrupt level [1] [5], 8] the algorithm synchronizes replica threads on state updates by intercepting mutex requests invoked by threads before accessing shared data in order to enforce an equivalent ordering of mutex acquisitions across replicas. Performance overhead is minimized by preserving concurrency in the ....

.... UNIX signals) are transformed into synchronous messages delivered to the destination process and its backup [1] In the Hypervisor system a virtual machine layer, beneath the operating system, uses the hardware instruction counter to count the instructions executed between two hardware interrupts [5]. Delta 4 provides semiactive replication with a leader follower model plus a preemption synchronization mechanism. When an interrupt arrives at the leader, the leader determines the next preemption point at which it will be served. This information is sent to followers. Replicas are assumed to be ....

T. C. Bressoud and F. B. Schneider. Hypervisor-based fault tolerance. ACM Trans. on Computer Systems, 14(1):80--107, 1996.

....IL 61801 E mail: fbasilecl, kwhisnan, kalbar, iyerg crhc.uiuc.edu 1. Introduction This paper proposes a loose synchronization algorithm (LSA) for ensuring deterministic behavior of replicas while preserving concurrency. In contrast with techniques synchronizing replicas at the interrupt level [2], the algorithm synchronizes replica threads on state updates by intercepting mutex requests. Performance overhead is minimized by preserving concurrency in the execution of application threads (the algorithm does not interfere with the operating system scheduler, except when granting mutexes) ....

T. C. Bressoud and F. B. Schneider. Hypervisor-based fault tolerance. ACM Transactions on Computer Systems, 14(1):80--107, 1996.

....to multithreaded applications requires further investigation. This paper proposes a loose synchronization algorithm (LSA) for ensuring deterministic behavior of replicas while preserving concurrency. In contrast with current techniques that synchronize replicas at the interrupt level [1] [8], 7] 23] the algorithm synchronizes replica threads on state updates (enforcing an equivalent order) by intercepting mutex requests invoked by threads before accessing shared data. Performance overhead is minimized by preserving concurrency in the execution of application threads the ....

....system, uses the hardware instruction counter [9] to count the instructions executed between two hardware interrupts. This information is collected on the primary machine and periodically sent over the network to the backup machine, which reproduces the effects of the primary s hardware interrupts [8]. Transparent Fault Tolerance (TFT) is similar to the Hypervisor solution, except the interpositioning is done at the operating system call interface [7] Delta 4 provides user applications with passive replication, semiactive replication, and active replication. Active replication cannot handle ....

T. C. Bressoud and F. B. Schneider. Hypervisor-based fault tolerance. ACM Transactions on Computer Systems, 14(1):80--107, 1996.

....architecture, because there are significant simplicity, scalability, and performance benefits to be gained by modifying it, as we will argue later in this paper. An isolation kernel is similar in many respects to other small kernel architectures, such as virtual machine monitors [12] hypervisors [4], microkernels [1] and exokernels [8] In the next section of this paper, we outline some of the guiding design principles of isolation kernels, and describe how our work differs from other small kernel architectures. Next, we describe the architecture and implementation of Denali, our prototype ....

T. C. Bressoud and F. B. Schneider. Hypervisor-based fault tolerance. ACM Transactions on Computer Systems, 14(1):80--107, 1996.

....lost during the rollback. The proxy continues to log incoming mail during the undo cycle, although users are only given read only access until replay has completed. Further discussion of this and other issues raised by the 3R model can be found in [Brown02] 11 containment and fault tolerance [Bres95] firewalls from security; and disk and memory scrubbers to repair faults before they accessed by the application. The ROC 1 hardware prototype is a 64 node cluster composed of custom built nodes, called bricks, each of which is an embedded PC board. Figure 8 shows a brick. For both space and ....

T.C. Bressoud and F.B. Schneider. Hypervisor-based fault tolerance. In Proc. Fifteenth ACM Symp. on Oper. Sys. Principles (SOSP-15), Copper Mtn., CO, Dec. 1995.

....support to mask the effects of data corruption and resource loss. Cornell s Hypervisor based fault tolerance system provides a similar software system, providing execution in one primary virtual machine and n 1 backup virtual machines on n processors to provide an n 1 fault tolerant system [2]. The virtual machines are static, such that once all the n virtual machines are dead, the system must be manually restarted. Another approach is fault containment and recovery at a node granularity. In these systems, each node is supported by a multi cellular kernel. When one node fails, the ....

....We believe that duplication of software resources (such as memory and execution state can be used to preserve state in a similar fashion to checkpointing. Resource duplication for availability can performed at different levels, such as at the hardware level [9, 20] OS level, virtual machine level [2], process level, or thread level. Each approach trades off recoverability and availability against system software complexity and resource costs. For example, duplication at the OS level offers the best availability, but at the highest complexity and resource overhead (everything must be ....

Bressoud, T and Schneider F, "Hypervisor-based Fault To l e rance " Proc. of 15th ACM SOSP, pp 1-11, Dec 1995.

No context found.

T.C. Bressoud and F.B. Schneider. Hypervisor-based fault tolerance. ACM Trans. on Computer Systems, 14(1):80--107, 1996.

....source code) but that they do not occur often enough to warrant immediate attention. Someone building a commercial fault tolerant TCP system would certainly have to capture and replay signals at the appropriate times in the execution path using a technique similar to the one used by the Hypervisor[3]. One source of nondeterminism we had to address was introduced by the servers themselves. This happens when a server generates a random value and then uses that value in communications with the client. In the next section we will show how we modified the server applications to ensure that ....

T. Bressoud and F. Schneider. Hypervisor-based fault tolerance. ACM Trans. on Computer Systems, 14(1):80--107, 1996.

No context found.

T. C. Bressoud and F. B. Schneider. Hypervisor-based fault tolerance. ACM Transactions on Computer Systems, 14(1):80--107, Feb. 1996.

No context found.

T. Bressoud and F. Schneider, "Hypervisor-Based Fault Tolerance," Proceedings of the 15

No context found.

T. C. Bressoud and F. B. Schneider. Hypervisor-based faulttolerance. In ACM Transactions on Computer Systems, pages 90--107, Munich, Germany, February 1996.

No context found.

T.C. Bressoud and F.B. Schneider. Hypervisorbased fault tolerance. ACM Trans. on Computer Systems, 14(1):80--107, 1996.

No context found.

T. C. Bressoud and F. B. Schneider. Hypervisor-based fault tolerance. ACM Transactions on Computer Systems, 14(1):80--107, February 1996.

No context found.

Thomas C. Bressoud and Fred B. Schneider. Hypervisorbased fault tolerance. ACM Transactions on Computer Systems, 14(1):80--107, 1996.

No context found.

T. C. Bressoud and F. B. Schneider. Hypervisor-based Fault Tolerance. In Proc. 15th ACM Symposium on Operating Systems Principles (SOSP), Dec. 1995.

No context found.

Thomas C. Bressoud and Fred B. Schneider. Hypervisor-based fault tolerance. ACM Transactions on Computer Systems, 14(1):80--107, February 1996.

No context found.

T. Bressoud and F. Schneider. Hypervisor-based Fault Tolerance. In Proceedings of the 15th ACM Symposium on Operating Systems Principles, December 1995.

No context found.

T. C. Bressoud, F. P. Schneider, "Hypervisor-based fault-tolerance," Proc. of the ACM Symposium on Operating Systems Principles, pp. 1-11, 1995. 143

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC