Abstract: Miss rate curves are constructed in a resource-efficient manner so that they can be constructed and memory management decisions can be made while the workloads are running. The resource-efficient technique includes the steps of selecting a subset of memory pages for the workload, maintaining a least recently used (LRU) data structure for the selected memory pages, detecting accesses to the selected memory pages and updating the LRU data structure in response to the detected accesses, and generating data for constructing a miss-rate curve for the workload using the LRU data structure. After a memory page is accessed, the memory page may be left untraced for a period of time, after which the memory page is retraced.

Abstract: Security of information—both code and data—stored in a computer's system memory is provided by an agent loaded into and at run time resident in a CPU cache. Memory writes from the CPU are encrypted by the agent before writing and reads into the CPU are decrypted by the agent before they reach the CPU. The cache-resident agent also optionally validates the encrypted information stored in the system memory. Support for I/O devices and cache protection from unsafe DMA of the cache by devices is also provided.

Abstract: Methods and systems for securing sensitive data from security risks associated with direct memory access (“DMA”) by input/output (“I/O”) devices are provided. An enhanced software cryptoprocessor system secures sensitive data using various techniques, including (1) protecting sensitive data by preventing DMA by an I/O device to the portion of the cache that stores the sensitive data, (2) protecting device data by preventing cross-device access to device data using DMA isolation, and (3) protecting the cache by preventing the pessimistic eviction of cache lines on DMA writes to main memory.

Abstract: Contention for a resource in a computer system resource is managed by measuring a resource performance metric and, for each of a selected plurality of clients (for example, virtual machines), a client performance metric. For each of the selected clients, a relationship measure, such as correlation, is determined as a function of the resource performance metric and the respective client performance metric. A degree of resource contention effect is determined for each of the selected clients as a function of the respective relationship measure, and a resource-related action is taken according to the respective relationship measures. Clients may include virtualized components contending for storage. Example metrics include functions of I/O operation counts, latency or throughput measurements, pending I/O request counts, I/O throughput relative to I/O latency, a degree of change of the respective clients' I/O behavior, etc.

Abstract: Page data of a virtual machine is represented for efficient save and restore operations. One form of representation applies to each page with an easily identifiable pattern. The page is described, saved, and restored in terms of metadata reflective of the pattern rather than a complete page of data reflecting the pattern. During a save or restore operation, however, the metadata of the page is represented, but not the page data. Another form of representation applies to each page sharing a canonical instance of a complex pattern that is instantiated in memory during execution, and explicitly saved and restored. Each page sharing the canonical page is saved and restored as a metadata reference, without the need to actually save redundant copies of the page data.

Abstract: Read requests to a commonly accessed storage volume are conditionally issued, depending on whether or not a requested data block is already stored in memory from a prior access or to be stored in memory upon completion of a pending request. A data structure is maintained in memory to track physical memory pages and to indicate for each physical memory page the corresponding location in the storage volume from which the contents of the physical memory were read and the number of virtual memory pages that are mapped thereto.

Abstract: Activity level of memory pages is classified in virtual machine environment, so that processes such as live VM migration and checkpointing, among others, can be carried out more efficiently. The method includes the steps of scanning page table entries of hypervisor-managed page tables continuously over repeating scan periods to determine whether memory pages have been accessed or not, and for each memory page, determining an activity level of the memory page based on whether the memory page has been accessed or not since a prior scan and storing the activity level of the memory page. The activity level of the memory page may be represented by one or more bits of its page table entry and may be classified as having at least two states ranging from hot to cold.

Abstract: One or more embodiments of the present invention provide a technique for effectively managing virtualized computing systems with an unlimited number of hardware resources. Host systems included in a virtualized computer system are organized into a scalable, peer-to-peer (P2P) network in which host systems arrange themselves into a network overlay to communicate with one another. The network overlay enables the host systems to perform a variety of operations, which include dividing computing resources of the host systems among a plurality of virtual machines (VMs), load balancing VMs across the host systems, and performing an initial placement of a VM in one of the host systems.

Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.

Abstract: An application such as a virtual machine are executed securely using a software-based, full-system emulator within a hardware-protected enclave, such as an SGX enclave. The emulator may thereby be secure even against a malicious underlying host operating system. In some cases, paging is used to allow even a large application may run within a small enclave using paging. Where the application itself uses enclaves, these guest enclaves may themselves be emulated within an emulator enclave such that the guest enclave(s) are nested as sibling enclaves by the emulator.

Abstract: A method and tangible medium embodying code for allocating resource units of an allocatable resource among a plurality of clients in a computer is described. In the method, resource units are initially distributed among the clients by assigning to each of the clients a nominal share of the allocatable resource. For each client, a current allocation of resource units is determined. A metric is evaluated for each client, the metric being a function both of the nominal share and a usage-based factor, the usage-based factor being a function of a measure of resource units that the client is actively using and a measure of resource units that the client is not actively using. A resource unit can be reclaimed from a client when the metric for that client meets a predetermined criterion.

Abstract: A system and method of operation exploit the limited associativity of a single cache set to force observable cache evictions and discover conflicts. Loads are issued to input memory addresses, one at a time, until a cache eviction is detected. After observing a cache eviction on a load from an address, that address is added to a data structure representing the current conflict set. The cache is then flushed, and loads are issued to all addresses in the current conflict set, so that all known conflicting addresses are accessed first, ensuring that the next cache miss will occur on a different conflicting address. The process is repeated, issuing loads from all input memory addresses, incrementally finding conflicting addresses, one by one. Memory addresses that conflict in the cache belong to the same partition, whereas memory addresses belonging to different partitions do not conflict.

Abstract: A virtual-machine-based system provides a mechanism to implement application file I/O operations of protected data by implementing the I/O operations semantics in a shim layer with memory-mapped regions. The semantics of these I/O operations are emulated in a shim layer with memory-mapped regions by using a mapping between a process' address space and a file or shared memory object. Data that is protected from viewing by a guest OS running in a virtual machine may nonetheless be accessed by the process.

Abstract: To generate a checkpoint for a virtual machine (VM), first, while the VM is still running, a copy-on-write (COW) disk file is created pointing to a parent disk file that the VM is using. Next, the VM is stopped, the VM's memory is marked COW, the device state of the VM is saved to memory, the VM is switched to use the COW disk file, and the VM begins running again for substantially the remainder of the checkpoint generation. Next, the device state that was stored in memory and the unmodified VM memory pages are saved to a checkpoint file. Also, a copy may be made of the parent disk file for retention as part of the checkpoint, or the original parent disk file may be retained as part of the checkpoint. If a copy of the parent disk file was made, then the COW disk file may be committed to the original parent disk file.

Abstract: Distributed storage resources having multiple storage units are managed based on data collected from online monitoring of workloads on the storage units and performance characteristics of the storage units. The collected data is sampled at discrete time intervals over a time period of interest, such as a congested time period. Normalized load metrics are computed for each storage unit based on time-correlated sums of the workloads running on the storage unit over the time period of interest and the performance characteristic of the storage unit. Workloads that are migration candidates and storage units that are migration destinations are determined from a representative value of the computed normalized load metrics, which may be the 90th percentile value or a weighted sum of two or more different percentile values.

Abstract: Cache utility curves are determined for different software entities depending on how frequently their storage access requests lead to cache hits or cache misses. Although possible, not all access requests need be tested, but rather only a sampled subset, determined by whether a hash value of each current storage location identifier (such as an address or block number) meets one or more sampling criteria. The sampling rate is adaptively changed so as to hold the number of location identifiers needed to be stored to compute the cache utility curves to within a set maximum limit.

Abstract: One or more embodiments of the present invention provide a technique for effectively managing virtualized computing systems with an unlimited number of hardware resources. Host systems included in a virtualized computer system are organized into a scalable, peer-to-peer (P2P) network in which host systems arrange themselves into a network overlay to communicate with one another. The network overlay enables the host systems to perform a variety of operations, which include dividing computing resources of the host systems among a plurality of virtual machines (VMs), load balancing VMs across the host systems, and performing an initial placement of a VM in one of the host systems.

Abstract: An anomaly in a shared input/output (IO) resource that is accessed by a plurality hosts or clients is detected when a host that is not bound by any QoS policy presents large workloads to a shared IO resource that is also accessed by hosts or clients that are governed by QoS policy. The anomaly detection triggers a response from the hosts or clients as a way to protect against the effect of the anomaly. The response is an increase in window sizes. The window sizes of the hosts or clients may be increased to the maximum window size or in proportion to their QoS shares.

Abstract: Cache utility curves are determined for different software entities depending on how frequently their storage access requests lead to cache hits or cache misses. Although possible, not all access requests need be tested, but rather only a subset, determined by whether a hash value of each current storage location identifier (such as an address or block number) meets one or more sampling criteria.

Abstract: A method of managing host physical memory using a balloon application executing within a guest virtual machine (GVM) running on a host platform is described. The balloon application receives allocation parameters from an entity outside the GVM, the allocation parameters identifying an amount of memory for the balloon application to allocate. The balloon application adjusts the allocated amount of memory according to the allocated amount. Physical memory backing up the allocated memory can then be assigned by virtualization software for use by another virtual machine running on the host platform.