@inproceedings{931b46e41a7d4258a8a8b8055273ed36,
title = "Performance isolation exposure in virtualized platforms with PCI passthrough I/O sharing",
abstract = "PCI Passthrough is an x86 virtualization technology that enables low overhead, high performance I/O virtualization. It is an established technology in server and cloud computing environments and a promising technology for sharing I/O devices in future Cyber Physical Systems that consolidate mixed-criticality applications on multi-core CPUs. In this paper, we show that current implementations of x86 PCI Passthrough are prone to Denial-of-Service attacks. We demonstrate that attacks can be launched from within Virtual Machine environments and affect the performance of every I/O device on the interconnect. This means that malicious or malfunctioning applications inside Virtual Machines can impair the I/O performance of co-residential Virtual Machines. For example, attacking an SR-IOV capable Gigabit Ethernet NIC causes its TCP throughput to drop by 326 Mbit/s; latencies for reading 32 bit words from the NIC increase by over 650\%. We investigate which hardware parameters influence the impact of such attacks and introduce three protection approaches.",
keywords = "Passthrough I/O, Performance Isolation, Virtualization",
author = "Andre Richter and Christian Herber and Holm Rauchfuss and Thomas Wild and Andreas Herkersdorf",
year = "2014",
doi = "10.1007/978-3-319-04891-8\_15",
language = "English",
isbn = "9783319048901",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "171--182",
booktitle = "Architecture of Computing Systems, ARCS 2014 - 27th International Conference, Proceedings",
note = "27th International Conference on Architecture of Computing Systems, ARCS 2014 ; Conference date: 25-02-2014 Through 28-02-2014",
}