Performance isolation exposure in virtualized platforms with PCI passthrough I/O sharing

Andre Richter, Christian Herber, Holm Rauchfuss, Thomas Wild, Andreas Herkersdorf

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

14 Scopus citations

Abstract

PCI Passthrough is an x86 virtualization technology that enables low overhead, high performance I/O virtualization. It is an established technology in server and cloud computing environments and a promising technology for sharing I/O devices in future Cyber Physical Systems that consolidate mixed-criticality applications on multi-core CPUs. In this paper, we show that current implementations of x86 PCI Passthrough are prone to Denial-of-Service attacks. We demonstrate that attacks can be launched from within Virtual Machine environments and affect the performance of every I/O device on the interconnect. This means that malicious or malfunctioning applications inside Virtual Machines can impair the I/O performance of co-residential Virtual Machines. For example, attacking an SR-IOV capable Gigabit Ethernet NIC causes its TCP throughput to drop by 326 Mbit/s; latencies for reading 32 bit words from the NIC increase by over 650%. We investigate which hardware parameters influence the impact of such attacks and introduce three protection approaches.

Original languageEnglish
Title of host publicationArchitecture of Computing Systems, ARCS 2014 - 27th International Conference, Proceedings
PublisherSpringer Verlag
Pages171-182
Number of pages12
ISBN (Print)9783319048901
DOIs
StatePublished - 2014
Event27th International Conference on Architecture of Computing Systems, ARCS 2014 - Luebeck, Germany
Duration: 25 Feb 201428 Feb 2014

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8350 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference27th International Conference on Architecture of Computing Systems, ARCS 2014
Country/TerritoryGermany
CityLuebeck
Period25/02/1428/02/14

Keywords

  • Passthrough I/O
  • Performance Isolation
  • Virtualization

Fingerprint

Dive into the research topics of 'Performance isolation exposure in virtualized platforms with PCI passthrough I/O sharing'. Together they form a unique fingerprint.

Cite this