VINCS Project
(Virtual Infrastructure for Networked ComputerS)

Purpose

Study on advanced middleware infrastructure that aggressively utilizes virtualization and autonomic computing technology.

Approach

Development of systems that provide virtual computing environments
- Virtual machines, process-level resource virtualizers, CPU emulators
  - Running between OSes and applications
  - Virtualizing and multiplexing computing resource (CPU, memory, disk, network, device).
  - Providing supports for creating multiple virtual computing environments and virtual networks on top of a single computer.
- Functionalities provided by the middleware
  - Migration: computation migration, load balancing, synchronization, routing
  - Security and privacy: sandboxing, isolation, resource consumption control, intrusion detection and analysis, secure logging and auditing
  - Fault-tolerance: checkpointing, backup, rollback, mirroring
Study on autonomic computing technology
- Systems that support autonomic recovery from faults
- Autonomic behavior adaptation for high performance and fault tolerance
- Autonomic self-defense systems against attacks
Development of applications made up of systems that provide virtual computing environments
Example:
Virtual computing environments for developing and testing parallel distributed software

Virtual computers, virtual clusters, virtual parallel machines, virtual devices, virtual LANs, and virtual internet are realized on one or more physical computers. They are useful in development of wide-range software including P2P software, computer virus analyzers, web service software, and software for unpossessed hardware

Easy-to-use, rich-featured hosting infrastructure
Middleware based on a virtualization technology that allows its users to enjoy rich-featured hosting. Users can add a migration feature to servers without much modification to server code.
- Virtual computing environments hosting a high-loaded server are automatically migrated to a powerful physical computer.
- A new virtual computing environment is automatically created for running mirror servers of a high-loaded server.
- Low-loaded servers are moved to one physical computer.
- If there is deviation in the location of computers that access a server, the server migrates to the computer closest to the accessing computers.
- Backup and rollback are achieved by taking a snapshot of virtual computing environments.
Rich-featured, easy-to-use sandbox and honeypot

Utilization of virtual computing environments as sandboxes is explored. They are useful in places where chroot sandboxes are usually adopted and in analysis of malicious code such as computer viruses and worms.

Installless software, workflow

Software is distributed in the form of a snapshot of virtual computing environments.

The same computing environment everywhere

Infrastructure for enjoying the same computing environment at home, in an office, school, station, airport, train, and in flight. It is accomplished by carrying a snapshot of a virtual computing environment with mobile media or transferring it via a network.

This project pursues the direction in which the above functionalities are realized with middleware. An effort is made to avoid substantial modification to existing OSes or applications and enforcement of a specific programming language.

Challenges

There are many challenges to be addressed.

Efficient implementation of virtual computing environments

Many existing virtual computing environments are slow and leave rooms for performance improvement. Moreover, they have a problem of consuming much resource. It is an urgent necessity to address the challenges below.

Reduction in overheads added by virtual computing environments
Reduction in the amount of memory consumed by virtual computing environments
Reduction in the size of snapshot (data representing an entire state of a virtual computing environment)

Development of technologies for managing a great number of virtual computing environments.

Most existing virtual computing environments have problems in performance and the amount of consumed resource. As a result, they cannot always achieve good performance in situations where a great number of virtual computing environments co-exist on one physical computer. In addition, they provide few functionalities for dealing with multiple correlating virtual computing environments as one atomic object. The functionalities are essential for saving the state of the virtual network composed of multiple virtual computing environments and suspending/restarting multiple virtual computing environments in bulk.

Security and privacy

Problem of security and privacy should be solved in applications in which a part of resource in one's computer is encapsulated in a virtual computing environment and provided to others via a network. It is necessary to guarantee security and to keep privacy with cryptography and authentication.

Implementation and evaluation of applications of virtual computing environments

A virtual computing environment is a key component for achieving the applications described above. However, they are not achieved with virtual computing environments alone; various supportive mechanisms must be implemented. It is not trivial to answer what kind of mechanisms should be added and how they should be implememted. It is not trivial to answer whether virtual computing environments are suitable for realizing each functionality described above. It must be evaluated through experiments.

Projects

Virtual Multiprocessor (by Kenji Kaneda)
Quasar, SpecSB, MatSB (by Koichi Onoue)
SoftwarePot

Related Information

Publications

Papers

Kenji Kaneda, Yoshihiro Oyama, Akinori Yonezawa
A Virtual Machine Monitor for Providing a Single System Image
IPSJ Transactions on Advanced Computing Systems, Vol. 47, No. SIG 3(ACS 13), pages 27-39, March 2006.
(in Japanese)
Yoshihiro Oyama, Akinori Yonezawa
Prevention of Code-Injection Attacks by Encrypting System Call Arguments
Technical Report TR06-01, Department of Computer Science, Graduate School of Information Science and Technology, The University of Tokyo, March 2006.
paper (PDF)
Kenji Kaneda, Yoshihiro Oyama, Akinori Yonezawa
A Virtual Machine Monitor for Providing a Single System Image
In Proceedings of the 17th IPSJ Computer System Symposium (ComSys 2005), pages 3-12, Tsukuba, Japan, November 2005.
(in Japanese)
Koichi Onoue, Yoshihiro Oyama, Akinori Yonezawa
Sandbox System for Protecting Security Systems
The 22th JSSST Annual Conference, Tohoku University, September 2005.
(in Japanese)
Yosuke Yokoyama, Yoshihiro Oyama, Akinori Yonezawa
OS Extension for Transparent Migration of Server Processes
Information Processing Society of Japan, The 99th meeting of the Special Interest Groups on System Software and Operating System (SIGOS), Okinawa, Japan, May 2005.
(in Japanese)
Yoshihiro Oyama, Koichi Onoue, Akinori Yonezawa
Speculative Security Checks in Sandboxing Systems
In Proceedings of The 1st International Workshop on Security in Systems and Networks (SSN2005), Denver, USA, April 2005.
paper (PDF) / slide (ppt)
Koichi Onoue, Yoshihiro Oyama, Akinori Yonezawa
Quasar: A Mobile Computing System Based on CPU Emulator QEMU
The 8th Workshop on Systems for Programming and Applications (SPA 2005), Ikaho, Gunma, Japan, March 2005.
(in Japanese)
Yoshihiro Oyama, Kazuhiko Kato, Akinori Yonezawa
API for Supporting Optimization in Virtual Computing Environments
The 21th JSSST Annual Conference, Tokyo Institute of Technology, Japan, September 2004.
(in Japanese)
Yosuke Yokoyama, Yoshihiro Oyama, Akinori Yonezawa
Integrating a Checkpointing Mechanism into SoftwarePot
The 3rd Forum on Information Technology (FIT 2004), Doshisha University, Japan, September 2004.
(in Japanese)
Koichi Onoue, Yoshihiro Oyama, Akinori Yonezawa
Speculative Security Checks in Sandboxing Systems
Information Processing Society of Japan, The 96th meeting of the Special Interest Groups on System Software and Operating System (SIGOS), Okinawa, Japan, June 2004.
(in Japanese)
Toshihiro Yoshino, Yoshihiro Oyama, Akinori Yonezawa
Design and Implementation of a Self-Repairing Reference Monitor
The 7th Workshop on Systems for Programming and Applications (SPA 2004), Kamisuwa, Nagano, Japan, March 2004.
(in Japanese)
Yoshihiro Oyama
Techniques for Sandboxing Native Code (tutorial)
Computer Software, Vol. 20, No. 4, pages 55--72, July, 2003.
(in Japanese)

Posters, demos, work-in-progress presentations

Yosuke Yokoyama
Application-Specific Virtual Environments for Migration and Checkpointing
The 9th Workshop on Systems for Programming and Applications (SPA 2006), Nasu Shiobara, March 2006.
Daisuke Shimamoto, Yoshihiro Oyama, Akinori Yonezawa
Development of Anomaly Detection System for Windows using System Service Monitoring
In poster session of the 17th IPSJ Computer System Symposium (ComSys 2005), Tsukuba, Japan, November 2005.
(in Japanese)
Kenji Kaneda, Yoshihiro Oyama, Akinori Yonezawa
A Virtual Machine Monitor for Utilizing Non-dedicated Clusters
In Work-in-Progress Session of 20th ACM Symposium on Operating Systems Principles (SOSP 2005), Brighton, UK, October 2005.
Koichi Onoue
Protecting Security Systems
In poster session of The 4th Summer Workshop on Systems for Programming and Applications (SPA-SUMMER 2005), Isawa, Yamanashi, Japan, August 2005.
(in Japanese)
Yosuke Yokoyama
A Method for Building Environments Suitable for Process Migration by Process Monitoring
In poster session of The 4th Summer Workshop on Systems for Programming and Applications (SPA-SUMMER 2005), Isawa, Yamanashi, Japan, August 2005.
(in Japanese)
Yoshihiro Oyama, Akinori Yonezawa
A Library for Managing Virtual Execution Environments
In poster session of Information Processing Society of Japan, The 99th meeting of the Special Interest Groups on System Software and Operating System (SIGOS), Okinawa, Japan, May 2005.
(in Japanese)
Daisuke Shimamoto, Yoshihiro Oyama, Akinori Yonezawa
Monitoring System Services on Windows
In poster session of The Annual Symposium on Advanced Computing Systems and Infrastructures (SACSIS 2005), Tsukuba, Japan, May 2005.
(in Japanese)
Kenji Kaneda, Yoshihiro Oyama, Akinori Yonezawa
Virtualizing a Multi-processor Machine on a Network of Computers
Symposium on Global Dependable Information Infrastructure, Tokyo, Japan, March 2005.
- Abstract (4 pages) (pdf) (ps)
- Poster (ppt)
- Talk (ppt)
Yosuke Yokoyama
An Execution Environment for Transparent Server Migration
In poster session of The 8th Workshop on Systems for Programming and Applications (SPA 2005), Ikaho, Gunma, Japan, March 2005.
(in Japanese)
Toshihiro Yoshino, Yoshihiro Oyama, Akinori Yonezawa
Applying Self-Repair to Reference Monitors
In Works-In-Progress Session in 20th Annual Computer Security Applications Conference (ACSAC 2004), Tucson, Arizona, December 2004.
Yoshihiro Oyama, Kazuhiko Kato
SoftwarePot: A Secure Software Circulation System
In Work-in-Progress Session in 6th Symposium on Operating Systems Design and Implementation (OSDI 2004), San Francisco, December 2004.
abstract / slide (ppt)
Koichi Onoue, Yoshihiro Oyama, Akinori Yonezawa
A Mobile Computing System Based on a CPU Emulator
In poster and demo session of The 21th JSSST Annual Conference, Tokyo Institute of Technology, Japan, September 2004.
(in Japanese)
Koichi Onoue
Development of a Mobile Computing System Based on a Virtual Machine
In poster session of The Third Summer Workshop on Systems for Programming and Applications (SPA-SUMMER 2004), Ito, Shizuoka, Japan, August 2004.
(in Japanese)
Yosuke Yokoyama
Integrating a Checkpointing Mechanism into SoftwarePot
In poster session of The Third Summer Workshop on Systems for Programming and Applications (SPA-SUMMER 2004), Ito, Shizuoka, Japan, August 2004.
(in Japanese)
Toshihiro Yoshino
Self-Repairing Toolkit Library
In poster session of The Third Summer Workshop on Systems for Programming and Applications (SPA-SUMMER 2004), Ito, Shizuoka, Japan, August 2004.
(in Japanese)
Yoshihiro Oyama
Optimization by Cooperation between Virtual Computing Environments and Applications
In poster session of The Third Summer Workshop on Systems for Programming and Applications (SPA-SUMMER 2004), Ito, Shizuoka, Japan, August 2004.
(in Japanese)
Koichi Onoue
Performance Evaluation of Virtual Machines
In poster session of The 7th Workshop on Systems for Programming and Applications (SPA 2004), Kamisuwa, Nagano, Japan, March 2004.
(in Japanese)
Yoshihiro Oyama
A Tool for Conjecturing Database in Intrusion Detection Systems from Timing Information
In poster session of The 7th Workshop on Systems for Programming and Applications (SPA 2004), Kamisuwa, Nagano, Japan, March 2004.
(in Japanese)
Koichi Onoue
Utilizing Type Systems for Efficient Memory Management of Virtual Machines
In poster session of The Second Summer Workshop on Systems for Programming and Applications (SPA-SUMMER 2003), Atami, Shizuoka, Japan, August 2003.
(in Japanese)

Theses

Hiroyuki Osumi
A Library for Replay-based Recovery
Senior Thesis, Department of Information Science, Faculty of Science, The University of Tokyo, February 2006.
Yosuke Yokoyama
Application-Specific Virtual Environments for Migration and Checkpointing
Master's Thesis, Department of Computer Science, Graduate School of Information Science and Technology, The University of Tokyo, February 2006.
Daisuke Shimamoto
Detecting Intrusions on Windows Operating Systems by Monitoring System Services
Senior Thesis, Department of Information Science, Faculty of Science, The University of Tokyo, February 2005.
Koichi Onoue
Design and Implementation of a Mobile Computing System Based on a CPU Emulator
Master's Thesis, Department of Computer Science, Graduate School of Information Science and Technology, The University of Tokyo, February 2005.
Yosuke Yokoyama
A Toolkit for Developing Extensible and Portable Checkpoint Systems
Senior Thesis, Department of Information Science, Faculty of Science, The University of Tokyo, February 2004.
Toshihiro Yoshino
Design and Implementation of a Self-Repairing Reference Monitor
Senior Thesis, Department of Information Science, Faculty of Science, The University of Tokyo, February 2004.

Press

NIKKEI BYTE, No. 270, "Kasoka no shotai", pp. 32-33, November 2005. (In Japanese)

IT Pro, Kisha no me, "Gattai" suru computer ha tsuyoi noka, October 31, 2005. (In Japanese)

Members

Core Members

Akinori Yonezawa (Professor)
Yoshihiro Oyama (Research Associate)
Kenji Kaneda (D3)
Masaaki Shimizu (D1)
Koichi Onoue (D1)
Yosuke Yokoyama (M2)
Daisuke Shimamoto (M1)
Dun Nan (M1)
Yoshiki Nishikawa (M1)
Hiroyuki Osumi (B4)

Observers

Toshiyuki Maeda (D3)
Toshihiro Yoshino (M2)

VINCS Project
(Virtual Infrastructure for Networked ComputerS)

Purpose

Approach

Challenges

Projects

Related Information

Publications

Papers

Posters, demos, work-in-progress presentations

Theses

Press

Members

Core Members

Observers

Meeting Schedule

Links

VINCS Project (Virtual Infrastructure for Networked ComputerS)

Purpose

Approach

Challenges

Projects

Related Information

Publications

Papers

Posters, demos, work-in-progress presentations

Theses

Press

Members

Core Members

Observers

Meeting Schedule

Links

VINCS Project
(Virtual Infrastructure for Networked ComputerS)