Performance of Virtual Machines Under Networked Denial of Service Attacks: Experiments and Analysis

Abstract

The use of virtual machines (VMs) to provide computational infrastructure and services to organizations is increasingly prevalent in the modern IT industry. The growing use of this technology has been driven by a desire to increase utilization of resources through server consolidation. Virtualization has also made the dream of such utility computing platforms as cloud computing a reality. Today, virtualization technologies can be found in almost every data center. However, it remains unknown whether the VMs are more vulnerable on external malicious attacks. If so, to what extent their performance degrades, and which virtualization technique has the closest to native performance? To this end, we devised a representative set of experiments to examine the performance of most typical virtualization techniques under typical denial-of-service (DoS) attacks. We show that, on a DoS attack, the performance of a web server hosted in a VM can degrade by up to 23%, while that of a nonvirtualized server hosted on the same hardware degrades by only 8%. Even with relatively light attacks, the file system and memory access performance of hypervisor-based virtualization degrades at a much higher rate than their nonvirtualized counterparts. We further examine the root causes of such degradation and our results shed new lights in enhancing the robustness and security of modern virtualization systems.