Loading…

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Monday, July 6
 

14:00 CEST

Welcome & Opening Remarks
Monday July 6, 2020 14:00 - 14:15 CEST
Bucharest

14:15 CEST

Keynote Session: Xen Weather Report - George Dunlap, Citrix
Speakers
avatar for George Dunlap

George Dunlap

Principal Software Engineer, Citrix Systems R&D UK Ltd
George Dunlap worked with the Xen project while a graduate student at the University of Michigan before receiving his PhD in 2006, then worked as a core Xen developer for many years for Citrix's open-source team in Cambridge, England. He is now community manager and chairman of the... Read More →



Monday July 6, 2020 14:15 - 14:45 CEST
Bucharest
  Keynote Session

14:45 CEST

Keynote Session: Unikraft Weather Report - Felipe Huici, Sharan Santhanam & Simon Kuenzer, NEC Laboratories Europe GmbH
The Unikraft Xen Incubation Project has matured enormously over the past year. In this talk we will give a "weather report", touching on a number of the key new features of Unikraft, including support for a number of languages (C++, Go, Python, Web Assembly, Lua, JavaScript, Ruby), support for ARM64, netfront and frontblock drivers as well as a companion tool greatly simplifying the building and running of its images. Finally, we will present a number of performance measurements showcasing the benefits of using Unikraft guests, and we will touch upon a number of security features we're adding in order to hardened Unikraft.

Speakers
avatar for Simon Kuenzer

Simon Kuenzer

Senior Researcher, NEC Laboratories Europe GmbH
Simon is a systems researcher passionate about virtualization and Unikernels. He's been at NEC Labs for the past 8 years and has expertise in operating systems, virtualization, and networking. In addition, he is the lead maintainer of Unikraft, a Xen incubation project. Simon received... Read More →
avatar for Sharan Santhanam

Sharan Santhanam

Software Specialist, NEC Laboratories Europe GmbH
avatar for Felipe Huici

Felipe Huici

Chief Researcher, NEC Laboratories Laboratories GmbH
Felipe Huici is a chief researcher at NEC Europe Laboratories GmbH, CEO of the Unikraft.io start-up, and is passionate about high performance systems and lightweight virtualization.



Monday July 6, 2020 14:45 - 15:15 CEST
Bucharest
  Keynote Session

15:15 CEST

Break & Hallway Chats
Monday July 6, 2020 15:15 - 15:45 CEST
Hallway Track

15:45 CEST

Hypervisor File System - Current State and Future Use Cases - Jürgen Groß, SUSE
With the introduction of the Xen hypervisor filesystem (similar to Linux kernel's sysfs) a new stable ABI is being introduced for communicating parameter settings between the hypervisor and dom0. Juergen will present its current state and possible future use cases.

Speakers
avatar for Jürgen Groß

Jürgen Groß

Virtualization Engineer, SUSE
Jürgen is contributing to Xen since 2007. About 6 years ago he joined SUSE to work full time on Xen. He is maintainer of Xen code in the Linux kernel and has added multiple major features to the Xen hypervisor, which he presented on previous Xen summits.



Monday July 6, 2020 15:45 - 16:15 CEST
King Minhai I Park
  Breakout Session

15:45 CEST

VM Forking and Hypervisor-based Fuzzing - Tamas K Lengyel, Intel Corporation
In this talk we'll discuss Xen's new VM forking feature and the memory sharing subsystem it uses to achieve lightning-speed VM deployment. Forking a VM lends itself for use-cases where short-lived but identical VMs are useful, such as fuzzing. Using a hypervisor for fuzzing allows us to poke at code-locations that normally would be difficult or slow to fuzz, like the operating system itself. Without having to reboot the VM to recover it after a crash, fuzzing of the kernel and kernel modules can be achieved at great speed. We'll walk through the integration and harnessing required to start fuzzing a Linux kernel module using AFL on Xen. We'll further discuss other potential applications that are now achievable by combining Xen's VMI capability with VM forks.

Speakers
avatar for Tamas K Lengyel

Tamas K Lengyel

Senior Security Researcher, Intel
Tamas works as Senior Security Researcher at Intel. He received his PhD in Computer Science from the University of Connecticut where he built hypervisor-based malware-analysis and collection tools. In his free time he is maintainer of the Xen Project Hypervisor's VMI subsystem, LibVMI... Read More →



Monday July 6, 2020 15:45 - 16:15 CEST
Cismigiu Gardens
  Breakout Session

16:15 CEST

Break and Hallway Chats
Monday July 6, 2020 16:15 - 16:45 CEST
Hallway Track

16:45 CEST

Design Session - How best to upstream Bareflank's implementation of the Xen VMM into the Xen Project
Assured Information Security, Inc. has been working on a new implementation of the Xen VMM (i.e., just the root component of the Xen hypervisor) using Bareflank/Boxy (https://github.com/Bareflank/hypervisor). The goals of this VMM include the ability to reload the hypervisor without having to reboot, support for a Windows Dom0 (or any Dom0 really), removal of the Xen scheduling and power management code and instead using the scheduler and power management logic built into the Dom0 kernel, and removal of PV support in favor of a pure PVH/HVM implementation. Although there is still a lot of work to do, we can demonstrate this capability today. The goal of this design session is to discuss the design of our new approach, ways in which we can improve it, and ultimately how best to upstream our work into the Xen Project.

To submit a design session or vote on which design sessions you’d like to see, go to https://design-sessions.xenproject.org/

Monday July 6, 2020 16:45 - 17:30 CEST
Palace of Parliament

17:30 CEST

[TALK] Xen System Boot: Launching VMs (DomB)
A presentation of progress towards building DomB: a new mode of starting Xen with guest workloads launched at host boot - including support for x86 platforms, system disaggregation and running without dom0, and architecture to support measurement of system launch. This talk is to be followed by a separate Design Session to discuss forward direction and topics identified during building the initial prototype work.

To submit a design session or vote on which design sessions you’d like to see, go to https://design-sessions.xenproject.org/


Monday July 6, 2020 17:30 - 18:15 CEST
Palace of Parliament
  Design Session

18:15 CEST

Break & Hallway Chats
Monday July 6, 2020 18:15 - 18:45 CEST
Hallway Track

18:45 CEST

VM Forking and Hypervisor-based Fuzzing - Tamas K Lengyel, Intel Corporation (Rerecording of Session)
In this talk we'll discuss Xen's new VM forking feature and the memory sharing subsystem it uses to achieve lightning-speed VM deployment. Forking a VM lends itself for use-cases where short-lived but identical VMs are useful, such as fuzzing. Using a hypervisor for fuzzing allows us to poke at code-locations that normally would be difficult or slow to fuzz, like the operating system itself. Without having to reboot the VM to recover it after a crash, fuzzing of the kernel and kernel modules can be achieved at great speed. We'll walk through the integration and harnessing required to start fuzzing a Linux kernel module using AFL on Xen. We'll further discuss other potential applications that are now achievable by combining Xen's VMI capability with VM forks.

To submit a design session or vote on which design sessions you’d like to see, go to https://design-sessions.xenproject.org/

Speakers
avatar for Tamas K Lengyel

Tamas K Lengyel

Senior Security Researcher, Intel
Tamas works as Senior Security Researcher at Intel. He received his PhD in Computer Science from the University of Connecticut where he built hypervisor-based malware-analysis and collection tools. In his free time he is maintainer of the Xen Project Hypervisor's VMI subsystem, LibVMI... Read More →



Monday July 6, 2020 18:45 - 19:30 CEST
Palace of Parliament
  Design Session

19:30 CEST

Closing Remarks
Monday July 6, 2020 19:30 - 19:45 CEST
Bucharest
 
Tuesday, July 7
 

14:00 CEST

Welcome Back & Check-In
Tuesday July 7, 2020 14:00 - 14:15 CEST
Bucharest

14:15 CEST

Keynote: Your Self Driving Car is Awesome....Because of Open Source Software like Xen! - Robin Randhawa, ARM
Vehicle Autonomy is the new frontier for many intersecting technologies. The Arm architecture is at the forefront of many initiatives that are aiming to commoditise Vehicle Autonomy at scale. At Arm, we like to find ways to make our partners build better products. For a while now, Arm has been analysing the myriad design and development patterns used by our large partner ecosystem in the Vehicle Autonomy space. That analysis has led to some intriguing realisations about the role of open source software and the prominence of techniques like system Virtualization. In this presentation, Robin Randhawa from Arm will share some of those learnings and highlight important emerging trends that projects like Xen will need to consider.

Speakers
avatar for Robin Randhawa

Robin Randhawa

Technical Director For Software Architecture, Arm
Having been with Arm for almost 13 years, Robin has worked in a number of different technical roles spanning research into operating system design, through to optimising open source software for Arm and on to software safety techniques for Vehicle Autonomy control. Some of the key... Read More →



Tuesday July 7, 2020 14:15 - 14:45 CEST
Bucharest
  Keynote Session

14:45 CEST

Arm Contributions to Xen Based Safety Systems - Bertrand Marquis, Arm Ltd
In this session we will present the Autonomy reference stack and the safety island concept.
We will first describe the autonomy stack, a Yocto based collection of layers providing a way to create a Xen based virtualized autonomous system.
We will then focus on explaining the Safety island concept which aims to replace Xen Dom0 by an RTOS (or an application) running without Xen underneath.

Speakers
avatar for Bertrand Marquis

Bertrand Marquis

Principal Software Engineer, Arm Ltd
I have been working for Arm as Principal Software Engineer since mid-2019 focusing on Safety systems (automotive and robotics) needs and working with Xen and Yocto.In the past I worked mainly on developing a proprietary RTOS certified for avionic systems named PikeOS for Sysgo AG... Read More →



Tuesday July 7, 2020 14:45 - 15:15 CEST
King Minhai I Park
  Breakout Session

14:45 CEST

Heisenbug Handling in Xen Project CI - Ian Jackson, Citrix
Some of our software has intermittent faults. Currently osstest (the Xen Project CI) tolerates these, allowing code through if it passes on retest.

Our development workflow and project structure relies on making bugs into blockers for furture development, to ensure they get enough attention. So heisenbugs can and do accumulate.

Heisenbugs are real bugs. Additionally they cause noise in CI reports and waste testing resources and are generally a nuisance.

In this talk I will discuss possible strategies for making heisenbugs into blockers. All of these strategies have downsides, but it seems essential to make a change in this direction.

 In this talk I will present a set of possible changes, including discussion of their benefits and downsides, so that we can collectively decide what to do.

Speakers
IJ

Ian Jackson

Xen Committer, Citrix
Ian is a longstanding contributor to the Xen Project, working for Citrix as Xen committer, maintainer, security team member, CI system owner, etc.  Ian's other interests include a strong connection to the Debian Project.



Tuesday July 7, 2020 14:45 - 15:15 CEST
Cismigiu Gardens
  Breakout Session

15:15 CEST

Break & Hallway Chats
Tuesday July 7, 2020 15:15 - 15:30 CEST
Hallway Track

15:45 CEST

Running Xen without the Direct Map - Hongyan Xia & David Woodhouse, Amazon
With the rising number of speculation vulnerabilities in CPUs, it is time we rethink the design of Xen and restrict the attack surface as much as possible to defend against potential vulnerabilities in the future (defense-in-depth).
The Xen Summit last year proposed Secret-Free hypervisor and provided a roadmap for the goal.
This talk highlights how one of the two major goals, direct map removal, has been achieved in Xen.

This talk describes the steps necessary to remove the direct map, and how this can be achieved in a practical and much less intrusive way. The result is that we are able to remove a major attack surface with negligible performance impact.

Speakers
DW

David Woodhouse

Principal Kernel Engineer, Amazon
Blank
avatar for Hongyan Xia

Hongyan Xia

Kernel/Hypervisor Engineer, AWS
Hongyan Xia is a Kernel/Hypervisor Engineer in the Amazon UK Cambridge EC2 team, working on the Secret-Free Hypervisor and Xen Live Update projects. Before joining Amazon, he obtained his PhD from the University of Cambridge, and worked on the Cambridge CHERI platform as well as the... Read More →



Tuesday July 7, 2020 15:45 - 16:15 CEST
King Minhai I Park
  Breakout Session

15:45 CEST

Xen PV Block in U-Boot - Anastasiia Lukianenko
In this talk I will explain the benefits of having generic guest bootloader in embedded systems running Xen, what are the differences from traditional Xen guest boot process when dom0 loads guests’ kernels directly. I will explain features of a bootloader that enable customization of guest loading process such as Device Tree overlays and boot scripts.
As we target Arm64 platforms, we have implemented the generic boot process of guests using u-boot. Xen support for u-boot was implemented by porting NXP’s Xen serial driver and some MiniOS drivers: PV Block device front, grant table, event channel and xenbus; to simplify further development we have introduced integrated ‘xenguest_arm64’ u-boot target. I will cover this implementation in details.

Speakers
avatar for Anastasiia Lukianenko

Anastasiia Lukianenko

Embedded Software Engineer, EPAM
Anastasiia Lukianenko is a software engineer with 4 years of experience in automotive and embedded projects, dealing mostly with Linux kernel, Xen and U-boot. Anastasiia has various contributions in U-boot and Android OS development. In the beginning of 2020 Anastasiia started to... Read More →



Tuesday July 7, 2020 15:45 - 16:15 CEST
Cismigiu Gardens
  Breakout Session

16:15 CEST

Break & Hallway Chats
Tuesday July 7, 2020 16:15 - 16:45 CEST
Hallway Track

16:45 CEST

Design Session - Next steps for Xen system boot: launching VMs (DomB)
To discuss next steps and forward direction for DomB development, and related topics identified during building the initial prototype. (This design session follows on from the related proposed talk on DomB, where the objectives, design and prototype built so far will be presented.)

To submit a design session or vote on which design sessions you’d like to see, go to https://design-sessions.xenproject.org/

Tuesday July 7, 2020 16:45 - 17:30 CEST
Palace of Parliament

17:30 CEST

Design Session - Gitlab CI Loop: Continued improvement
The Gitlab CI loop has been quite useful in catching build failures on different systems. But development work has somewhat stalled. The goal of this session is to detail more improvements to the CI loop, hopefully in a way that would allow us to offload at least some of the work to devops teams at one of our member companies. Off the top of my head, this includes: * A reorganization of which distros are tested, and a mechanism to keep the distro images up to date * Work to have the CI loop automatically pull & test patches from the mailing list (perhaps via patchew)

To submit a design session or vote on which design sessions you’d like to see, go to https://design-sessions.xenproject.org/

Tuesday July 7, 2020 17:30 - 18:15 CEST
Palace of Parliament

18:15 CEST

Break & Hallway Chats
Tuesday July 7, 2020 18:15 - 18:45 CEST
Hallway Track

18:45 CEST

Design Session - Xen PCI device passthrough support on Arm
Discuss of the current implementation and how some problems could be solved: - dom0less support - PCI enumeration - others ?

To submit a design session or vote on which design sessions you’d like to see, go to https://design-sessions.xenproject.org/

Tuesday July 7, 2020 18:45 - 19:30 CEST
Palace of Parliament

19:30 CEST

Closing Remarks
Tuesday July 7, 2020 19:30 - 19:45 CEST
Bucharest
 
Wednesday, July 8
 

14:00 CEST

Welcome Back & Check-In
Wednesday July 8, 2020 14:00 - 14:15 CEST
Bucharest

14:15 CEST

Design Session - [TALK] Reliable Platform Security: Xen and the Fidelis Platform for Hardened Access Terminals (HAT)
At PSEC 2019, Apertus presented the Hardened Access Terminal (HAT) Security Architecture, based on principles of isolation and least privilege. HAT depends on hardware capabilities which are typically managed by hypervisors. While HAT is hypervisor agnostic, Xen Project's design for a flexible, independent, bare-metal hypervisor has made Xen the most advantageous hypervisor for implementing HAT. In this session Apertus will host discussion on the role of Xen in Apertus Fidelis Platform, a commercial derivative of OpenXT that is being extended to deliver the HAT Security Architecture. Fidelis will anchor a commercial ecosystem to build upon the principles of the HAT Architecture. Apertus is working with commercial partners and the Xen Project to architect features like TrenchBoot, DomB, and other HAT capabilities with Open Source Xen, while delivering an integrated solution with Fidelis as a commercially supported exemplar for the deployment of hardware-based security.

To submit a design session or vote on which design sessions you’d like to see, go to https://design-sessions.xenproject.org/


Wednesday July 8, 2020 14:15 - 15:00 CEST
Palace of Parliament

15:00 CEST

Design Session - [TALK] Xen system boot attestation with DRTM and TPM2
This presentation will show the progress on developing TrenchBoot, an open-source implementation of DRTM, and how Xen hypervisor fits into the TrenchBoot project. An architecture comprising of purely open-source software beginning with firmware (coreboot), bootloader (GRUB) and virtualized operating system (Xen + Dom0) is being attested using the TPM 2.0. The solution intends to protect and verify the integrity of the software stack by leveraging elements of safeboot (check out safeboot.dev) and dm-verity.

To submit a design session or vote on which design sessions you’d like to see, go to https://design-sessions.xenproject.org/

Wednesday July 8, 2020 15:00 - 15:45 CEST
Palace of Parliament

15:45 CEST

Break & Hallway Chats
Wednesday July 8, 2020 15:45 - 16:15 CEST
Hallway Track

16:15 CEST

Design Session - Hypervisor Team: Refactoring THE REST / Committer / Leadership Team
At the moment, the following three thing are linked together: * Maintainer of THE REST * Being allowed to commit changes to xen.git * Being on the Hypervisor "leadership team" But this is sub-optimal in a number of ways: It means lots of people get email about THE REST which they don't particularly care about; and it means nobody can be given committ access without also adding them to the leadership team (and vice versa). This topic will discuss a possible refactoring of these.

To submit a design session or vote on which design sessions you’d like to see, go to https://design-sessions.xenproject.org/

Wednesday July 8, 2020 16:15 - 17:00 CEST
Palace of Parliament

17:00 CEST

Break & Hallway Chats
Wednesday July 8, 2020 17:00 - 17:30 CEST
Hallway Track

17:30 CEST

Reference Counting in Xen: An Introduction - George Dunlap, Citrix
Xen's basic reference counting system was described in their original paper from 2003. But it has been incrementally modified to add more features over the years, and a similar overall description has not been updated.

This talk will start at the beginning, presenting the basic concepts behind reference counting, and slowly building up the special cases and the purposes behind them.

Speakers
avatar for George Dunlap

George Dunlap

Principal Software Engineer, Citrix Systems R&D UK Ltd
George Dunlap worked with the Xen project while a graduate student at the University of Michigan before receiving his PhD in 2006, then worked as a core Xen developer for many years for Citrix's open-source team in Cambridge, England. He is now community manager and chairman of the... Read More →



Wednesday July 8, 2020 17:30 - 18:00 CEST
King Minhai I Park
  Breakout Session

17:30 CEST

Security Solutions Thrive on Friendly Hypervisors, so here's one - Raul Tosa & Daniel Ticle, Bitdefender
Security solutions like Hypervisor Memory Introspection (HVMI) require dedicated hypervisor support. One example is the possibility to apply specific memory permissions to certain memory pages, and to be notified when the guest OS tries to violate those permissions. During development of HVMI technology, Bitdefender required a hypervisor that was developed in-house, codenamed Napoca, which could be quickly and easily adapted for HVMI requirements. As a "how-to" hypervisor support model, the authors are announcing the release of its entire source code to the open-source community with the hope that it will serve as inspiration for future HVMI-related functionality in Xen Hypervisor. The authors will reveal a set of features that are absent from, and should be ported to, Xen Hypervisor.

Speakers
DT

Daniel Ticle

Senior Team Lead, Bitdefender
With almost a decade of experience in kernel and hypervisor development, Daniel is currently leading a virtualization security team at Bitdefender. He's also PhD student in Computer Science at Babes-Bolyai University of Cluj-Napoca.
avatar for Raul Tosa

Raul Tosa

Senior Manager, Bitdefender
Raul has been working with Bitdefender since 2005, building a strong technical background in fields like malware research, kernel driver development and virtualization. In the past years he's been researching how hardware virtualization technologies can be leveraged to strengthen... Read More →



Wednesday July 8, 2020 17:30 - 18:00 CEST
Cismigiu Gardens
  Breakout Session

18:00 CEST

vglass - An introduction and Roadmap - Brendan Kerrigan, AIS
vglass is the open source successor to the previously presented "Display Handler". It is a flexible display and input backend for interactive Xen guests, along with supporting drivers for multi-monitor guest support in Linux and Windows 10. It features multi-touch and pen tablet support, flexible mult-imonitor configuration including GPU pass-through, and various configurable out of band overlays to display non-guest information, such as battery level and time. The project will be introduced, demonstrated, and it's roadmap for future development presented.

Speakers
BK

Brendan Kerrigan

Principal Engineer, Assured Information Security, Inc.
Brendan Kerrigan is a principal engineer at AIS, where he specializes in hypervisor development, graphics virtualization, and embedded development.



Wednesday July 8, 2020 18:00 - 18:30 CEST
Cismigiu Gardens
  Breakout Session

18:00 CEST

Xen Cache Coloring: Interference-free Real-time Virtualization - Stefano Stabellini, Xilinx
Deterministic IRQ latency is a hard requirement for many embedded deployments. Even small spikes lead to failure. No matter the activity in other VMs, the latency-sensitive app has to continue unaffected.

Xen can fully dedicate physical CPUs to VMs to minimize latency and interference. However, real-time deadlines can still be missed due to the presence of a shared L2 cache across the ARM cores. One app on one CPU core can affect the performance of another app in a different VM by causing cache interference.

The solution is cache coloring. This presentation will introduce the new Xen feature to achieve deterministic latency on ARM systems. Cache coloring enables memory allocations with entirely dedicated cache line entries. The presentation will show how to configure a cache coloring Xen deployment and will demonstrate its benefits with detailed latency measurements and live demos.

Speakers
avatar for Stefano Stabellini

Stefano Stabellini

Principal Engineer, Xilinx
Stefano Stabellini serves as system software architect and virtualization lead at Xilinx, the world's largest supplier of FPGA solutions. Previously, at Aporeto, he created a virtualization-based security solution for containers and authored several security articles. As Senior Principal... Read More →



Wednesday July 8, 2020 18:00 - 18:30 CEST
King Minhai I Park

18:30 CEST

Break & Hallway Chats
Wednesday July 8, 2020 18:30 - 19:00 CEST
Hallway Track

19:00 CEST

Control-flow Enforcement Technology, and Xen Supervisor Shadow Stacks - Andrew Cooper, Citrix
A look at the CET specification and features, and some of the challenges adapting Xen to use it.

Speakers
AC

Andrew Cooper

Staff Software Engineer, Citrix
Andrew is a senior software engineer working in the Ring0 team for the Citrix Hypervisor. Upstream, he is an x86 hypervisor maintainer, committer, and a member of the Xen security team.


cetss pdf

Wednesday July 8, 2020 19:00 - 19:30 CEST
Cismigiu Gardens

19:00 CEST

Xen Hosting: Running Servers in Production - Larry Sawyer, Sawyer Networks
Stories and lessons from five years of running a business on Xen at Sawyer Networks: a perspective on practical experiences of building, debugging and running Xen, XenServer and Xen Orchestra systems to host customer workloads in production.

Speakers
LS

Larry Sawyer

Owner, Sawyer Networks
Larry Sawyer is the owner of Sawyer Networks, based out of Hillsboro, OR, and brings 24 years of professional IT support experience to the table. He strives to develop the ultimate in flexible cloud services to the SMB market.



Wednesday July 8, 2020 19:00 - 19:30 CEST
King Minhai I Park
  Breakout Session

19:30 CEST

Closing Remarks
Wednesday July 8, 2020 19:30 - 19:45 CEST
Bucharest
 
Thursday, July 9
 

14:00 CEST

Welcome Back & Check-In
Thursday July 9, 2020 14:00 - 14:15 CEST
Bucharest

14:15 CEST

Design Session - x86 instruction emulation in Rust in userspace
MSFT is toying with this idea. This can be potentially useful to Xen as well. See also https://patchwork.kernel.org/cover/11389953/

To submit a design session or vote on which design sessions you’d like to see, go to https://design-sessions.xenproject.org/

Thursday July 9, 2020 14:15 - 15:00 CEST
Palace of Parliament

15:00 CEST

Design Session - Gitlab based development flow
Discuss whether it makes sense to switch from mailing list based development to Gitlab based development.

To submit a design session or vote on which design sessions you’d like to see, go to https://design-sessions.xenproject.org/

Thursday July 9, 2020 15:00 - 15:45 CEST
Palace of Parliament

15:45 CEST

Break & Hallway Chats
Thursday July 9, 2020 15:45 - 16:15 CEST
Hallway Track

16:15 CEST

Design Session - Xen on RISC-V
This is a discussion about Xen running on the RISC-V Hypervisor extensions. The RISC-V Hypervisor extensions (currently at draft v0.6.1) are getting close to being frozen. There is currently support for QEMU emulation, KVM, QEMU/KVM and Xvisor. It would be great to have Xen support as well. This has been discussed at a previous Xen talk (see here: https://wiki.xenproject.org/wiki/Design_Sessions_2019#Xen_on_RISC-V) but not much has happened since then on the Xen side. Meanwhile the spec has been greatly improved and KVM support has emerged (although not yet been merged upstream). RFC patches have been sent to the list: https://lists.xenproject.org/archives/html/xen-devel/2020-01/msg01731.html

To submit a design session or vote on which design sessions you’d like to see, go to https://design-sessions.xenproject.org/

Thursday July 9, 2020 16:15 - 17:00 CEST
Palace of Parliament

16:15 CEST

Design Session - XenSockets on Unikraft
XenSockets[0] provided PV OSes with a lightweight Inter-VM-Communication (IVMC) channel via shared memory region through a new socket family (`AF_XEN`). The design addressed the overhead incurred by additional processing via the TCP/IP stack and required minor adaption to existing codebases. Since then, the development of Unikernels has allowed for an order of magintude number of VM guests on a single tenant compared to traditional monolithic OSes which has leld to new usecases requiring such lightweight communication mechanisms. In this design session, we invite an open and collaborative discussion on: * the design and implementation within the Unikraft SDK[1] to provide this socket abstraction in order to achieve IVMC of unikernels with minimal application alteration; * applications and their use cases for this communication channel; and, * comparisons against existing systems. [0]: https://link.springer.com/content/pdf/10.1007/978-3-540-76778-7_10.pdf [1]: http://unikraft.org

To submit a design session or vote on which design sessions you’d like to see, go to https://design-sessions.xenproject.org/

Thursday July 9, 2020 16:15 - 17:00 CEST
Palatul Primăverii

17:00 CEST

Break & Hallway Chats
Thursday July 9, 2020 17:00 - 17:30 CEST
Hallway Track

17:30 CEST

Design Session - Improvements for Go bindings
A fairly open-ended discussion about improvements and future work to the Go bindings. Some possible topics: 1. Expanding IDL support for functions like device_add/remove to allow generating trivial wrappers 2. Implementing domain unpause/destruction capabilities 3. Go module "hosting" Any discussion aimed at improving the Go bindings is welcome.

Thursday July 9, 2020 17:30 - 18:15 CEST
Manuc's Inn

17:30 CEST

Design Session - Xen FuSA SIG present and future
We will first shortly present what is currently done by the FuSa group around Xen and Certification and then discuss what could be done in the future. Possible areas of discussions: * How and where to write requirements for Xen * How and where to write documentation for Xen (that could be turned into requirements) * Handling of the mailing list (tracking requirements, bugs, etc) * Other subjects....

To submit a design session or vote on which design sessions you’d like to see, go to https://design-sessions.xenproject.org/

Thursday July 9, 2020 17:30 - 18:15 CEST
Palace of Parliament

17:30 CEST

Design Session - Xen hypfs further ideas
During my presentation of hypfs there was a demand for a design session covering future use cases. Here it is. :-)

To submit a design session or vote on which design sessions you’d like to see, go to https://design-sessions.xenproject.org/

Thursday July 9, 2020 17:30 - 18:15 CEST
Palatul Primăverii

18:15 CEST

Break & Hallway Chats
Thursday July 9, 2020 18:15 - 18:30 CEST
Hallway Track

18:30 CEST

Into the Belly of the Beast: The Secrets of an Introspection Engine - Mihai Dontu & Andrei Lutas, Bitdefender
Hypervisor Memory Introspection is a technique used for protecting virtual machines by leveraging the VMI features of hypervisors. Over the past 8 years, Bitdefender researchers developed - from scratch - an HVI technology and very recently open-sourced it, thus creating the first fully functional, commercial grade, open-source memory introspection technology. HVI works with the existing Xen and KVM hypervisors and is capable of protecting both Windows and Linux guest VMs against advanced attacks such as EternalBlue, BlueKeep, DirtyCoW and various other zero-days in common applications. In this talk, you will learn about the newly open-sourced HVI technology: how it works, how it integrates with existing hypervisors, how it achieves protection of virtual machines, performance figures, use-cases, and, ultimately, how security researchers can start contributing.

Speakers
MD

Mihai Donțu

Engineering Manager, Bitdefender
I lead the Linux development team at Bitdefender and I am currently involved in integrating our HVI technology with open source hypervisors like Xen and KVM
AL

Andrei Lutas

Senior Team Lead, Bitdefender SRL
Andrei joined Bitdefender in October 2008, as a junior virus researcher. Initial responsibilities included reverse engineering of malicious samples, adding signatures for malicious files, developing disinfection routines and developing code-similarity methods and systems. He joined... Read More →



Thursday July 9, 2020 18:30 - 19:00 CEST
Cismigiu Gardens
  Breakout Session

18:30 CEST

Live Upgrading QEMU - Bjoern Doebel, Amazon Web Services
When operating a large installation of cloud servers, we regularly need to upgrade software for bugfixes, configuration changes, and security issues. For core Xen components like the hypervisor or QEMU, hosts or virtual machines require a reboot or live migration to pick up latest software changes. From a guest user perspective, these reboots are disruptive and should be avoided as much as possible.

In this talk I am going to discuss two options for fixing bugs in QEMU without requiring guest reboots. I will convince the audience that the fairly manual approach of poking at specific bytes in memory is something that can barely be done in a large-scale production system. I will then introduce a live-upgrade mechanism for QEMU that allows us to restart all QEMU processes into the latest installed version without affecting the Xen guest associated with a QEMU process.

Speakers
BD

Bjoern Doebel

Software Engineer, Amazon Web Services
Bjoern obtained a PhD in operating systems from TU Dresden, Germany, in 2014. He then joined Amazon's Kernel and Operating Systems team and has been dabbling in hypervisor security and operating cloud environments ever since.



Thursday July 9, 2020 18:30 - 19:00 CEST
King Minhai I Park
  Breakout Session

19:00 CEST

Go and libxl: How we Used the libxl IDL to Generate Go Bindings - Nick Rosbrook, Assured Information Security, Inc.
Often when developing software in high-level languages, we reach a point where we need bindings for a library written in a lower-level language, especially C. In this talk, I will discuss the need for Go bindings for libxl, and describe my experiences writing them over the last year. Topics will include cgo – Go’s interface to call C code, how the Python-based libxl IDL can be used to write bindings, and the fun I had using Python to generate Go code. Finally, I will talk about how these bindings are being used in redctl, a Xen toolstack for Redfield written in Go.

Speakers
NR

Nick Rosbrook

Software Engineer, Assured Information Security, Inc.
Nick Rosbrook is a software engineer at Assured Information Security, Inc., where he works on wireless networking, IPsec, and virtualization. He enjoys working on open source projects, especially Redfield, StrongSwan, and Xen.



Thursday July 9, 2020 19:00 - 19:30 CEST
King Minhai I Park

19:00 CEST

Performance Analysis of the pvshim - Roger Pau Monné, Citrix Systems R&D
This talk will explain the methods used to evaluate the performance of the pvshim and find the bottlenecks in order to fix and improve them. The methodology and tools used in order to perform this analysis is also applicable to other guests, and can be used to find performance bottlenecks.

Speakers
avatar for Roger Pau Monné

Roger Pau Monné

Software Engineer, Citrix
Roger Pau Monné is a Software Engineer at Citrix. He is currently working on hypervisor related topics most of the time. Apart from contributing to Xen he is also a FreeBSD developer and contributes to other Xen-related projects, like the Linux kernel and QEMU.


talk 1 pdf

Thursday July 9, 2020 19:00 - 19:30 CEST
Cismigiu Gardens
  Breakout Session

19:30 CEST

Closing Remarks
Thursday July 9, 2020 19:30 - 19:45 CEST
Bucharest
 
  • Timezone
  • Filter By Date Xen Developer & Design Virtual Summit 2020 Jul 6 - 9, 2020
  • Filter By Venue Bucharest, Romania
  • Filter By Type
  • Break
  • Breakout Session
  • Closing Remarks
  • Design Session
  • Keynote Session
  • Session Slides