Theme: Cloud Computing & Data Infrastructures
Virtualization
(3 ECTS - 18h)
Prerequisite
- Introductory course (M1 level) on Operating Systems (OS) principles/design (for example, this course)
- [Optional] Elementary notions of Computer Architecture (Hardware-Software interface) and Assembly programming
Targeted skills
This course aims at providing a detailed knowledge of the isolation and virtualization techniques used in modern operating systems to support the key properties (e.g., security, safety, compatibility/portability, consolidation, adaptability) for the distributed software infrastructures used in many contexts, such as Cloud computing (and its variants like Edge computing and Fog computing), IoT (Internet of Things) and smart objects and mobile applications.
The main parts of the course are focused on two main topics: system-level virtualization (i.e., hypervisors and virtual machines) and containers. The primary purpose of the course is not to learn the usage of existing tools (e.g., how to install/use a hypervisor or a container engine) but rather to understand in depth how these technological bricks work (their roles, interfaces, internal design and implementation aspects), through the study of existing software systems and hardware platforms.
The target audience for this course encompasses students interested in engineering and/or research aspects in the following domains: operating systems, cybersecurity, distributed systems and applications, cloud computing, networking, parallel systems and applications, software engineering, embedded systems, hardware-software interface.
TThe professional careers and positions related to this course notably include: system/cloud architect, cybersecurity architect, DevOps/SRE engineer (and variant such as DevSecOps, MLOps), software engineer, industrial R&D engineer/manager, (academic or industrial) researcher.
Contents
The course is structured in 3 main parts (including an introduction encompassing a recap of the pre-requisites) and an extra chapter on broader topics.
Introduction:
- The hardware-software interface
- The OS application binary interface
- Monolithic kernel architectures (case study: Linux)
- Key high-level concepts and goals: virtualization, isolation, resource management, security, safety
System-level virtualization:
- Basic principles for CPU, memory and I/O virtualization
- Software-level techniques
- Hardware support for virtualization
- Paravirtualization
- Hypervisor architectures
- An overview of advanced topics: nested virtualization, live migration
OS containers:
- Basic principles and anatomy of OS-level containers
- OS ABI virtualization (e.g., zones/jails, namespaces, capabilities, syscall filtering)
- Container images & storage
- Resource control (e.g., Linux cgroups)
- Container runtimes: low-level and high-level layers
- Container tooling: deconstructing high-level multi-purpose tools (e.g., Docker, Podman)
Selected additional topics:
If time allows, the course will also provide an overview of one or several additional topics. Some of these topics may also be studied in the context of homework/project assignements. The list includes topics such as:
- Network & storage management for containers & virtual machines
- Microkernel-based OS & hypervisor designs for modularity and trusted computed base (TCB) reduction
- Software support for safe code plugins within kernels (e.g., eBPF)
- New hardware facilities for fine-grained isolation
- Trusted execution engines, secure enclaves, confidential computing
- An introduction to (hardware and software) side-channel attacks and some mitigation techniques
- …
Evaluation
- Session 1:
- Session 2: