K. Adams and O. Agesen, A comparison of software and hardware techniques for x86 virtualization, Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, pp.2-13, 2006.

N. Agarwal and T. F. Wenisch, Thermostat: Application-transparent page management for two-tiered main memory, Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems, pp.631-644, 2017.

N. Amit, D. Tsafrir, and A. Schuster, Vswapper: a memory swapper for virtualized environments, Architectural Support for Programming Languages and Operating Systems, ASPLOS '14, pp.349-366, 2014.

J. Andrus, C. Dall, A. V. Hof, O. Laadan, and J. Nieh, Cells: a virtual mobile smartphone architecture, Proceedings of the 23rd ACM Symposium on Operating Systems Principles, pp.173-187, 2011.

A. Arcangeli, I. Eidus, and C. Wright, Increasing memory density by using ksm, Proceedings of the linux symposium, pp.19-28, 2009.

M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H. Katz et al., A view of cloud computing, Commun. ACM, vol.53, issue.4, pp.50-58, 2010.

L. A. Belady, A study of replacement algorithms for virtual-storage computer, IBM Systems Journal, vol.5, issue.2, pp.78-101, 1966.

L. A. Belady, R. A. Nelson, and G. S. Shedler, An anomaly in space-time characteristics of certain programs running in a paging machine, Commun. ACM, vol.12, issue.6, pp.349-353, 1969.

M. Ben-yehuda, J. Mason, J. Xenidis, O. Krieger, L. Van-doorn et al., Utilizing iommus for virtualization in linux and xen, OLS'06: The 2006 Ottawa Linux Symposium, pp.71-86, 2006.

E. W. Biederman and L. Networx, Multiple instances of the global linux namespaces, Proceedings of the Linux Symposium, vol.1, pp.101-112, 2006.

A. Blin, Vers une utilisation efficace des processeurs multi-coeurs dans des systèmes embarqués à criticités multiples. (towards an efficient use of multicore processors in mixed criticality embedded systems), 2017.

D. Carver, J. Sopena, and S. Monnet, ACDC: advanced consolidation for dynamic containers, 16th IEEE International Symposium on Network Computing and Applications, NCA 2017, pp.253-260, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01673304

C. Cowan, S. Beattie, G. Kroah-hartman, C. Pu, P. Wagle et al., Subdomain: Parsimonious server security, pp.355-368, 2000.

P. J. Denning, The working set model for program behavior, Communications of the ACM, vol.11, issue.5, pp.323-333, 1968.

Y. Dong, Z. Yu, and G. Rose, SR-IOV networking in xen: Architecture, design and implementation, First Workshop on I/O Virtualization, WIOV'08, 2008.

M. A. Eriksen, Trickle: A userland bandwidth shaper for unix-like systems, Proceedings of the FREENIX Track: 2005 USENIX Annual Technical Conference, pp.61-70, 2005.

W. Felter, A. Ferreira, R. Rajamony, and J. Rubio, An updated performance comparison of virtual machines and linux containers, 2015 IEEE International Symposium on Performance Analysis of Systems and Software, pp.171-172, 2015.

J. Gandhi, A. Basu, M. D. Hill, and M. M. Swift, Badgertrap: a tool to instrument x86-64 TLB misses, SIGARCH Computer Architecture News, vol.42, issue.2, pp.20-23, 2014.

R. Ghosh and V. K. Naik, Biting off safely more than you can chew: Predictive analytics for resource over-commit in iaas cloud, 2012 IEEE Fifth International Conference on Cloud Computing, pp.25-32, 2012.

R. P. Goldberg and R. Hassinger, The double paging anomaly, American Federation of Information Processing Societies: 1974 National Computer Conference, vol.43, pp.195-199, 1974.

S. E. Hallyn and A. G. Morgan, Linux capabilities: Making them work, Linux Symposium, vol.8, 2008.

S. Jiang, F. Chen, and X. Zhang, Clock-pro: An effective improvement of the CLOCK replacement, Proceedings of the 2005 USENIX Annual Technical Conference, pp.323-336, 2005.

S. Jiang and X. Zhang, LIRS: an efficient low inter-reference recency set replacement policy to improve buffer cache performance, Proceedings of the International Conference on Measurements and Modeling of Computer Systems, SIGMETRICS 2002, pp.31-42, 2002.

, Token-ordered LRU: an effective page replacement policy and its implementation in linux systems, Perform. Eval, vol.60, issue.1-4, pp.5-29, 2005.


T. Johnson and D. E. Shasha, 2q: A low overhead high performance buffer management replacement algorithm, Proceedings of 20th International Conference on Very Large Data Bases, pp.439-450, 1994.

P. Kocher, D. Genkin, D. Gruss, W. Haas, M. Hamburg et al., Spectre attacks: Exploiting speculative execution, CoRR, 2018.

G. M. Kurtzer, V. Sochat, and M. W. Bauer, Singularity: Scientific containers for mobility of compute, PloS one, vol.12, issue.5, p.177459, 2017.

M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas et al., , 2018.

M. Lorrillere, Caches collaboratifs noyau adaptés aux environnements virtualisés. (A kernel cooperative cache for virtualized environments), 2016.

M. Lorrillere, J. Sopena, S. Monnet, and P. Sens, Puma: pooling unused memory in virtual machines for I/O intensive applications, Proceedings of the 8th ACM International Systems and Storage Conference, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01154566


P. Loscocco and S. Smalley, Integrating flexible support for security policies into the linux operating system, Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, pp.29-42, 2001.

J. Lozi, B. Lepers, J. R. Funston, F. Gaud, V. Quéma et al., The linux scheduler: a decade of wasted cores, Proceedings of the Eleventh European Conference on Computer Systems, vol.1, pp.1-1, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01295194

P. Lu, Y. C. Lee, V. Gramoli, L. M. Leslie, and A. Y. Zomaya, Local resource shaper for mapreduce, IEEE 6th International Conference on Cloud Computing Technology and Science, pp.483-490, 2014.

F. Manco, C. Lupu, F. Schmidt, J. Mendes, S. Kuenzer et al., My VM is lighter (and safer) than your container, Proceedings of the 26th Symposium on Operating Systems Principles, pp.218-233, 2017.

S. Mccanne and V. Jacobson, The BSD packet filter: A new architecture for user-level packet capture, Proceedings of the Usenix Winter 1993 Technical Conference, pp.259-270, 1993.

P. J. Mucci, S. Browne, C. Deane, and G. Ho, Papi: A portable interface to hardware performance counters, Proceedings of the department of defense HPCMP users group conference, vol.710, 1999.

P. Padala, X. Zhu, Z. Wang, S. Singhal, and K. G. Shin, Performance evaluation of virtualization technologies for server consolidation, HP Labs Tec. Report, vol.1, 2007.

G. J. Popek, R. P. Goldberg-;-thomas, J. Watson, and R. Center, Formal requirements for virtualizable third generation architectures, Proceedings of the Fourth Symposium on Operating System Principles, SOSP 1973, p.121, 1973.

M. Quaritsch and T. Winkler, Linux security modules enhancements: Module stacking framework and tcp state transition hooks for state-driven nids, Secure Information and Communication, vol.7, pp.7-13, 2004.

N. Regola and J. Ducom, Recommendations for virtualization technologies in high performance computing, Cloud Computing, Second International Conference, pp.409-416, 2010.

R. Russell, virtio: towards a de-facto standard for virtual I/O devices, Operating Systems Review, vol.42, issue.5, pp.95-103, 2008.

J. H. Saltzer and M. D. Schroeder, The protection of information in computer systems, Proceedings of the IEEE, vol.63, issue.9, pp.1278-1308, 1975.


P. Sharma, L. Chaufournier, P. J. Shenoy, and Y. C. Tay, Containers and virtual machines at scale: A comparative study, Proceedings of the 17th International Middleware Conference, p.1, 2016.

S. Soltesz, H. Pötzl, M. E. Fiuczynski, A. C. Bavier, and L. L. Peterson, Containerbased operating system virtualization: a scalable, high-performance alternative to hypervisors, Proceedings of the 2007 EuroSys Conference, pp.275-287, 2007.

A. S. Tanenbaum and H. Bos, Modern Operating Systems, 2014.

V. Tasoulas, H. Haugerud, and K. M. Begnum, Bayllocator: A proactive system to predict server utilization and dynamically allocate memory resources using bayesian networks and ballooning, Strategies, Tools , and Techniques: Proceedings of the 26th Large Installation System Administration Conference, pp.111-121, 2012.

B. Verghese, A. Gupta, and M. Rosenblum, Performance isolation: Sharing and isolation in shared-memory multiprocessors, ASPLOS-VIII Proceedings of the 8th International Conference on Architectural Support for Programming Languages and Operating Systems, pp.181-192, 1998.


G. Voron, G. Thomas, V. Quéma, and P. Sens, An interface to implement NUMA policies in the xen hypervisor, Proceedings of the Twelfth European Conference on Computer Systems, pp.453-467, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01515359

C. Wright, C. Cowan, S. Smalley, J. Morris, and G. Kroah-hartman, Linux security modules: General security support for the linux kernel, Proceedings of the 11th USENIX Security Symposium, pp.17-31, 2002.

M. G. Xavier, M. V. Neves, F. D. Rossi, T. C. Ferreto, T. Lange et al., Performance evaluation of container-based virtualization for high performance computing environments, 21st Euromicro International Conference on Parallel, Distributed, and Network-Based Processing, pp.233-240, 2013.


H. Yun, R. Mancuso, Z. P. Wu, and R. Pellizzoni, PALLOC: DRAM bank-aware memory allocator for performance isolation on multicore platforms, 20th IEEE Real-Time and Embedded Technology and Applications Symposium, pp.155-166, 2014.

Z. Zhuang, C. Tran, J. Weng, H. Ramachandra, and B. Sridharan, Taming memory related performance pitfalls in linux cgroups, 2017 International Conference on Computing, Networking and Communications, pp.531-535, 2017.

, Amazon Web Services: on-demand cloud computing platforms

, Appache Mesos: program against your data center like it's a single pool of resources

, AppArmor: an effective and easy-to-use Linux application security system

, Association nationale de la recherche et de la technologie

, AWS auto scaling: application scaling to optimize performance and costs

, Cassandra: an open-source distributed storage system (docker image)

, Cellrox: scalable, secured and robust mobile virtualization platform

, Classful queuing disciplines

, Classless queuing disciplines

, CRIU: a project to implement checkpoint/restore functionality for Linux

, Docker: build, ship, and run any app, anywhere

, Filebench Workload Model: describe desired workloads from scratch

, Freezer-subsystem

, Google perfkit benchmarker: set of benchmarks to measure and compare cloud offerings

, Grsecurity: an extensive security enhancement to the Linux kernel

, High performance computing on AWS

, iCloud: the best place for all your photos, files, and more

, ioctl_ns: ioctl() operations for Linux namespaces

, Kubernetes: managing containerized applications across multiple hosts

, linux-ftools: Linux command line tools for fallocate, fincore, fadvise, etc

, memtier_benchmark: NoSQL Redis and Memcache traffic generation and benchmarking tool

, MySQL: a widely used, open-source relational database management system (docker image)

, proc: process information pseudo-filesystem

, Senlin: auto scaling with Heat OpenStack

, Shadow: transform any device with a screen and internet connection into a high performance pc

, GoReplay issue: how do you deal with user session to replay the traffic correctly, 2015.

G. Amvrosiadis and V. Tarasov, Filebench: a filesystem and storage benchmark

N. Brown, Control groups series, 2014.

L. Bugaev, GoReplay: an open-source tool for capturing and replaying live HTTP traffic into a test environment in order to continuously test your system with real data

L. Capitulino, Automatic memory ballooning, 2013.

J. J. Casey and . Schaufler, Namespacing & stacking the LSM, 2017.

J. Corbet, Securely renting out your CPU with Linux, 2005.

, Network namespaces, 2007.

, Sysfs and namespaces, 2008.

, Seccomp and sandboxing, 2009.

, Cleancache and frontswap, 2010.

, Integrating memory control groups, 2011.

, Better active/inactive list balancing, 2012.

, Yet another new approach to seccomp, vol.94, 2012.

, Extending extended BPF, 2014.

, The trouble with dropping groups, 2014.

, User namespaces and setgroups, 2014.

, Filesystem mounts in user namespaces, 2015.

, Tracking actual memory utilization, 2015.

, Controlling access to user namespaces, 2016.

, Memory control group fairness, 2016.

, Network filtering for control groups, 2016.

, Writing your own security module, 2016.

, Containers as kernel objects, 2017.

, Namespaced file capabilities, 2017.

V. Davydov, Idlememstat: a simple utility for estimating idle memory size

, idle memory tracking, 2015.

S. Derr, Cpusets

J. Edge, Freezing filesystems and containers

, An introduction to SELinux, 2004.

, LSM stacking (again), 2010.

, Device namespaces, 2013.

, Control group namespaces, 2014.

, Namespaces in operation, part 7: Network namespaces, 2014.

, Progress in security module stacking, 2015.

, A seccomp overview, 2015.

, Filesystem images and unprivileged containers, 2016.

, On the way to safe containers, 2016.

, Container-aware filesystems, 2017.

J. Fong, Are containers replacing virtual machines?, 2018.

J. Frazelle, Two objects not Namespaced by the Linux Kernel, 2017.

B. Gregg, perf examples

, Working set size estimation

S. E. Hallyn, uts namespaces: Introduction, 2006.

T. Heo, cgroups v2

, State of cpu controller in cgroup v2, 2016.

E. Horschman, Hypervisor memory management done right, 2011.

J. Johansen, AppArmor by john johansen, 2016.

M. Kerrisk, CAP_SYS_ADMIN: the new root, 2012.

, Hierarchical reclaim for memory cgroups, 2012.

, LinuxCon Europe: The failure of operating systems and how we can fix it, 2012.

, Stepping closer to practical containers: "syslog" namespaces, 2012.

, User namespaces progress, 2012.

, Anatomy of a user namespaces vulnerability, 2013.

, Namespaces in operation, 2013.

, Namespaces in operation, part 2: the namespaces api, 2013.

, Pid namespaces, Namespaces in operation, vol.3, 2013.

, Namespaces in operation, part 4: more on pid namespaces, 2013.

, User namespaces, Namespaces in operation, vol.5, 2013.

, Namespaces in operation, part 6: more on user namespaces, 2013.

, Mount namespaces and shared subtrees, 2016.

, Mount namespaces, mount propagation, and unbindable mounts, 2016.

G. Klok, Modern infrastructure, 2017.

A. Kopytov, Sysbench: scriptable database and system performance benchmark

K. Korotaev, Ipc namespace, 2006.

O. Laadan, Devicenamespace

P. Menage,

J. Morris, Namespacing in SELinux, 2018.

P. Pandit, rdma controller support, 2016.

R. Rosen, Understanding the new control groups api, 2016.

R. Van-riel, vmscan: split lru lists into anon and file sets, 2008.

A. Vorontsov, vmpressure: Linux VM pressure notifications, 2012.

J. Weiner, memcg naturalization, 2011.

, refault distance-based file cache sizing, 2012.

, memdelay: memory health metric for systems and workloads, 2017.

, psi: pressure stall information for CPU, memory, and IO v2, vol.156, 2018.

R. J. Wysocki, Freezing of tasks