, A comparison of software and hardware techniques for x86 virtualization, Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, pp.2-13, 2006.
, Thermostat: Application-transparent page management for two-tiered main memory, Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems, pp.631-644, 2017.
, Vswapper: a memory swapper for virtualized environments, Architectural Support for Programming Languages and Operating Systems, ASPLOS '14, pp.349-366, 2014.
, Cells: a virtual mobile smartphone architecture, Proceedings of the 23rd ACM Symposium on Operating Systems Principles, pp.173-187, 2011.
, Increasing memory density by using ksm, Proceedings of the linux symposium, pp.19-28, 2009.
, A view of cloud computing, Commun. ACM, vol.53, issue.4, pp.50-58, 2010.
, A study of replacement algorithms for virtual-storage computer, IBM Systems Journal, vol.5, issue.2, pp.78-101, 1966.
, An anomaly in space-time characteristics of certain programs running in a paging machine, Commun. ACM, vol.12, issue.6, pp.349-353, 1969.
, Utilizing iommus for virtualization in linux and xen, OLS'06: The 2006 Ottawa Linux Symposium, pp.71-86, 2006.
, Multiple instances of the global linux namespaces, Proceedings of the Linux Symposium, vol.1, pp.101-112, 2006.
, Vers une utilisation efficace des processeurs multi-coeurs dans des systèmes embarqués à criticités multiples. (towards an efficient use of multicore processors in mixed criticality embedded systems), 2017.
, ACDC: advanced consolidation for dynamic containers, 16th IEEE International Symposium on Network Computing and Applications, NCA 2017, pp.253-260, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01673304
, Subdomain: Parsimonious server security, pp.355-368, 2000.
, The working set model for program behavior, Communications of the ACM, vol.11, issue.5, pp.323-333, 1968.
, SR-IOV networking in xen: Architecture, design and implementation, First Workshop on I/O Virtualization, WIOV'08, 2008.
, Trickle: A userland bandwidth shaper for unix-like systems, Proceedings of the FREENIX Track: 2005 USENIX Annual Technical Conference, pp.61-70, 2005.
, An updated performance comparison of virtual machines and linux containers, 2015 IEEE International Symposium on Performance Analysis of Systems and Software, pp.171-172, 2015.
, Badgertrap: a tool to instrument x86-64 TLB misses, SIGARCH Computer Architecture News, vol.42, issue.2, pp.20-23, 2014.
, Biting off safely more than you can chew: Predictive analytics for resource over-commit in iaas cloud, 2012 IEEE Fifth International Conference on Cloud Computing, pp.25-32, 2012.
, The double paging anomaly, American Federation of Information Processing Societies: 1974 National Computer Conference, vol.43, pp.195-199, 1974.
, Linux capabilities: Making them work, Linux Symposium, vol.8, 2008.
, Clock-pro: An effective improvement of the CLOCK replacement, Proceedings of the 2005 USENIX Annual Technical Conference, pp.323-336, 2005.
, LIRS: an efficient low inter-reference recency set replacement policy to improve buffer cache performance, Proceedings of the International Conference on Measurements and Modeling of Computer Systems, SIGMETRICS 2002, pp.31-42, 2002.
, Token-ordered LRU: an effective page replacement policy and its implementation in linux systems, Perform. Eval, vol.60, issue.1-4, pp.5-29, 2005.
,
, 2q: A low overhead high performance buffer management replacement algorithm, Proceedings of 20th International Conference on Very Large Data Bases, pp.439-450, 1994.
, Spectre attacks: Exploiting speculative execution, CoRR, 2018.
, Singularity: Scientific containers for mobility of compute, PloS one, vol.12, issue.5, p.177459, 2017.
, , 2018.
, Caches collaboratifs noyau adaptés aux environnements virtualisés. (A kernel cooperative cache for virtualized environments), 2016.
, Puma: pooling unused memory in virtual machines for I/O intensive applications, Proceedings of the 8th ACM International Systems and Storage Conference, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01154566
,
, Integrating flexible support for security policies into the linux operating system, Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, pp.29-42, 2001.
, The linux scheduler: a decade of wasted cores, Proceedings of the Eleventh European Conference on Computer Systems, vol.1, pp.1-1, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01295194
, Local resource shaper for mapreduce, IEEE 6th International Conference on Cloud Computing Technology and Science, pp.483-490, 2014.
, My VM is lighter (and safer) than your container, Proceedings of the 26th Symposium on Operating Systems Principles, pp.218-233, 2017.
, The BSD packet filter: A new architecture for user-level packet capture, Proceedings of the Usenix Winter 1993 Technical Conference, pp.259-270, 1993.
, Papi: A portable interface to hardware performance counters, Proceedings of the department of defense HPCMP users group conference, vol.710, 1999.
, Performance evaluation of virtualization technologies for server consolidation, HP Labs Tec. Report, vol.1, 2007.
, Formal requirements for virtualizable third generation architectures, Proceedings of the Fourth Symposium on Operating System Principles, SOSP 1973, p.121, 1973.
, Linux security modules enhancements: Module stacking framework and tcp state transition hooks for state-driven nids, Secure Information and Communication, vol.7, pp.7-13, 2004.
, Recommendations for virtualization technologies in high performance computing, Cloud Computing, Second International Conference, pp.409-416, 2010.
, virtio: towards a de-facto standard for virtual I/O devices, Operating Systems Review, vol.42, issue.5, pp.95-103, 2008.
, The protection of information in computer systems, Proceedings of the IEEE, vol.63, issue.9, pp.1278-1308, 1975.
,
, Containers and virtual machines at scale: A comparative study, Proceedings of the 17th International Middleware Conference, p.1, 2016.
, Containerbased operating system virtualization: a scalable, high-performance alternative to hypervisors, Proceedings of the 2007 EuroSys Conference, pp.275-287, 2007.
, Modern Operating Systems, 2014.
, Bayllocator: A proactive system to predict server utilization and dynamically allocate memory resources using bayesian networks and ballooning, Strategies, Tools , and Techniques: Proceedings of the 26th Large Installation System Administration Conference, pp.111-121, 2012.
, Performance isolation: Sharing and isolation in shared-memory multiprocessors, ASPLOS-VIII Proceedings of the 8th International Conference on Architectural Support for Programming Languages and Operating Systems, pp.181-192, 1998.
,
, An interface to implement NUMA policies in the xen hypervisor, Proceedings of the Twelfth European Conference on Computer Systems, pp.453-467, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01515359
, Linux security modules: General security support for the linux kernel, Proceedings of the 11th USENIX Security Symposium, pp.17-31, 2002.
, Performance evaluation of container-based virtualization for high performance computing environments, 21st Euromicro International Conference on Parallel, Distributed, and Network-Based Processing, pp.233-240, 2013.
,
, PALLOC: DRAM bank-aware memory allocator for performance isolation on multicore platforms, 20th IEEE Real-Time and Embedded Technology and Applications Symposium, pp.155-166, 2014.
, Taming memory related performance pitfalls in linux cgroups, 2017 International Conference on Computing, Networking and Communications, pp.531-535, 2017.
, Amazon Web Services: on-demand cloud computing platforms
, Appache Mesos: program against your data center like it's a single pool of resources
, AppArmor: an effective and easy-to-use Linux application security system
, Association nationale de la recherche et de la technologie
, AWS auto scaling: application scaling to optimize performance and costs
, Cassandra: an open-source distributed storage system (docker image)
, Cellrox: scalable, secured and robust mobile virtualization platform
, Classful queuing disciplines
, Classless queuing disciplines
, CRIU: a project to implement checkpoint/restore functionality for Linux
, Docker: build, ship, and run any app, anywhere
, Filebench Workload Model: describe desired workloads from scratch
, Freezer-subsystem
, Google perfkit benchmarker: set of benchmarks to measure and compare cloud offerings
, Grsecurity: an extensive security enhancement to the Linux kernel
, High performance computing on AWS
, iCloud: the best place for all your photos, files, and more
, ioctl_ns: ioctl() operations for Linux namespaces
, Kubernetes: managing containerized applications across multiple hosts
, linux-ftools: Linux command line tools for fallocate, fincore, fadvise, etc
, memtier_benchmark: NoSQL Redis and Memcache traffic generation and benchmarking tool
, MySQL: a widely used, open-source relational database management system (docker image)
, proc: process information pseudo-filesystem
, Senlin: auto scaling with Heat OpenStack
, Shadow: transform any device with a screen and internet connection into a high performance pc
, GoReplay issue: how do you deal with user session to replay the traffic correctly, 2015.
, Filebench: a filesystem and storage benchmark
, Control groups series, 2014.
, GoReplay: an open-source tool for capturing and replaying live HTTP traffic into a test environment in order to continuously test your system with real data
, Automatic memory ballooning, 2013.
, Namespacing & stacking the LSM, 2017.
, Securely renting out your CPU with Linux, 2005.
, Network namespaces, 2007.
, Sysfs and namespaces, 2008.
, Seccomp and sandboxing, 2009.
, Cleancache and frontswap, 2010.
, Integrating memory control groups, 2011.
, Better active/inactive list balancing, 2012.
, Yet another new approach to seccomp, vol.94, 2012.
, Extending extended BPF, 2014.
, The trouble with dropping groups, 2014.
, User namespaces and setgroups, 2014.
, Filesystem mounts in user namespaces, 2015.
, Tracking actual memory utilization, 2015.
, Controlling access to user namespaces, 2016.
, Memory control group fairness, 2016.
, Network filtering for control groups, 2016.
, Writing your own security module, 2016.
, Containers as kernel objects, 2017.
, Namespaced file capabilities, 2017.
, Idlememstat: a simple utility for estimating idle memory size
, idle memory tracking, 2015.
, Cpusets
, Freezing filesystems and containers
, An introduction to SELinux, 2004.
, LSM stacking (again), 2010.
, Device namespaces, 2013.
, Control group namespaces, 2014.
, Namespaces in operation, part 7: Network namespaces, 2014.
, Progress in security module stacking, 2015.
, A seccomp overview, 2015.
, Filesystem images and unprivileged containers, 2016.
, On the way to safe containers, 2016.
, Container-aware filesystems, 2017.
, Are containers replacing virtual machines?, 2018.
, Two objects not Namespaced by the Linux Kernel, 2017.
, perf examples
, Working set size estimation
, uts namespaces: Introduction, 2006.
, cgroups v2
, State of cpu controller in cgroup v2, 2016.
, Hypervisor memory management done right, 2011.
, AppArmor by john johansen, 2016.
, CAP_SYS_ADMIN: the new root, 2012.
, Hierarchical reclaim for memory cgroups, 2012.
, LinuxCon Europe: The failure of operating systems and how we can fix it, 2012.
, Stepping closer to practical containers: "syslog" namespaces, 2012.
, User namespaces progress, 2012.
, Anatomy of a user namespaces vulnerability, 2013.
, Namespaces in operation, 2013.
, Namespaces in operation, part 2: the namespaces api, 2013.
, Pid namespaces, Namespaces in operation, vol.3, 2013.
, Namespaces in operation, part 4: more on pid namespaces, 2013.
, User namespaces, Namespaces in operation, vol.5, 2013.
, Namespaces in operation, part 6: more on user namespaces, 2013.
, Mount namespaces and shared subtrees, 2016.
, Mount namespaces, mount propagation, and unbindable mounts, 2016.
, Modern infrastructure, 2017.
, Sysbench: scriptable database and system performance benchmark
, Ipc namespace, 2006.
, Devicenamespace
,
, Namespacing in SELinux, 2018.
, rdma controller support, 2016.
, Understanding the new control groups api, 2016.
, vmscan: split lru lists into anon and file sets, 2008.
, vmpressure: Linux VM pressure notifications, 2012.
, memcg naturalization, 2011.
, refault distance-based file cache sizing, 2012.
, memdelay: memory health metric for systems and workloads, 2017.
, psi: pressure stall information for CPU, memory, and IO v2, vol.156, 2018.
, Freezing of tasks