Sandia computer scientists successfully boot one million Linux kernels as virtual machines

Tue Aug 4 15:31:30 UTC 2009

2009/8/3 Michael Lauzon <mlauzon-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>:
> Here's an interesting article:
>
> (Media-Newswire.com) - LIVERMORE, Calif. — Computer scientists at
> Sandia National Laboratories in Livermore, Calif., have for the first
> time successfully demonstrated the ability to run more than a million
> Linux kernels as virtual machines.
>
> The achievement will allow cyber security researchers to more
> effectively observe behavior found in malicious botnets, or networks
> of infected machines that can operate on the scale of a million nodes.
> Botnets, said Sandia’s Ron Minnich, are often difficult to analyze
> since they are geographically spread all over the world.
>
> Sandia scientists used virtual machine ( VM ) technology and the power
> of its Thunderbird supercomputing cluster for the demonstration.
>
> Running a high volume of VMs on one supercomputer — at a similar scale
> as a botnet — would allow cyber researchers to watch how botnets work
> and explore ways to stop them in their tracks. “We can get control at
> a level we never had before,” said Minnich.
>
> Previously, Minnich said, researchers had only been able to run up to
> 20,000 kernels concurrently ( a “kernel” is the central component of
> most computer operating systems ). The more kernels that can be run at
> once, he said, the more effective cyber security professionals can be
> in combating the global botnet problem. “Eventually, we would like to
> be able to emulate the computer network of a small nation, or even one
> as large as the United States, in order to ‘virtualize’ and monitor a
> cyber attack,” he said.
>
> A related use for millions to tens of millions of operating systems,
> Sandia’s researchers suggest, is to construct high-fidelity models of
> parts of the Internet.
>
> “The sheer size of the Internet makes it very difficult to understand
> in even a limited way,” said Minnich. “Many phenomena occurring on the
> Internet are poorly understood, because we lack the ability to model
> it adequately. By running actual operating system instances to
> represent nodes on the Internet, we will be able not just to simulate
> the functioning of the Internet at the network level, but to emulate
> Internet functionality.”
>
> Full article: http://media-newswire.com/release_1095644.html

But aren't most botnets composed primarily of Windows machines?  I
realize there's still plenty of value in this.  But I'm having trouble
imagining the cost of licensing a million copies of Windows ... not to
mention that MS would probably sue you if you publicized the results,
even if your million copies were legitimate.  Besides, MS wouldn't
allow you to make a reasonable mix: "I'll need 80,000 copies of
Windows 95, 20,000 copies of Windows ME, 700,000 copies of XP ..."

-- 
Giles
http://www.gilesorr.com/
gilesorr-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists