Sandia computer scientists successfully boot one million Linux kernels as virtual machines

Tue Aug 4 15:42:04 UTC 2009

Giles Orr wrote:
> 2009/8/3 Michael Lauzon <mlauzon-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>:
>   
>> Here's an interesting article:
>>
>> (Media-Newswire.com) - LIVERMORE, Calif. — Computer scientists at
>> Sandia National Laboratories in Livermore, Calif., have for the first
>> time successfully demonstrated the ability to run more than a million
>> Linux kernels as virtual machines.
>>
>> The achievement will allow cyber security researchers to more
>> effectively observe behavior found in malicious botnets, or networks
>> of infected machines that can operate on the scale of a million nodes.
>> Botnets, said Sandia’s Ron Minnich, are often difficult to analyze
>> since they are geographically spread all over the world.
>>
>> Sandia scientists used virtual machine ( VM ) technology and the power
>> of its Thunderbird supercomputing cluster for the demonstration.
>>
>> Running a high volume of VMs on one supercomputer — at a similar scale
>> as a botnet — would allow cyber researchers to watch how botnets work
>> and explore ways to stop them in their tracks. “We can get control at
>> a level we never had before,” said Minnich.
>>
>> Previously, Minnich said, researchers had only been able to run up to
>> 20,000 kernels concurrently ( a “kernel” is the central component of
>> most computer operating systems ). The more kernels that can be run at
>> once, he said, the more effective cyber security professionals can be
>> in combating the global botnet problem. “Eventually, we would like to
>> be able to emulate the computer network of a small nation, or even one
>> as large as the United States, in order to ‘virtualize’ and monitor a
>> cyber attack,” he said.
>>
>> A related use for millions to tens of millions of operating systems,
>> Sandia’s researchers suggest, is to construct high-fidelity models of
>> parts of the Internet.
>>
>> “The sheer size of the Internet makes it very difficult to understand
>> in even a limited way,” said Minnich. “Many phenomena occurring on the
>> Internet are poorly understood, because we lack the ability to model
>> it adequately. By running actual operating system instances to
>> represent nodes on the Internet, we will be able not just to simulate
>> the functioning of the Internet at the network level, but to emulate
>> Internet functionality.”
>>
>> Full article: http://media-newswire.com/release_1095644.html
>>     
>
> But aren't most botnets composed primarily of Windows machines?  I
> realize there's still plenty of value in this.  But I'm having trouble
> imagining the cost of licensing a million copies of Windows ... not to
> mention that MS would probably sue you if you publicized the results,
> even if your million copies were legitimate.  Besides, MS wouldn't
> allow you to make a reasonable mix: "I'll need 80,000 copies of
> Windows 95, 20,000 copies of Windows ME, 700,000 copies of XP ..."
>
>   
First you wouldn't need to license a million copies as you can get a 
site license for windows.

Second, they only have to emulate the botnet behaviour not actually run 
any specific botnet code on windows. It's a lot easier to emulate 
network sockets in Linux than Windows. This also allows for testing of 
new exploits before worms using that exploit appear in the wild.
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists