Raising Virtualization Abstraction to the Next Level with Paravirtualized Syscalls

This proposal has been rejected.


One Line Summary

Improving virtualization to provide a secure execution environment for container workloads


X86 virtualization was born to run multiple operating systems on a single machine. Now it is primarily used to execute many instances of the same OS, Linux, each of them running a single server application. As it happens, this is a use case for which containers are a better fit. It is time to go back to the drawing board and come up with a new design. What lessons can we learn from containers to improve virtualization technologies? What can virtualization offer unique and relevant in the world of Docker and OCI?

The presentation will introduce a new approach to virtualization based on paravirtualized syscalls specifically for container workloads. It will go into details on the design, how it fits in the Linux kernel and will show how it compares to traditional virtualization technologies and Linux containers in terms of security, overhead, and performance. The presentation will describe key implementation challenges, particularly in regards to networking syscalls and network access to guests.


networking, virtualization, xen, kvm, containers, docker, syscalls


  • Biography

    Stefano Stabellini serves as virtualization expert in a new dynamic team at Aporeto. Previously he was Senior Principal Software Engineer at Citrix, leading a small group of Open Source engineers working on Xen Project. Stefano has been involved in Xen development since 2007, focusing on several different projects, spanning from Qemu to Xen and the Linux kernel. He created libxenlight in November 2009 and started the Xen port to ARM with virtualization extensions with Ian Campbell in 2011. Currently he maintains Xen support in Qemu and Xen on ARM in Linux and Xen.

Leave a private comment to organizers about this proposal