Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security: Art and Science, 2nd Edition

Published byQuentin Fox Modified over 5 years ago

Similar presentations

Presentation on theme: "Computer Security: Art and Science, 2nd Edition"— Presentation transcript:

1 Computer Security: Art and Science, 2nd Edition
Virtual Machines Appendix D Version 1.0 Computer Security: Art and Science, 2nd Edition

2 Computer Security: Art and Science, 2nd Edition
Outline Virtual Machine Structure Virtual Machine Monitor Privilege Physical Resources Paging Version 1.0 Computer Security: Art and Science, 2nd Edition

3 Computer Security: Art and Science, 2nd Edition
What Is It? Virtual machine monitor (VMM) or hypervisor virtualizes system resources Provides interface to give each program running on it the illusion that it is the only process on the system and is running directly on hardware Provides illusion of contiguous memory beginning at address 0, a CPU, and secondary storage to each program Type-1 hypervisor runs directly on the hardware Type-2 hypervisor runs as a process on a regular operating system Version 1.0 Computer Security: Art and Science, 2nd Edition

4 Computer Security: Art and Science, 2nd Edition
VHi is virtual machine i Debian Linux Windows XP T2Hi is type-2 hypervisor i VHA VHB user procs user procs user procs user procs user procs user procs T2HA T2HB Ubuntu Linux FreeBSD Windows 10 z/OS Ubuntu Linux FreeBSD z/OS Windows 10 VH5 VH6 VH7 VH8 VH1 VH2 VH3 VH4 T2H1 T2H2 T2H3 Type-1 Hypervisor Operating System Physical Hardware Physical Hardware Version 1.0 Computer Security: Art and Science, 2nd Edition

5 Privileged Instructions
VMM runs VM with operating system o, which is running process p p tries to read, so privileged operation traps to hardware VMM invoked, determines trap occurred in VM VMM updates state of VM to make it look like hardware invoked o directly, so o tries to read, causing trap VMM does read Updates VM to make it seem like o did read Transfers control to o Version 1.0 Computer Security: Art and Science, 2nd Edition

6 Privileged Instructions
o tries to switch context to p, causing another trap 5. VMM updates VM running o to make it appear o did context switch successfully Transfers control to o, which (as o apparently did a context switch to p) returns control to p Version 1.0 Computer Security: Art and Science, 2nd Edition

7 Privileged Instructions
issue read system call return from read system call p invoked by hardware trap context switch to p fix o so it looks like VM serviced trap VM running o VMM read fix VM PC to emulate return from trap read finished return from trap context switch to o context switch to p causes trap Version 1.0 Computer Security: Art and Science, 2nd Edition

8 Computer Security: Art and Science, 2nd Edition
Privilege and VMs Sensitive instruction discloses or alters state of processor privilege Sensitive data structure contains information about state of processor privilege Version 1.0 Computer Security: Art and Science, 2nd Edition

9 Computer Security: Art and Science, 2nd Edition
When Can VM Be Run? Can virtualize an architecture when: All sensitive instructions cause traps when executed by processes at lower levels of privilege All references to sensitive data structures cause traps when executed by processes at lower levels of privilege Version 1.0 Computer Security: Art and Science, 2nd Edition

10 Computer Security: Art and Science, 2nd Edition
Example: VAX System 4 levels of privilege (user, supervisor, executive, kernel) CHMK changes privilege to kernel level Sensitive instruction Causes trap except when executed in kernel mode; meets rule 1 Page tables have copy of PSL, containing privilege level Sensitive data structure If user level processes prevented from altering page tables, trying to do so will cause a trap; meets rule 2 Version 1.0 Computer Security: Art and Science, 2nd Edition

11 Multiple Levels of Privilege
Hardware supports n levels of privilege So each VM must appear to do this also But only VMM can run at highest level So n – 1 levels available to each VM VMs must virtualize levels of privilege Technique called ring compression Version 1.0 Computer Security: Art and Science, 2nd Edition

12 Virtualize Privilege Levels
VAX/VMM must emulate 4 levels of privilege Cannot allow any VM to enter kernel mode, and thereby bypass VMM But VAX/VMS requires all four levels! Virtualize executive, kernel privilege levels Conceptually, map both to physical executive level Add VM bit to PSL; if set, current process is on VM VMPSL register records PSL of running VM All sensitive instructions obtain info from VMPSL or trap to VMM, which emulates instruction Version 1.0 Computer Security: Art and Science, 2nd Edition

13 Computer Security: Art and Science, 2nd Edition
Virtualization Mode Intel VT-i adds PSR.vm bit to process status register When running guest OS, bit set; else bit cleared When set, privileged instructions cause virtualization fault Bit automatically cleared so VMM can service it Intel VT-x adds 2 modes, root and non-root operation When running guest OS, in VMX non-root operation Privileged instructions cause transition to VMX root mode Then VMM carries out privileged instruction Version 1.0 Computer Security: Art and Science, 2nd Edition

14 Computer Security: Art and Science, 2nd Edition
Access by Class Divide users into different classes Control access to system by limiting access of each class Example: IBM VM/370 associates various commands with users Each command associated with user privilege classes Class G (“general user”) can start VM Class A (“primary system operator”) can control system accounting, availability of VMs, etc. Class “Any” can access, relinquish access, to VM Version 1.0 Computer Security: Art and Science, 2nd Edition

15 Physical Resources and VMs
VMM distributes these among VMs as appropriate Example: minidisks System to run 10 VMs using one disk Split disk into 10 minidisks VMM handles mapping from (virtual) minidisk address to physical disk address Version 1.0 Computer Security: Art and Science, 2nd Edition

16 Computer Security: Art and Science, 2nd Edition
Example VM’s OS tries to write to a disk Privileged I/O instruction causes trap to VMM VMM translates address in I/O instruction to address in physical disk VMM checks that physical address in area of disk allocated to the VM making request If not, request fails; error returned to VM VMM services request, returns control to VM Version 1.0 Computer Security: Art and Science, 2nd Edition

17 Computer Security: Art and Science, 2nd Edition
Paging and VM Paging on ordinary machines is at highest privilege level Paging on VM is at highest virtual level Handled like any other disk I/O Two problems: On some machines, some pages available only from highest privilege level, but VM runs at next-to-highest level Performance Version 1.0 Computer Security: Art and Science, 2nd Edition

18 Computer Security: Art and Science, 2nd Edition
First Problem VM must change protection level of pages available only from highest privilege level to appropriate level Example: On VAX/VMS, kernel mode needed for some pages But VM runs at executive mode, so must ensure only virtual kernel level processes can read those pages In practice, VMS system allows executive mode processes to elevate to kernel mode; no security issue But … executive mode processes on non-VM system cannot read pages, so loss of reliability Version 1.0 Computer Security: Art and Science, 2nd Edition

19 Computer Security: Art and Science, 2nd Edition
Second Problem VMM paging is transparent to VMs VMs paging: VMM handles it as above If lots of VM paging, this may cause significant performance degradation Example: IBM VM/370 OS/MFT, OS/MVT access disk storage If jobs depend on timings, delays caused by VMM may affect results MVS does that and pages, too Jobs depending on timings could fail under VM/370 that would succeed if run under MVS directly Version 1.0 Computer Security: Art and Science, 2nd Edition

Download ppt "Computer Security: Art and Science, 2nd Edition"

Similar presentations

Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,

Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,
Operating Systems High Level View Chapter 1,2. Who is the User? End Users Application Programmers System Programmers Administrators.

Operating Systems High Level View Chapter 1,2. Who is the User? End Users Application Programmers System Programmers Administrators.
1 School of Computing Science Simon Fraser University CMPT 300: Operating Systems I Dr. Mohamed Hefeeda.

1 School of Computing Science Simon Fraser University CMPT 300: Operating Systems I Dr. Mohamed Hefeeda.
OS Fall ’ 02 Introduction Operating Systems Fall 2002.

OS Fall ’ 02 Introduction Operating Systems Fall 2002.
Disco Running Commodity Operating Systems on Scalable Multiprocessors.

Disco Running Commodity Operating Systems on Scalable Multiprocessors.
OS Spring’03 Introduction Operating Systems Spring 2003.

OS Spring’03 Introduction Operating Systems Spring 2003.
Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.

Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.
Computer System Structures memory memory controller disk controller disk controller printer controller printer controller tape-drive controller tape-drive.

Computer System Structures memory memory controller disk controller disk controller printer controller printer controller tape-drive controller tape-drive.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #29-1 Chapter 33: Virtual Machines Virtual Machine Structure Virtual Machine.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #29-1 Chapter 33: Virtual Machines Virtual Machine Structure Virtual Machine.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.

Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.
Virtual Machine Monitors CSE451 Andrew Whitaker. Hardware Virtualization Running multiple operating systems on a single physical machine Examples:  VMWare,

Virtual Machine Monitors CSE451 Andrew Whitaker. Hardware Virtualization Running multiple operating systems on a single physical machine Examples:  VMWare,
Tanenbaum 8.3 See references

Tanenbaum 8.3 See references
Zen and the Art of Virtualization Paul Barham, et al. University of Cambridge, Microsoft Research Cambridge Published by ACM SOSP’03 Presented by Tina.

Zen and the Art of Virtualization Paul Barham, et al. University of Cambridge, Microsoft Research Cambridge Published by ACM SOSP’03 Presented by Tina.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 2: System Structures.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 2: System Structures.
Chapter 1. Introduction What is an Operating System? Mainframe Systems

Chapter 1. Introduction What is an Operating System? Mainframe Systems
Recall: Three I/O Methods Synchronous: Wait for I/O operation to complete. Asynchronous: Post I/O request and switch to other work. DMA (Direct Memory.

Recall: Three I/O Methods Synchronous: Wait for I/O operation to complete. Asynchronous: Post I/O request and switch to other work. DMA (Direct Memory.
Lecture 9: Memory Hierarchy Virtual Memory Kai Bu

Lecture 9: Memory Hierarchy Virtual Memory Kai Bu
 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.

 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.
We will focus on operating system concepts What does it do? How is it implemented? Apply to Windows, Linux, Unix, Solaris, Mac OS X. Will discuss differences.

We will focus on operating system concepts What does it do? How is it implemented? Apply to Windows, Linux, Unix, Solaris, Mac OS X. Will discuss differences.
Introduction to virtualization

Introduction to virtualization

Similar presentations

Ads by Google