Skip to main content
SpringerLink
Log in

Design and verification of a lightweight reliable virtual machine monitor for a many-core architecture

  • Research Article
  • Published:
Frontiers of Computer Science Aims and scope Submit manuscript

Abstract

Virtual machine monitors (VMMs) play a central role in cloud computing. Their reliability and availability are critical for cloud computing. Virtualization and device emulation make the VMM code base large and the interface between OS and VMM complex. This results in a code base that is very hard to verify the security of the VMM. For example, a misuse of a VMM hyper-call by a malicious guest OS can corrupt the whole VMM. The complexity of the VMM also makes it hard to formally verify the correctness of the system’s behavior. In this paper a new VMM, operating system virtualization (OSV), is proposed. The multiprocessor boot interface and memory configuration interface are virtualized in OSV at boot time in the Linux kernel. After booting, only inter-processor interrupt operations are intercepted by OSV, which makes the interface between OSV and OS simple. The interface is verified using formal model checking, which ensures a malicious OS cannot attack OSV through the interface. Currently, OSV is implemented based on the AMD Opteron multi-core server architecture. Evaluation results show that Linux running on OSV has a similar performance to native Linux. OSV has a performance improvement of 4%–13% over Xen.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Barham P, Dragovic B, Fraser K, Hand S, Harris T, Ho A, Neugebauer R, Pratt I, Warfield A. Xen and the art of virtualization. In: Proceedings of the 19th ACM Symposium on Operating Systems Principles. 2003, 164–177

    Google Scholar 

  2. Understanding Memory Resource Management in VMware ESX Server. VMWare white paper. www.vmware.com/files/pdf/perfvsphere-memory_management.pdf

  3. Klein G, Elphinstone K, Heiser G, Andronick J, Cock D, Derrin P, Elkaduwe D, Engelhardt K, Kolanski R, Norrish M, Sewell T, Tuch H, Winwood S. seL4: formal verification of an OS kernel. In: Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles. 2009, 207–220

    Chapter  Google Scholar 

  4. Holzmann G J. The logic of bugs. In: Proceedings of Foundations of Software Engineering. 2002

    Google Scholar 

  5. Gens F. IT cloud services user survey, part.2: top benefits & challenges. http://blogs.idc.com/ie/?p=210

  6. Boyd-Wickizer S, Chen H, Chen R, Mao Y, Kaashoek F, Morris R, Pesterev A, Stein L, Wu M, Dai Y. Corey: an operating system for many cores. In: Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation. 2008, 43–57

    Google Scholar 

  7. Engler D, Kaashoek M. Exokernel: an operating system architecture for application-level resource management. ACM SIGOPS Operating Systems Review, 1995, 29(5): 251–266

    Article  Google Scholar 

  8. Baumann A, Barham P, Dagand P, Harris T, Isaacs R, Peter S, Roscoe T, Schupbach A, Singhania A. The multikernel: a new OS architecture for scalable multicore systems. In: Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles. 2009, 29–44

    Chapter  Google Scholar 

  9. Seshadri A, Luk M, Qu N, Perrig A. SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. ACM SIGOPS Operating Systems Review, 2007, 41(6): 335–350

    Article  Google Scholar 

  10. McCune JM, Li Y, Qu N, Zhou Z, Datta A, Gligor V, Perrig A. TrustVisor: efficient TCB reduction and attestation. IEEE Symposium on Security and Privacy. 2010, 143–158

    Google Scholar 

  11. Keller E, Szefer J, Rexford J, Lee R B. NoHype: virtualized cloud infrastructure without the virtualization. ACM SIGARCH Computer Architecture News, 2010, 38(3): 350–361

    Article  Google Scholar 

  12. Shinagawa T, Eiraku H, Tanimoto K, Omote K, Hasegawa S, Horie T, Hirano M, Kourai K, Oyama Y, Kawai E. BitVisor: a thin hypervi sor for enforcing i/o device security. In: Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments. 2009, 121–130

    Chapter  Google Scholar 

  13. Zhang F, Chen J, Chen H, Zang B. CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In: Proceedings of the 23rd ACM Symposium on Operating Systems Principles. 2011, 203–216

    Google Scholar 

  14. Steinberg U, Kauer B. NOVA: a microhypervisor-based secure virtualization architecture. In: Proceedings of the 5th European Conference on Computer Systems. 2010, 209–222

    Google Scholar 

  15. Klein G, Elphinstone K, Heiser G, Andronick J, Cock D, Derrin P, Elkaduwe D, Engelhardt K, Kolanski R, Norrish M. seL4: formal verification of an OS kernel. In: Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles. 2009, 207–220

    Chapter  Google Scholar 

  16. Franklin J, Seshadri A, Qu N, Chaki S, Datta A. Attacking, repairing, and verifying SecVisor: a retrospective on the security of a hypervisor. Technical Report CMU-CyLab-08-008. 2008

    Google Scholar 

  17. Wang Z, Jiang X. Hypersafe: a lightweight approach to provide lifetime hypervisor control-flow integrity. IEEE Symposium on Security and Privacy (SP). 2010, 380–395

    Google Scholar 

  18. Ravi V, Becchi M, Agrawal G, Chakradhar S. Supporting GPU sharing in cloud environments with a transparent runtime consolidation framework. In: Proceedings of the International Symposium on High-Performance Parallel and Distributed Computting. 2011

  19. AMD. Amd64 architecture programmers manual volume 2: system programming. 2007

    Google Scholar 

  20. Holzmann G J. The model checker SPIN. IEEE Transactions on Software Engineering, 1997, 23(5): 279–295

    Article  MathSciNet  Google Scholar 

  21. McVoy L, Staelin C. Lmbench: portable tools for performance analysis. In: Proceedings of the 1996 Annual Conference on USENIX Annual Technical Conference. 1996, 23

    Google Scholar 

  22. Kortchinsky K. Hacking 3D (and breaking out of VMWare). In: Proceedings of Black Hat conference. 2009

    Google Scholar 

  23. Wojtczuk R, Rutkowska J. Xen Owning trilogy. In: Proceedings of Black Hat conference. 2008

    Google Scholar 

  24. Secunia. Xen multiple vulnerability report. http://secunia.com/advisories/44502/

  25. Ren J, Qi Y, Dai Y, Xuan Y. Inter-domain communication mechanism design and implementation for high performance. In: Proceedings of the 4th International Symposium on Parallel Architectures, Algorithms and programming (PAAP). 2011, 272–276

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Electronic and Information Engineering, Xi’an Jiaotong University, Xi’an, 710049, China

    Yuehua Dai, Yi Shi, Yong Qi, Jianbao Ren & Peijian Wang

Authors
  1. Yuehua Dai
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yi Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yong Qi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jianbao Ren
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Peijian Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yi Shi.

Additional information

Yuehua Dai received his BS in computer software and theory from Xi’an Jiaotong University in 2004. He is currently a PhD candidate in computer science at Xi’an Jiaotong University. His research interests include operating systems, VMM, cloud computing and system security.

Yi Shi received her PhD in computer software and theory from Xi’an Jiaotong University in 2008. She is a lecturer in the School of Electronic and Information Engineering, Xi’an Jiaotong University. Her research interests include operating systems, network security, cloud computing, and VMM.

Yong Qi received his PhD in computer software and theory from Xi’an Jiaotong University in 2001. He is currently a professor in the School of Electronic and Information Engineering, Xi’an Jiaotong University and the director of the Institute of Computer Software and Theory. His research interests include operating systems, distributed systems, pervasive computing, software aging and VMM. He has published more than 80 papers in international conferences and journals, including ACM SenSys, IEEE PerCom, ICNP, ICDCS, ICPP, IEEE TMC, and IEEE TPDS.

Jianbao Ren received his BS in computer software and theory from Xi’an Jiaotong University in 2009. He is currently a PhD candidate in computer science at Xi’an Jiaotong University. His research interests include operating systems, VMM, cloud computing, and system security.

Peijian Wang received the BS in computer software and theory from Xi’an Jiaotong University in 2004. He is currently a PhD candidate in computer science at the same university. His research interests include power management, cloud computing, and Internet data center.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Dai, Y., Shi, Y., Qi, Y. et al. Design and verification of a lightweight reliable virtual machine monitor for a many-core architecture. Front. Comput. Sci. 7, 34–43 (2013). https://doi.org/10.1007/s11704-012-2084-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11704-012-2084-0

Keywords

Search

Navigation