Sciweavers

HICSS
2010
IEEE

A Virtualization Architecture for In-Depth Kernel Isolation

13 years 9 months ago
A Virtualization Architecture for In-Depth Kernel Isolation
Recent advances in virtualization technologies have sparked a renewed interest in the use of kernel and process virtualization as a security mechanism to enforce resource isolation and management. Unfortunately, virtualization solutions incur performance overhead. The magnitude of this overhead is directly proportional to the extend of virtualization they offer: full virtualization incurs an additional indirection layer to interface with the ever increasing hardware devices. In this paper, we propose a hypervisor-assisted, microkernel architecture which aims to provide in-depth resource isolation without the performance penalty of full virtualization. To that end, we extend the hypervisor capabilities with a lightweight VMM which enforces “identity context” to all assigned devices for each of the hosted kernels. Furthermore, we separate the control from the data plane for all hardware devices using data memory mapping and modifications of the native device drivers to divert cont...
Jiang Wang, Sameer Niphadkar, Angelos Stavrou, Anu
Added 03 Jul 2010
Updated 03 Jul 2010
Type Conference
Year 2010
Where HICSS
Authors Jiang Wang, Sameer Niphadkar, Angelos Stavrou, Anup K. Ghosh
Comments (0)