Virtualization with XEN. Trusted Computing CS599 Spring 2007 Arun Viswanathan University of Southern California

Similar documents
Lecture 7. Xen and the Art of Virtualization. Paul Braham, Boris Dragovic, Keir Fraser et al. 16 November, Advanced Operating Systems

Xen and the Art of Virtualization

Xen and the Art of Virtualization

Virtualization. ! Physical Hardware Processors, memory, chipset, I/O devices, etc. Resources often grossly underutilized

Virtualization. Starting Point: A Physical Machine. What is a Virtual Machine? Virtualization Properties. Types of Virtualization

CSE 120 Principles of Operating Systems

Xen is not just paravirtualization

Lecture 5: February 3

Virtualization. Operating Systems, 2016, Meni Adler, Danny Hendler & Amnon Meisels

VIRTUALIZATION: IBM VM/370 AND XEN

Linux and Xen. Andrea Sarro. andrea.sarro(at)quadrics.it. Linux Kernel Hacking Free Course IV Edition

Support for Smart NICs. Ian Pratt

24-vm.txt Mon Nov 21 22:13: Notes on Virtual Machines , Fall 2011 Carnegie Mellon University Randal E. Bryant.

Xen and the Art of Virtualization. CSE-291 (Cloud Computing) Fall 2016

Dr. Song Fu 3/22/2010

Chapter 5 C. Virtual machines

Mission-Critical Enterprise Linux. April 17, 2006

Virtual Machines Disco and Xen (Lecture 10, cs262a) Ion Stoica & Ali Ghodsi UC Berkeley February 26, 2018

Virtualization, Xen and Denali

Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand

Xen and the Art of Virtualiza2on

Xen and the Art of Virtualization. Nikola Gvozdiev Georgian Mihaila

Advanced Operating Systems (CS 202) Virtualization

The Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36

Module 1: Virtualization. Types of Interfaces

Virtual Machine Security

Virtual Machine Monitors (VMMs) are a hot topic in

Programmed I/O accesses: a threat to Virtual Machine Monitors?

Virtual Machines. Part 2: starting 19 years ago. Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?

CSCE 410/611: Virtualization!

The Architecture of Virtual Machines Lecture for the Embedded Systems Course CSD, University of Crete (April 29, 2014)

Virtual Leverage: Server Consolidation in Open Source Environments. Margaret Lewis Commercial Software Strategist AMD

NON SCHOLAE, SED VITAE

references Virtualization services Topics Virtualization

CSCE 410/611: Virtualization

OS Virtualization. Why Virtualize? Introduction. Virtualization Basics 12/10/2012. Motivation. Types of Virtualization.

CS 350 Winter 2011 Current Topics: Virtual Machines + Solid State Drives

Xen on ARM. Stefano Stabellini

SERVE. -Priyal Lokhandwala

Virtual Machine Monitors!

Virtual Virtual Memory

CSC 5930/9010 Cloud S & P: Virtualization

COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy

CS-580K/480K Advanced Topics in Cloud Computing. VM Virtualization II

CS 5600 Computer Systems. Lecture 11: Virtual Machine Monitors

CIS Operating Systems CPU Mode. Professor Qiang Zeng Spring 2018

COS 318: Operating Systems. Virtual Machine Monitors

Virtualisation: The KVM Way. Amit Shah

Nested Virtualization and Server Consolidation

Virtualization. ...or how adding another layer of abstraction is changing the world. CIS 399: Unix Skills University of Pennsylvania.

Introduction to Cloud Computing and Virtualization. Mayank Mishra Sujesha Sudevalayam PhD Students CSE, IIT Bombay

Cloud Computing Virtualization

Xen VT status and TODO lists for Xen-summit. Arun Sharma, Asit Mallick, Jun Nakajima, Sunil Saxena

CS370 Operating Systems

Knut Omang Ifi/Oracle 6 Nov, 2017

Networks and Opera/ng Systems Chapter 21: Virtual Machine Monitors ( )

Xen. past, present and future. Stefano Stabellini

Background. IBM sold expensive mainframes to large organizations. Monitor sits between one or more OSes and HW

CHAPTER 16 - VIRTUAL MACHINES

Dan Noé University of New Hampshire / VeloBit

Virtualization. Pradipta De


System Virtual Machines

Virtual Machines. To do. q VM over time q Implementation methods q Hardware features supporting VM q Next time: Midterm?

Mechanisms and constructs for System Virtualization

Cross-architecture Virtualisation

Pre-virtualization internals

System Virtual Machines

Virtual machine architecture and KVM analysis D 陳彥霖 B 郭宗倫

I/O virtualization. Jiang, Yunhong Yang, Xiaowei Software and Service Group 2009 虚拟化技术全国高校师资研讨班

Virtualization. Dr. Yingwu Zhu

Implementation and Analysis of Large Receive Offload in a Virtualized System

The Price of Safety: Evaluating IOMMU Performance

CSE543 - Computer and Network Security Module: Virtualization

Intel Virtualization Technology Roadmap and VT-d Support in Xen

RISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas

CS 550 Operating Systems Spring Introduction to Virtual Machines

DISCO and Virtualization

The only open-source type-1 hypervisor

What is KVM? KVM patch. Modern hypervisors must do many things that are already done by OSs Scheduler, Memory management, I/O stacks

CprE Virtualization. Dr. Yong Guan. Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University

Virtual Memory. Lecture for CPSC 5155 Edward Bosworth, Ph.D. Computer Science Department Columbus State University

Shadow2. Xen Technical Summit, Summer Tim Deegan (XenSource) & Michael Fetterman (U of Cambridge, Intel) Guilty parties:

CS370: Operating Systems [Spring 2017] Dept. Of Computer Science, Colorado State University

Xen on ARM ARMv7 with virtualization extensions

Towards an Invisible Honeypot Monitoring Tool. Hack.Lu2006

Advanced Systems Security: Virtual Machine Systems

Virtualization and memory hierarchy

Distributed Systems COMP 212. Lecture 18 Othon Michail

Virtualization. Part 1 Concepts & XEN

Virtualized SISCI. Extending Virtual Machines With a Shared Memory API Utilizing PCIe Networking. Halvor Kielland-Gyrud Master s Thesis Spring 2017

Advanced Systems Security: Virtual Machine Systems

Virtualization (II) SPD Course 17/03/2010 Massimo Coppola

The Future of Virtualization

VMMS: DISCO AND XEN CS6410. Ken Birman

CSE543 - Computer and Network Security Module: Virtualization

Chapter 5 B. Large and Fast: Exploiting Memory Hierarchy

CSE543 - Computer and Network Security Module: Virtualization

Junhong Jiang, Kevin Tian, Chris Wright, Don Dugger

Transcription:

Virtualization with XEN Trusted Computing CS599 Spring 2007 Arun Viswanathan University of Southern California

A g e n d a Introduction Virtualization approaches Basic XEN Architecture Setting up XEN Bootstrapping XEN dom-0 and dom-u Meeting the Devil XEN Virtual Machine Monitor Design XEN 3.0 architecture Practicality and applicability Benefits of XEN for Trusted Computing Research Building a virtual network using XEN (DEMO) References

V i r t u a l i z a t i o n A p p r o a c h e s Full Virtualization Hyper visor provides fully emulated machine eg. Vmware Performance is a concern Single Kernel Image a.k.a Lightweight virtualization Host OS spawns additional copies of itself eq. Virtuozzo, Solaris Zones Not possible to run different OS/OS versions on same machine Exploitation of base OS leads to exploitation of all Para Virtualization Virtualization technique that presents a software interface to virtual machines that is similar but not identical to that of the underlying hardware eg. XEN Faster, scalable and more secure than above two approaches

Introduction

B a s i c X E N A r c h i t e c t u r e Domain U Runs a lean kernel with virtual drivers Domain 0 Full kernel Native DD XEN control tools (xend/xm etc) Hyper call Interface to trap from Ring 1 to Ring 0 Ring 3 Ring 1 Ring 0

S e t t i n g u p X E N My Configuration Pentium-M, 1GB Ram (no VT, no TPM :( Ubuntu `Edgy Eft' ver 6.10 Linux Kernel 2.6.16.29 with Xen 3.0.3 Dom-0 uses 512MB memory, Dom-U's are allocated 128MB Steps to get up and running Download the xen sources Compile xen hypervisor, dom-0 and dom-u kernels Edit grub and place the hypervisor and dom-0 kernel entries Boot using the hypervisor/dom-0 kernel Build images for guest kernels (i used debian) One can also use stripped down linux systems like tty-linux Create a VM config file for XEN Create new domains using dom-u kernels and guest images

B o o t s t r a p p i n g X e n d o m - 0 a n d d o m - U BIOS xm create command on Dom 0 Boot loader Hyper visor Domain 0 xend establishes device domains and channels and listens on 8000 xend receives command Domain 0 builds new VM/Devices New Dom U kernel bootstrapped in VM

Meet the Devil

X E N D e s i g n G o a l s Efficient Paravirtualization of the x86 interfaces CPU Memory management Time and Timers I/O Safe hardware access Unmodified device drivers are shared across isolated OS instances System as a whole is protected from driver bugs and failures.

C P U V i r t u a l i z a t i o n x86 CPUs have 4 rings of operation Xen runs in ring 0, whereas the kernel moved to ring 1 or 2. Privileged instructions are paravirtualized 17 / 250 instructions in IA32 cause problems when run in ring 1 (eg. SGDT, SLDT, PUSPF, POPF, SMSW, HLT etc) In some cases like HLT the instruction is replaced with a hypercall which is like a system call (INT 0x82) and is used to move from ring 1 to ring 0. In some cases like CLTS (Clear Task Switch flag in CR0) the control passes onto ring 0 and the instruction is then executed in ring 0 by XEN. Exceptions including memory faults and software traps are virtualized by associating a handler with the exception and registering with XEN for validation. System calls can be serviced by 'fast' exception handlers without indirecting via XEN. At registration time XEN checks that the exception handlers do not specify execution in ring 0.

C P U V i r t u a l i z a t i o n ( c o n t... ) Protecting XEN from Guest OSes Paging provides a supervisor/user permission check, but there's only one bit, and it says that rings 0-2 are all "supervisor" rings, and only ring 3 is prohibited from seeing those pages. Xen sets up the segment registers so that the top 64MB of memory is beyond the segment limit whenever the guest OS is running. This also helps in preventing costly TLB flushes when making a hypercall.

T i m e a n d T i m e r s Xen provides guest OSes with notions of real time, virtual time and wallclock time. Real time is expressed in nanoseconds passed since machine boot and is maintained to the accuracy of the processor's cycle counter A domain's virtual time only advances while it is executing: this is typically used by the guest OS scheduler to ensure correct sharing of its timeslice between application processes. Finally, wall-clock time is specified as an offset to be added to the current real time. This allows the wall-clock time to be adjusted without affecting the forward progress of real time. For a real kernel, a second going by in kernel time is a second going by on the clock on the wall. However, when a kernel is being virtualised, a second going by for the kernel can be several seconds of real time as it is sharing the hardware with all the other kernels on that same computer. Therefore a virtualised kernel must be aware of both real wall clock time, and virtual processor time - the time which it has actual access to the hardware.

I / O H a n d l i n g dom0 is a privileged domain that can touch all hardware in the system dom0 exports some subset of the the devices in the system to the other domains Devices are exported via device channels - an asynch shared memory transport coupled with event rings for interrupts dom0 runs the backend of the device, which is exported to each domain via a frontend netback, netfront blockback, blockfront there s a PCI pass through for other kinds of devices (e.g. sound) backends and frontends communicate via a high level device abstraction - block class, network class, etc domains other than dom0 may be granted physical device access, securely virtual PCI configuration space and virtual interrupts

S a f e H a r d w a r e A c c e s s r e q u i r e m e n t s Requirement 1 : Driver Isolation Memory : Execute in logical fault domain CPU : Schedule access to prevent excessive consumption Privilege : Limit access to instruction set Requirement 2: Driver Device Isolation I/O registers : restrict access to permitted ranges Interrupt : allow to mask/receive only device's interrupts Requirement 3: Device Isolation Memory : Prevent DMA to arbitrary host memory Other Devices: Prevent access to arbitrary other devices

S a f e H a r d w a r e M o d e l

S a f e D e v i c e A c c e s s

T h e B i g P i c t u r e ( X e n 3. 0 ) VM0 Device Manager & Control s/w VM1 Unmodified User Software VM2 Unmodified User Software VM3 Unmodified User Software GuestOS (XenLinux) Back End GuestOS (XenLinux) GuestOS (XenLinux) SMP Unmodified GuestOS (WinXP)) Native Device Drivers Front End Device Drivers Front End Device Drivers Front End Device Drivers Control IF Safe HW IF Event Channel Virtual CPU Xen Virtual Machine Monitor Virtual MMU Hardware (SMP, MMU, physical memory, Ethernet, SCSI/IDE)

Practicality and Applicability

B u i l d i n g a v i r t u a l n e t w o r k u s i n g X E N ( R e f [ 2 ] )

B e n e f i t s o f X E N f o r T r u s t e d C o m p u t i n g R e s e a r c h XEN includes a facility called vtpm (a virtual TPM) which is supposed to emulate the full TPM. You still need to have a real TPM in place first just like other devices. But one could then create many TPM enabled boxes easily. XEN allows easy creation of virtual networks. Combined with the vtpm one could test 'remote attestation' implementations easily. VT technology allows one to run Windows/linux unmodified under the XEN hypervisor. This facility would be really helpful as one could then create hetrogeneous networks within a laptop. A laptop equipped with TPM / Processor supporting VT and Xen can realize most of our prototypes that we may conjure in CS599. XEN allows me to carry my virtual lab with me in my laptop. Paravirtualization could allow one to spawn 'thin virtual machines' on the fly because there is no driver overhead. I am currently toying with this idea and i speculate that XEN is the closest to realizing such systems.

R e f e r e n c e s 1. http://www.howtoforge.com/perfect_xen_setup_debian_ubuntu 1. Caution : Some critical material in this is out of date! Did not apply completely to my configuration. Send me email (aviswana@usc.edu) if you want to setup XEN using my config. 2. http://www.shorewall.net/xen.html 3. Xen and the Art of Virtualization, Paul Barham et al, SOSP 2003 4. Safe Hardware Access with the Xen Virtual Machine Monitor, Keir Fraser et al, OASIS ASPLOS 2004 workshop

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback