Hypervisor seminar
Download as PPTX, PDF•5 likes•2,717 views
This document discusses hardware-assisted virtual machines (HVM). It covers the history of virtualization from 1960s to present, virtualization techniques including full virtualization, para-virtualization and direct execution. It then focuses on HVM, how it virtualizes the CPU using AMD-V and VT-x extensions, I/O using AMD-Vi and VT-d, and networking using VT-c. It describes the HVM instructions, data structures including the VMCS region, and how a VMM can initialize, run and handle exits from a virtual machine using HVM. Related works exploring HVM for security applications are also briefly mentioned.
Hypervisor seminar
- 1. Hardware-assisted Virtual Machine 노용환 (a.k.a. somma) [email protected]
- 2. Virtualization… system utilization management cost consolidation isolation trusted environment resource aggregation GRID system MPP (Massively Parallel Processing)resource access control mobility emulation
- 3. History… 1960 1970 1999 2006 현재 CP-40, IBM, Cambridge Scientific Center full virtualization System/370, IBM x86 virtualization, VMWare application virtualization (application streaming) x86,x64, ARM, … Storage, Network … VMWare, Virtual Box, Xen… … OpenStack, CloudStack,… … Amazon, Google…
- 4. Virtualization techniques Shared Device Memory and I/O Virtualization VMM CPU CPU MEMORY Physical H/W Control Guest OS Guest OS physical h/w virtualized h/w VMM must … - support same hardware interface - can control guest OS when accessing H/W resources.
- 5. Virtualization techniques Full Virtualization - No OS modification - Binary translation, Trace cache,… - VMware ESX server Para Virtualization - Need OS modification - Hypercall - Xen Direct execution eflags, control registers, MSR registers, port I/O, privileged instructions, …
- 6. HVM (Hardware-assisted Virtual Machine) Virtualize… CPU - AMD-V , VT-x IOMMU - AMD-Vi, VT-d Network - VT-c VMX operation VMX root operation VMX non-root operation
- 7. HVM (Hardware-assisted Virtual Machine)
- 8. HVM – new instructions
- 9. HVM – instruction execution order VMXON VMCLEAR VMPTRLD VMWRITE VMLAUNCH GUEST Exit VMREAD VMRESUME VMXOFF
- 10. HVM – data… VMXON Region - created per logical processor - used by VMX instructions VMCS Region - created per virtual CPU for guest OS - used by CPU and VMM - 4Kb aligned - PHYSICAL_ADDRESS == typedef LARGE_INTEGER - …
- 11. HVM – VMM programming summary check VMX support allocate VMXON region execute VMXON allocate VMCS regionexecute VMCLEARexecute VMPTRLD initialize VMCS data host-state area fields VM-exit control fields VM-entry control fields VM-execution control fields guest-state area fields execute VMLAUNCH handling various VM-exits
- 12. HVM – VMCS data organization #1 Guest state fields - saved on VM exits, loaded on VM entries #2 Host state fields - loaded on VM exits #3 Execution control fields - control VMX-non root operations #4 Exit control fields - control VM exits #5 Entry control fields - control VM entries #6 VM Exit info - saved VM exits information on VM exits pin-based controls processor-based controls exception-bitmap address I/O bitmap address Timestamp counter offset CR0/CR4 guest/host masks CR3 targets MSR bitmaps
- 13. HVM – VMCS data organization
- 14. HVM – accessing VMCS data VMWRITE VMREAD virtual address / physical address READ virtual address / physical address WRITE
- 15. HVM – accessing VMCS data
- 16. HVM – accessing VMCS data
- 17. HVM – initialize and run VMM
- 18. HVM – handling VM exits #6 VM Exit info
- 19. HVM – handling VM exits
- 20. Q & A
- 21. HVM – Blue Pill
- 22. HVM – related works Hypersight - Northsecuritylabs( http://northsecuritylabs.com/ ) - 2011 년 이후 업데이트 없음… McAfee DeepSAFE Microsoft - Countering Kernel Rootkits with Lightweight Hook Protection
- 23. HVM – related works HyperDbg - SoftIce 와 유사 - HVM 을 이용한 커널디버거
- 24. DEMO & Q & A
Editor's Notes
- #3: system utilization 시스템의 사용률을 높임 하나의 시스템에서 통합(consolidation) 할 수 있고, 관리부하를 줄일 수 있음 isolation 물리자원을 직접 사용하지 않고, 에뮬레이션 된 자원을 이용하므로 결함 제거/전파 저지/보안향상 안전하고, 깨끗한 컴퓨팅 환경 제공 resource aggregation 디스크, CPU 같은 분산된 여러 물리자원을 단일 자원으로 집합시킬 수 있음 동일한 인터페이스로 통합 mobility system 의 이동/마이그레이션을 쉽게 가능하게 해줌 fast suspend/resume 등 emulation - 존재하지 않는 환경, 하드웨어등을 모의 시험할 수 있게 함