Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.

Slides:

Advertisements

Similar presentations

An Overview Of Virtual Machine Architectures Ross Rosemark.

Advertisements

Virtual Memory main memory can act as a cache for secondary storage motivation: Allow programs to use more memory that there is available transparent to.

Computer Organization CS224 Fall 2012 Lesson 44. Virtual Memory  Use main memory as a “cache” for secondary (disk) storage l Managed jointly by CPU hardware.

Computer ArchitectureFall 2008 © November 10, 2007 Nael Abu-Ghazaleh Lecture 23 Virtual.

Disco Running Commodity Operating Systems on Scalable Multiprocessors.

Virtual Memory and Paging J. Nelson Amaral. Large Data Sets Size of address space: – 32-bit machines: 2 32 = 4 GB – 64-bit machines: 2 64 = a huge number.

1  1998 Morgan Kaufmann Publishers Chapter Seven Large and Fast: Exploiting Memory Hierarchy (Part II)

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #29-1 Chapter 33: Virtual Machines Virtual Machine Structure Virtual Machine.

Virtualization for Cloud Computing

Virtual Machine Monitors CSE451 Andrew Whitaker. Hardware Virtualization Running multiple operating systems on a single physical machine Examples:  VMWare,

LINUX Virtualization Running other code under LINUX.

Basics of Operating Systems March 4, 2001 Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard.

Tanenbaum 8.3 See references

Virtualization Concept. Virtualization  Real: it exists, you can see it.  Transparent: it exists, you cannot see it  Virtual: it does not exist, you.

Zen and the Art of Virtualization Paul Barham, et al. University of Cambridge, Microsoft Research Cambridge Published by ACM SOSP’03 Presented by Tina.

Microkernels, virtualization, exokernels Tutorial 1 – CSC469.

CS533 Concepts of Operating Systems Jonathan Walpole.

Computer Architecture Lecture 28 Fasih ur Rehman.

Operating System Support for Virtual Machines Samuel T. King, George W. Dunlap,Peter M.Chen Presented By, Rajesh 1 References [1] Virtual Machines: Supporting.

Virtualization Concepts Presented by: Mariano Diaz.

Virtualization Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation is licensed.

Introduction 1-1 Introduction to Virtual Machines From “Virtual Machines” Smith and Nair Chapter 1.

July 30, 2001Systems Architecture II1 Systems Architecture II (CS ) Lecture 8: Exploiting Memory Hierarchy: Virtual Memory * Jeremy R. Johnson Monday.

IT253: Computer Organization

Lecture 9: Memory Hierarchy Virtual Memory Kai Bu

Virtual Memory Expanding Memory Multiple Concurrent Processes.

Computers Operating System Essentials. Operating Systems PROGRAM HARDWARE OPERATING SYSTEM.

Disco: Running Commodity Operating Systems on Scalable Multiprocessors Edouard Bugnion, Scott Devine, and Mendel Rosenblum Summary By A. Vincent Rayappa.

 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.

Virtual Memory Lecture for CPSC 5155 Edward Bosworth, Ph.D. Computer Science Department Columbus State University.

1 Some Real Problem  What if a program needs more memory than the machine has? —even if individual programs fit in memory, how can we run multiple programs?

Introduction to virtualization

Operating Systems Security

Full and Para Virtualization

Introduction Why are virtual machines interesting?

CS2100 Computer Organisation Virtual Memory – Own reading only (AY2015/6) Semester 1.

Virtual Memory Ch. 8 & 9 Silberschatz Operating Systems Book.

LECTURE 12 Virtual Memory. VIRTUAL MEMORY Just as a cache can provide fast, easy access to recently-used code and data, main memory acts as a “cache”

Running Commodity Operating Systems on Scalable Multiprocessors Edouard Bugnion, Scott Devine and Mendel Rosenblum Presentation by Mark Smith.

1 Virtualization "Virtualization software makes it possible to run multiple operating systems and multiple applications on the same server at the same.

CS161 – Design and Architecture of Computer

Virtualization.

Virtual Machine Monitors

Lecture 11 Virtual Memory

Memory COMPUTER ARCHITECTURE

CS161 – Design and Architecture of Computer

CS352H: Computer Systems Architecture

Lecture 12 Virtual Memory.

Virtual Memory User memory model so far:

143A: Principles of Operating Systems Lecture 6: Address translation (Paging) Anton Burtsev October, 2017.

Some Real Problem What if a program needs more memory than the machine has? even if individual programs fit in memory, how can we run multiple programs?

Morgan Kaufmann Publishers

Morgan Kaufmann Publishers

Morgan Kaufmann Publishers Large and Fast: Exploiting Memory Hierarchy

Running other code under LINUX

OS Virtualization.

Lecture 14 Virtual Memory and the Alpha Memory Hierarchy

Virtualization Layer Virtual Hardware Virtual Networking

Chapter 33: Virtual Machines

Morgan Kaufmann Publishers Memory Hierarchy: Virtual Memory

Virtual Memory Overcoming main memory size limitation

Computer Security: Art and Science, 2nd Edition

CSE 451: Operating Systems Autumn Module 24 Virtual Machine Monitors

Introduction to Virtual Machines

Introduction to Virtual Machines

Xen and the Art of Virtualization

Virtual Memory Use main memory as a “cache” for secondary (disk) storage Managed jointly by CPU hardware and the operating system (OS) Programs share main.

Virtual Memory.

Chapter 33: Virtual Machines

Hypervisor A hypervisor or virtual machine monitor (VMM) is computer software, firmware or hardware that creates and runs virtual machines. A computer.

Presentation transcript:

Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation in computer architecture and systems software. Virtual Memory – Architecture support for protecting processes from each other. Virtual Machines 1

Protection via Virtual Memory … (1) Data blocks – between main memory and cache. Pages – between secondary storage and main memory. Translation Lookaside Buffer (TLB) – cache to provide translation from virtual to physical address. 2

Protection via Virtual Machines … (1) Emulation that provides standard software interface. VMs that provide complete system-level environment at binary ISA (Instruction Level Architecture) level. These are called OS Virtual Machines. – Examples: IBM z/VM, VMWare ESX Server, etc.. Provides illusion that users of VM have entire computer control, including OS. One computer can run multiple VMs and support multiple OSes.  In conventional platform, one OS “owns” all hardware.  In VM, multiple OSes share hardware resources. 3

Protection via Virtual Memory … (4) Most popular memory protection scheme – Add protection restrictions to each page in virtual memory. – Page Table Mapping from virtual address space to physical address space. Protection restrictions (can user read, write, execute from this page?) are included in page table against each page entry. Only OS can update page table  paging mechanism provides access protection. – TLB Provides faster address translation (from virtual to physical address). Two parts: tag portion and data portion. Tag portion: Portions of virtual address. Data portion: Physical page address, Protection field, Valid bit, Use bit, Dirty bit. OS changes these bits in page table  this updates TLB entry. 4

Protection via Virtual Memory … (2) Multiprogramming – Multiple programs running concurrently. – Need for protection and sharing of resources among programs. – Process: Running program + state needed to run. – Context / Process switch: Switch from one process to another. OS and architecture allow processes to share hardware without interfering with each other. Types of processes – User process Access to local processor state only. – OS / Kernel / Supervisor process Access to entire processor state. 5

Protection via Virtual Memory … (3) To prevent processes from interfering with each other, architecture must provide the following. 1.At least two modes: user mode and OS mode. 2.Provide a processor state that a user process can use but not write. 1.Example: user/supervisor mode bit(s), memory protection information. 2.Because OS cannot have control if user processes grant themselves supervisor privileges. 3.Mechanism for processor to go from user to supervisor mode and vice versa. 1.Using system call; PC is saved; processor switches to user/supervisor mode; executes; return to supervisor/user mode; continue earlier subroutine. 4.Mechanism to protect memory state of a process during context switch, without having to swap process to disk. 6

Protection via Virtual Memory … (5) Insufficient – Depends on accuracy of OS and hardware. – OSes are huge programs. – Flaws in OS lead to vulnerabilities. Hence – Look for protection in a smaller code base than full OS.  Virtual Machines. 7

Protection via Virtual Machines … (2) Hypervisor – A.k.a. Virtual Machine Monitor (VMM). – Software that supports VMs. – Determines how to map virtual resources to physical resources. – Physical resource is time-shared / partitioned / emulated in software. – VMM is much smaller than OS (~ 10K l.o.c.). Host – Underlying hardware platform. Guest – VMs that share the host’s resources through the VMM. 8

Protection via Virtual Machines … (3) Other benefits of Virtual Machines. – Managing Software VMs provide abstractions to run complete software stacks, such as entire OSes. – Managing Hardware Servers – allow applications to run on compatible OSes on dedicated hardware  improves dependability. VMs allow these applications and OSes to run independently on shared hardware  reduces need for multiple servers. 9

Requirements of a Virtual Machine Monitor Provide interface to guest software. Isolate the state of guests from each other. Protect itself from guest software and OSes. Qualitative requirements – Guest software behaviour on VM = behaviour on native hardware; except for performance-related behaviour. – Guest software should not be able to change real system resources directly. 10