Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 33: Virtual Machines

Published byIlona Salo Modified over 6 years ago

Similar presentations

Presentation on theme: "Chapter 33: Virtual Machines"— Presentation transcript:

1 Chapter 33: Virtual Machines
Virtual Machine Structure Virtual Machine Monitor June 1, 2004 Computer Security: Art and Science © Matt Bishop

2 Computer Security: Art and Science
Overview Virtual Machine Structure Virtual Machine Monitor Privilege Physical Resources Paging June 1, 2004 Computer Security: Art and Science © Matt Bishop

3 Computer Security: Art and Science
What Is It? Virtual machine monitor (VMM) virtualizes system resources Runs directly on hardware Provides interface to give each program running on it the illusion that it is the only process on the system and is running directly on hardware Provides illusion of contiguous memory beginning at address 0, a CPU, and secondary storage to each program June 1, 2004 Computer Security: Art and Science © Matt Bishop

4 Computer Security: Art and Science
Example: IBM VM/370 Adapted from Dietel, pp. 606–607 June 1, 2004 Computer Security: Art and Science © Matt Bishop

5 Privileged Instructions
VMM running operating system o, which is running process p p tries to read—privileged operation traps to hardware VMM invoked, determines trap occurred in o VMM updates state of o to make it look like hardware invoked o directly, so o tries to read, causing trap VMM does read Updates o to make it seem like o did read Transfers control to o June 1, 2004 Computer Security: Art and Science © Matt Bishop

6 Privileged Instructions
4. o tries to switch context to p, causing trap 5. VMM updates virtual machine of o to make it appear o did context switch successfully Transfers control to o, which (as o apparently did a context switch to p) has the effect of returning control to p June 1, 2004 Computer Security: Art and Science © Matt Bishop

7 Privileged Instructions
issue read system call return from read call invoked by hardware trap read finished o read context switch to p VMM hardware June 1, 2004 Computer Security: Art and Science © Matt Bishop

8 Computer Security: Art and Science
Privilege and VMs Sensitive instruction discloses or alters state of processor privilege Sensitive data structure contains information about state of processor privilege June 1, 2004 Computer Security: Art and Science © Matt Bishop

9 Computer Security: Art and Science
When Is VM Possible? Can virtualize an architecture when: All sensitive instructions cause traps when executed by processes at lower levels of privilege All references to sensitive data structures cause traps when executed by processes at lower levels of privilege June 1, 2004 Computer Security: Art and Science © Matt Bishop

10 Computer Security: Art and Science
Example: VAX System 4 levels of privilege (user, supervisor, executive, kernel) CHMK changes privilege to kernel level; sensitive instruction Causes trap except when executed in kernel mode; meets rule 1 Page tables have copy of PSL, containing privilege level; sensitive data structure If user level processes prevented from altering page tables, trying to do so will cause a trap; this meets rule 2 June 1, 2004 Computer Security: Art and Science © Matt Bishop

11 Multiple Levels of Privilege
Hardware supports n levels of privilege So each VM must appear to do this also But only VMM can run at highest level So n–1 levels available to each VM VMs must virtualize levels of privilege Technique called ring compression June 1, 2004 Computer Security: Art and Science © Matt Bishop

12 Computer Security: Art and Science
Example: VAX/VMM VMM must emulate 4 levels of privilege Cannot allow any VM to enter kernel mode, and thereby bypass VMM But VAX/VMS requires all four levels! Virtualize executive, kernel privilege levels Conceptually, map both to physical executive level Add VM bit to PSL; if set, current process is on VM VMPSL register records PSL of running VM All sensitive instructions obtain info from VMPSL or trap to VMM, which emulates instruction June 1, 2004 Computer Security: Art and Science © Matt Bishop

13 Computer Security: Art and Science
Another Approach Divide users into different classes Control access to system by limiting access of each class Example: IBM VM/370 associates various commands with users Each command associated with user privilege classes Class G (“general user”) can start VM Class A (“primary system operator”) can control system accounting, availability of VMs, etc. Class “Any” can access, relinquish access, to VM June 1, 2004 Computer Security: Art and Science © Matt Bishop

14 Physical Resources and VMs
VMM distributes these among VMs as appropriate Example: minidisks System to run 10 VMs using one disk Split disk into 10 minidisks VMM handles mapping from (virtual) minidisk address to physical disk address June 1, 2004 Computer Security: Art and Science © Matt Bishop

15 Computer Security: Art and Science
Example VM’s OS tries to write to a disk Privileged I/O instruction causes trap to VMM VMM translates address in I/O instruction to address in physical disk VMM checks that physical address in area of disk allocated to the VM making request If not, request fails; error returned to VM VMM services request, returns control to VM June 1, 2004 Computer Security: Art and Science © Matt Bishop

16 Computer Security: Art and Science
Paging and VM Paging on ordinary machines is at highest privilege level Paging on VM is at highest virtual level Handled like any other disk I/O Two problems: On some machines, some pages available only from highest privilege level, but VM runs at next-to-highest level Performance June 1, 2004 Computer Security: Art and Science © Matt Bishop

17 Computer Security: Art and Science
First Problem VM must change protection level of pages available only from highest privilege level to appropriate level Example: On VAX/VMS, kernel mode needed for some pages But VM runs at executive mode, so must ensure only virtual kernel level processes can read those pages In practice, VMS system allows executive mode processes to elevate to kernel mode; no security issue But … executive mode processes on non-VM system cannot read pages, so loss of reliability June 1, 2004 Computer Security: Art and Science © Matt Bishop

18 Computer Security: Art and Science
Second Problem VMM pages: transparent to VMs VMs page: VMM handles it as above If lots of VM paging, this may cause significant delay Example: IBM VM/370 OS/MFT, OS/MVT access disk storage If jobs depend on timings, delays caused by VMM may affect results MVS does that and pages, too Jobs depending on timings could fail under VM/370 that would succeed if run under MVS directly June 1, 2004 Computer Security: Art and Science © Matt Bishop

Download ppt "Chapter 33: Virtual Machines"

Similar presentations

CMPT 300: Operating Systems I Dr. Mohamed Hefeeda

CMPT 300: Operating Systems I Dr. Mohamed Hefeeda
OS2-1 Chapter 2 Computer System Structures. OS2-2 Outlines Computer System Operation I/O Structure Storage Structure Storage Hierarchy Hardware Protection.

OS2-1 Chapter 2 Computer System Structures. OS2-2 Outlines Computer System Operation I/O Structure Storage Structure Storage Hierarchy Hardware Protection.
1 School of Computing Science Simon Fraser University CMPT 300: Operating Systems I Dr. Mohamed Hefeeda.

1 School of Computing Science Simon Fraser University CMPT 300: Operating Systems I Dr. Mohamed Hefeeda.
OS Fall ’ 02 Introduction Operating Systems Fall 2002.

OS Fall ’ 02 Introduction Operating Systems Fall 2002.
Disco Running Commodity Operating Systems on Scalable Multiprocessors.

Disco Running Commodity Operating Systems on Scalable Multiprocessors.
OS Spring’03 Introduction Operating Systems Spring 2003.

OS Spring’03 Introduction Operating Systems Spring 2003.
Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.

Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.
Computer System Structures memory memory controller disk controller disk controller printer controller printer controller tape-drive controller tape-drive.

Computer System Structures memory memory controller disk controller disk controller printer controller printer controller tape-drive controller tape-drive.
1 Last Class: Introduction Operating system = interface between user & architecture Importance of OS OS history: Change is only constant User-level Applications.

1 Last Class: Introduction Operating system = interface between user & architecture Importance of OS OS history: Change is only constant User-level Applications.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #29-1 Chapter 33: Virtual Machines Virtual Machine Structure Virtual Machine.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #29-1 Chapter 33: Virtual Machines Virtual Machine Structure Virtual Machine.
1 OS & Computer Architecture Modern OS Functionality (brief review) Architecture Basics Hardware Support for OS Features.

1 OS & Computer Architecture Modern OS Functionality (brief review) Architecture Basics Hardware Support for OS Features.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.

Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.
Virtual Machine Monitors CSE451 Andrew Whitaker. Hardware Virtualization Running multiple operating systems on a single physical machine Examples:  VMWare,

Virtual Machine Monitors CSE451 Andrew Whitaker. Hardware Virtualization Running multiple operating systems on a single physical machine Examples:  VMWare,
Virtualization Technology Prof D M Dhamdhere CSE Department IIT Bombay Moving towards Virtualization… Department of Computer Science and Engineering, IIT.

Virtualization Technology Prof D M Dhamdhere CSE Department IIT Bombay Moving towards Virtualization… Department of Computer Science and Engineering, IIT.
Chapter 2 Operating System Overview Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 2 Operating System Overview Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Chapter 1. Introduction What is an Operating System? Mainframe Systems

Chapter 1. Introduction What is an Operating System? Mainframe Systems
Operating System Review September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1.

Operating System Review September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1.
CHAPTER 2: COMPUTER-SYSTEM STRUCTURES Computer system operation Computer system operation I/O structure I/O structure Storage structure Storage structure.

CHAPTER 2: COMPUTER-SYSTEM STRUCTURES Computer system operation Computer system operation I/O structure I/O structure Storage structure Storage structure.
2: Computer-System Structures

2: Computer-System Structures
Recall: Three I/O Methods Synchronous: Wait for I/O operation to complete. Asynchronous: Post I/O request and switch to other work. DMA (Direct Memory.

Recall: Three I/O Methods Synchronous: Wait for I/O operation to complete. Asynchronous: Post I/O request and switch to other work. DMA (Direct Memory.

Similar presentations

Ads by Google