Implementation of Intel virtual machine extension root operation on the NPS least privilege separation kernel
Loading...
Authors
Martinsen, Jayce G.
Subjects
Advisors
Irvine, Cynthia E.
Date of Issue
2010-09
Date
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
A virtual machine monitor (VMM) supports execution of multiple unmodified operating systems in virtual machines (VMs) on one computer. VMM support has been added to the Intel IA 32 architecture. Enforcement of data flow policies between VMs requires a highly trustworthy VMM. Such VMMs take advantage of hardware support. The work described here explores whether the Naval Postgraduate School Least Privilege Separation Kernel (LPSK) can incorporate Intel hardware support for virtualization. The Intel documentation and LPSK code were reviewed to determine the changes required to transition the target processor to Virtual Machine Extension (VMX) root operation. First, paging in the LPSK had to be enabled. Requirements for the VMXON and VMXOFF instructions were determined and changes were made to the LPSK to enable the target processor to transition to VMX root operation. Testing showed that the changes to the LPSK allowed the target processor to successfully transition to and from VMX root operation.
Type
Thesis
Description
Series/Report No
Department
Computer Science
Organization
Naval Postgraduate School (U.S.)
Identifiers
NPS Report Number
Sponsors
Funder
Format
xiv, 63 p. : ill. ;
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.