Analysis of Intel IA-64 processor support for a secure virtual machine monitor
Download
Author
Karadeniz, Kadir.
Date
2001-03Advisor
Irvine, Cynthia
Metadata
Show full item recordAbstract
This thesis explores the Intel IA-64 architecture's capability to support a secure virtual machine monitor. The major mission of a virtual machine monitor is to provide an execution environment identical to the real machine environment for virtual machines. A VMM duplicates the real resources of a processor for virtual machines while making a virtual machine think that it is running on a real machine. As a result, a virtual machine monitor allows multiple virtual machines to run concurrently on the same machine. A secure VMM on the Intel IA-64 architecture would offer several benefits. A secure VMM would ensure that security policy is enforced by constraining information flow between the supported virtual machines. This would provide PC users with a more secure environment in which to run COTS operating systems. The Intel IA-64 architecture was analyzed to determine if it is virtualizable. Three types of virtual machine monitors and their hardware requirements have been defined. The IA-64 architecture was mapped to these hardware requirements. Analysis showed that the IA-64 architecture meets three main hardware requirements. However, IA-64 instruction set contains 18 sensitive unprivileged instructions. These instructions prevent the IA-64 architecture from being used for a Type I VMM. Several virtualization techniques used in some architectures are discussed to determine if these techniques could be applicable to virtualization of the IA-64 architecture.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
Analyzing the Intel Pentium's capability to support a secure virtual machine monitor
Robin, John Scott. (Monterey, California. Naval Postgraduate School, 1999-09);This thesis addresses the problem of implementing secure virtual machine monitors (VMM) on the Intel Pentium architecture. A VMM allows multiple operating systems to run concurrently under virtual machines on a single ... -
Implementation of Intel virtual machine extension root operation on the NPS least privilege separation kernel
Martinsen, Jayce G. (Monterey, California. Naval Postgraduate School, 2010-09);A virtual machine monitor (VMM) supports execution of multiple unmodified operating systems in virtual machines (VMs) on one computer. VMM support has been added to the Intel IA 32 architecture. Enforcement of data flow ... -
VMM - Virtual Machine Monitors (archived)
The Center for Information Systems Security Studies and Research (2006);This research addresses the problem of implementing secure Virtual Machine Monitors (VMM) on the Intel Pentium architecture. A VMM allows multiple operating systems to run concurrently under virtual machines on a single ...