Usermode kernel : running the kernel in userspace in VM environments

In many instances of virtual machine deployments today, virtual machine instances are created to support a single application. Traditional operating systems provide an extensive framework for protecting one process from another. In such deployments, this protection layer becomes an additional sou...

Full description

Bibliographic Details
Main Author: George, Sharath
Language:English
Published: University of British Columbia 2008
Subjects:
Online Access:http://hdl.handle.net/2429/2858
id ndltd-LACETR-oai-collectionscanada.gc.ca-BVAU.2429-2858
record_format oai_dc
spelling ndltd-LACETR-oai-collectionscanada.gc.ca-BVAU.2429-28582014-03-26T03:35:24Z Usermode kernel : running the kernel in userspace in VM environments George, Sharath Usermode kernel Virtual machines In many instances of virtual machine deployments today, virtual machine instances are created to support a single application. Traditional operating systems provide an extensive framework for protecting one process from another. In such deployments, this protection layer becomes an additional source of overhead as isolation between services is provided at an operating system level and each instance of an operating system supports only one service. This makes the operating system the equivalent of a process from the traditional operating system perspective. Isolation between these operating systems and indirectly the services they support, is ensured by the virtual machine monitor in these deployments. In these scenarios the process protection provided by the operating system becomes redundant and a source of additional overhead. We propose a new model for these scenarios with operating systems that bypass this redundant protection offered by the traditional operating systems. We prototyped such an operating system by executing parts of the operating system in the same protection ring as user applications. This gives processes more power and access to kernel memory bypassing the need to copy data from user to kernel and vice versa as is required when the traditional ring protection layer is enforced. This allows us to save the system call trap overhead and allows application program mers to directly call kernel functions exposing the rich kernel library. This does not compromise security on the other virtual machines running on the same physical machine, as they are protected by the VMM. We illustrate the design and implementation of such a system with the Xen hypervisor and the XenoLinux kernel. 2008-12-08T22:01:44Z 2008-12-08T22:01:44Z 2008 2008-12-08T22:01:44Z 2008-11 Electronic Thesis or Dissertation http://hdl.handle.net/2429/2858 eng University of British Columbia
collection NDLTD
language English
sources NDLTD
topic Usermode kernel
Virtual machines
spellingShingle Usermode kernel
Virtual machines
George, Sharath
Usermode kernel : running the kernel in userspace in VM environments
description In many instances of virtual machine deployments today, virtual machine instances are created to support a single application. Traditional operating systems provide an extensive framework for protecting one process from another. In such deployments, this protection layer becomes an additional source of overhead as isolation between services is provided at an operating system level and each instance of an operating system supports only one service. This makes the operating system the equivalent of a process from the traditional operating system perspective. Isolation between these operating systems and indirectly the services they support, is ensured by the virtual machine monitor in these deployments. In these scenarios the process protection provided by the operating system becomes redundant and a source of additional overhead. We propose a new model for these scenarios with operating systems that bypass this redundant protection offered by the traditional operating systems. We prototyped such an operating system by executing parts of the operating system in the same protection ring as user applications. This gives processes more power and access to kernel memory bypassing the need to copy data from user to kernel and vice versa as is required when the traditional ring protection layer is enforced. This allows us to save the system call trap overhead and allows application program mers to directly call kernel functions exposing the rich kernel library. This does not compromise security on the other virtual machines running on the same physical machine, as they are protected by the VMM. We illustrate the design and implementation of such a system with the Xen hypervisor and the XenoLinux kernel.
author George, Sharath
author_facet George, Sharath
author_sort George, Sharath
title Usermode kernel : running the kernel in userspace in VM environments
title_short Usermode kernel : running the kernel in userspace in VM environments
title_full Usermode kernel : running the kernel in userspace in VM environments
title_fullStr Usermode kernel : running the kernel in userspace in VM environments
title_full_unstemmed Usermode kernel : running the kernel in userspace in VM environments
title_sort usermode kernel : running the kernel in userspace in vm environments
publisher University of British Columbia
publishDate 2008
url http://hdl.handle.net/2429/2858
work_keys_str_mv AT georgesharath usermodekernelrunningthekernelinuserspaceinvmenvironments
_version_ 1716654904195416064