Usermode kernel : running the kernel in userspace in VM environments
In many instances of virtual machine deployments today, virtual machine instances are created to support a single application. Traditional operating systems provide an extensive framework for protecting one process from another. In such deployments, this protection layer becomes an additional source...
| Main Author: | |
|---|---|
| Format: | Others |
| Language: | English |
| Published: |
University of British Columbia
2008
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/2429/2858 |
| id |
ndltd-UBC-oai-circle.library.ubc.ca-2429-2858 |
|---|---|
| record_format |
oai_dc |
| spelling |
ndltd-UBC-oai-circle.library.ubc.ca-2429-28582018-01-05T17:23:09Z Usermode kernel : running the kernel in userspace in VM environments George, Sharath Usermode kernel Virtual machines In many instances of virtual machine deployments today, virtual machine instances are created to support a single application. Traditional operating systems provide an extensive framework for protecting one process from another. In such deployments, this protection layer becomes an additional source of overhead as isolation between services is provided at an operating system level and each instance of an operating system supports only one service. This makes the operating system the equivalent of a process from the traditional operating system perspective. Isolation between these operating systems and indirectly the services they support, is ensured by the virtual machine monitor in these deployments. In these scenarios the process protection provided by the operating system becomes redundant and a source of additional overhead. We propose a new model for these scenarios with operating systems that bypass this redundant protection offered by the traditional operating systems. We prototyped such an operating system by executing parts of the operating system in the same protection ring as user applications. This gives processes more power and access to kernel memory bypassing the need to copy data from user to kernel and vice versa as is required when the traditional ring protection layer is enforced. This allows us to save the system call trap overhead and allows application program mers to directly call kernel functions exposing the rich kernel library. This does not compromise security on the other virtual machines running on the same physical machine, as they are protected by the VMM. We illustrate the design and implementation of such a system with the Xen hypervisor and the XenoLinux kernel. Science, Faculty of Computer Science, Department of Graduate 2008-12-08T22:01:44Z 2008-12-08T22:01:44Z 2008 2008-11 Text Thesis/Dissertation http://hdl.handle.net/2429/2858 eng Attribution-NonCommercial-NoDerivatives 4.0 International http://creativecommons.org/licenses/by-nc-nd/4.0/ 728415 bytes application/pdf University of British Columbia |
| collection |
NDLTD |
| language |
English |
| format |
Others
|
| sources |
NDLTD |
| topic |
Usermode kernel Virtual machines |
| spellingShingle |
Usermode kernel Virtual machines George, Sharath Usermode kernel : running the kernel in userspace in VM environments |
| description |
In many instances of virtual machine deployments today, virtual machine
instances are created to support a single application. Traditional operating systems provide an extensive framework for protecting one process from
another. In such deployments, this protection layer becomes an additional
source of overhead as isolation between services is provided at an operating
system level and each instance of an operating system supports only one
service. This makes the operating system the equivalent of a process from
the traditional operating system perspective. Isolation between these operating systems and indirectly the services they support, is ensured by the
virtual machine monitor in these deployments. In these scenarios the process protection provided by the operating system becomes redundant and a
source of additional overhead. We propose a new model for these scenarios
with operating systems that bypass this redundant protection offered by the
traditional operating systems. We prototyped such an operating system by
executing parts of the operating system in the same protection ring as user
applications. This gives processes more power and access to kernel memory
bypassing the need to copy data from user to kernel and vice versa as is
required when the traditional ring protection layer is enforced. This allows
us to save the system call trap overhead and allows application program
mers to directly call kernel functions exposing the rich kernel library. This
does not compromise security on the other virtual machines running on the
same physical machine, as they are protected by the VMM. We illustrate
the design and implementation of such a system with the Xen hypervisor
and the XenoLinux kernel. === Science, Faculty of === Computer Science, Department of === Graduate |
| author |
George, Sharath |
| author_facet |
George, Sharath |
| author_sort |
George, Sharath |
| title |
Usermode kernel : running the kernel in userspace in VM environments |
| title_short |
Usermode kernel : running the kernel in userspace in VM environments |
| title_full |
Usermode kernel : running the kernel in userspace in VM environments |
| title_fullStr |
Usermode kernel : running the kernel in userspace in VM environments |
| title_full_unstemmed |
Usermode kernel : running the kernel in userspace in VM environments |
| title_sort |
usermode kernel : running the kernel in userspace in vm environments |
| publisher |
University of British Columbia |
| publishDate |
2008 |
| url |
http://hdl.handle.net/2429/2858 |
| work_keys_str_mv |
AT georgesharath usermodekernelrunningthekernelinuserspaceinvmenvironments |
| _version_ |
1718581851341193216 |