virtualization -...
TRANSCRIPT
CprE 450-550
Virtualization
Dr. Yong Guan
Department of Electrical and Computer Engineering& Information Assurance CenterIowa State University
CprE 450-550
What is it?“Virtualization is an abstraction layer that decouples the physical hardware from the operating system to deliver greater IT resource utilization and flexibility.”
–www.vmware.com
Virtualization is a framework or methodology of dividing the resources of a computer into multiple execution environments
CprE 450-550
The Rise and Fall of Virtual Machines-- 1970s: Looks like a good idea --
IBM VM/370 – A VMM for IBM mainframesMultiplex multiple OS environments on expensive hardwareDesirable when few machine around
Popular idea in the 1960s and 1970sEntire conferences on virtual machines
-- 1980s: Looks like a dumb idea --Hardware got cheap but wimpy
VMM neither desirable nor possible.
IBM kills VM/CMS in favor of MVSMulti-user OS is better than N single-user + VMM
CprE 450-550
The Rise and Fall of Virtual Machines-- 1990s: Looks like a good idea again--
Define an abstract machine specification – A Virtual MachineTypically emulate machine within an OS processExample: p-System, JAVA, Microsoft CLR
Market it as better than real machinesFast development timeWrite once, run everywhereType and memory safetyFewer bugs, better security, etc.
Popular ideas in the 2000sEntire conferences on virtual machines
CprE 450-550
The Rise and Fall of Virtual Machines-- 2000s: still a good idea --
Squeeze in between OS and applicationsDone at libraries or system call interfaceEach application or set of apps run in a virtual machineExample: WINE
Into the operating systemExample: KVM, VirtualBox, User Mode Linux
Between hardware and OSExample: VMware ESX Server, Xen
Into hardwareExample Intel VT-x Technology / AMD Pacifica
CprE 450-550
HARDWARE
KERNEL
USER LEVEL LIBRARIES
APPLICATIONS
API Calls
System Calls
Instructions
User Space
Kernel Space
Sounds Familiar?
Log
Different Types of Virtual MachinesModern computer systems are composed of various hardware and software layers
CprE 450-550
All benefit from the “level of indirection”All problems can be solved by a level of indirectionUse the layer to improve the software running in the VM.
“Every problem in computer science can be solved by adding another level of indirection”
‐‐ Butler Lampson
Commonality Across Virtual Machines
CprE 450-550
Common Virtual Machine AttributesIsolation
Total data isolation between virtual machines
EncapsulationVirtual machines are not tied to physical machinesCheckpoint/Migration
Software compatibilityRuns pretty much all softwareTrick: Make virtual hardware match real hardware
PerformanceAny new software layer adds overhead to system
CprE 450-550
Isolation CapabilityClaim: VMs should not be able to get out of the sandbox to attack other VMs or virtualization software layer.
VMM controls what resources are accessible to each VM.VMs can be isolated and requests vetted.
Policy-based access control.
Key: Use HW protection mechanisms to isolate VMsNew VMX modeProtection ringsMMU protection bits…
CprE 450-550
VM Isolation CapabilityEscape?
Assurance dependent on the implementationSize/complexity of interface.
Compare hardware interface vs. win32 system callFeatures of VMs
Isolation comparable to separate physical machinesHandle accidents (e.g. software bugs)Malicious attacks (e.g. hackers)
CprE 450-550
Encapsulation CapabilityHave ability to manipulate and control software in VM
Save execution stateTransfer VM over networksAffect the inputs/outputs to the software running in VM
Manage VM execution on machinesProvisioning, load balancing, high availability, etc.Examples: Java, VMware ESX Server
Decoupling of software from hardwareVirtualization layer controls mapping
Treat software in VM as first class object
CprE 450-550
Software CompatibilityVM will run all the software that target itLower-level VMs have advantages here
Hardware-level VMMAll software (app & OS) written for hardware.
ParavirtualizationAll applications for the ported OSes.
OS-level VMAll applications for that OS/hardware combination
Application-level VMAll applications for that OS/hardware combination
Language-level VMPrograms compiled to the byte code
CprE 450-550
VM Software CompatibilityKey: Make virtual machine abstraction match real HW
All software that runs on real HW runs in VM
Example: VMware™’s products runDOS, Win 3.1,95,98,NT,2000,ME,XP,2003, Vista, Linux, FreeBSD, etc.
Most compatible of application compatibility solutionsHardware interface: tractable complexity, slow rate of change
Example: PC98, PC99, ...
OS API interface: intractable complexity, rapid changeExample: Win32 API
CprE 450-550
VM Low Overhead/High PerformanceKey: Configure HW to directly run Virtual Machines
Use CPU to emulate a virtual CPUUse real physical memory to emulate virtual physical memoryEmulate a disk with a disk, etc.
Trick from 1960s:Configure hardware to safely give it to virtual machineVMM gets control on any privileged operation
Virtual machine runs within a few percent of native
CprE 450-550
Hardware Level VirtualizationVirtualization is supported by the real hardware
ExamplesIntel VT-x (Vanderpool) technologyAMD Pacifica
Why hardware support?
CprE 450-550
Different Types of Virtual MachinesVirtualization inserts a software layer (VMM) at different points in this architecture:
Hardware-level virtualizationOperating system-level virtualization
Type 1 VM vs. Type 2 VMApplication-level virtualizationHigh-level language virtual machines
CprE 450-550
HARDWARE
KERNEL
USER LEVEL LIBRARIES
APPLICATIONS
API Calls
System Calls
Instructions
User Space
Kernel Space
Different Types of Virtual Machines
CprE 450-550
Intel VT-X OverviewEnhances the performance of VMs through hardware support
Main FeatureThe inclusion of the new VMX mode of operation
VMX root operationFully privileged, intended for VM monitor New instructions – VMX instructions
VMX non-root operationNot fully privileged, intended for guest softwareReduces Guest SW privilege w/o relying on rings
CprE 450-550
IA-32Operation Ring 0
Ring 3VMX RootOperation
VMX Non-rootOperation
. . .Ring 0
Ring 3
VM 1
Ring 0
Ring 3
VM 2
Ring 0
Ring 3
VM n
VMXONVMLAUNCHVMRESUME
VM Exit VMCS2
VMCSn
VMCS1
VMMOS
Processes
PCB
VT-x Operations
CprE 450-550
Virtual Machine Control Structure (VMCS)Control Structures in Memory
Only one VMCS active per virtual processor at any given time
Maintenance of state informationMajor source of overhead in a software-based solutionHardware implementation takes over the tasks of loading and unloading the state from their physical locations.
CprE 450-550
Operating System Level VirtualizationVirtualization is emulated at the operating system layer
Two possible positionsType 1 VM Native VM
Between hardware and OSType 2 VM Hosted VM
Between OS and application programs
CprE 450-550
Virtual Machine Monitor (VMM)
Guest OS 1 Guest OS 2
Hardware
Type 1 VMM
Virtual Machine Monitor (VMM)
Guest OS 1 Guest OS 2
Hardware
Host OS
Type 2 VMM
Guest OS 2Guest OS 2
VMware ESX Server, XenVMware Workstation, VMware GSX Server,
Virtual PC User Mode Linux
Operating System Level Virtualization
CprE 450-550
MemorynicnicNICdiskCPU
ConsoleOS
GuestOS
GuestOS
GuestOS
GuestOS
Scheduler MemoryMgmt
SCSIDriver
EthernetDriver
VMM
Multiplex hardware resources efficiently among virtual machines
Runs unmodified binaries w/ performance isolation
Manage system hardware directly
Provides complete control over resource management
Binary Translation
VMware ESX Server
CprE 450-550
Inspects each instruction before it is executedReplaces “dangerous” instructions with calls to emulation codeStores sequences of translated instructions in a translation cacheFast, but slower than direct execution
Return to VMDirectExec. OK?
Direct Execution
Binary Translation
EmulatedPrivilegedInstruction
CPU State
VMware Binary Translation
CprE 450-550
Multiplex physical resources at the granularity of an entireOS.
Runs unmodified binaries w/ performance isolation.100 hosted OS instances
But: GuestOS has to be modified !
Para-Virtualization
Xen Overview
CprE 450-550
Xen ParavirtualizationArch xen/x86 – like x86, but replace privileged instructions with Xen hypercalls
Avoids binary rewriting and fault trapping For Linux 2.6, only arch-dep files modified
Modify OS to understand virtualised env.Wall-clock time vs. virtual processor time
Xen provides both types of alarm timerExpose real resource availability
Enables OS to optimise behaviour
CprE 450-550
Provides a self-contained environment
Identical as hosting Linux kernelProcesses have no access to host resources that were not explicitly provided
Host OS Kernel
Guest OS Kernel/UML
VM User Process 1
ptrace
VM User Process 2
Virtual Machine
System Call Interception
User Mode Linux Overview
CprE 450-550
Guest OS Applications
Guest Operating System
Host OS Apps
Host OS
PC HardwareDisks Memory CPUNIC
VMApp Virtual Machine
VMDriver VMM
Hosted VM architectureVMApp: User-level application on host OSVMDriver: Device driver inside host OS
Facilitates the transfer of control between the two worldsVMM: Privileged virtual machine monitor
Binary Translation
VMware Workstation Overview
CprE 450-550
Host OS
PC HardwarePhysical NIC
VMApp
VMDriver
Guest OS
VMM
Phy
sica
l Eth
erne
t
NIC Driver
NIC Driver
Virtual Bridge
Virtual Network Hub
Virtualizing a Network Interface
CprE 450-550
Application Level VirtualizationTechnologies
API interception through DLL injection and API hookingPartial/complete implementation of APIsEmulate low level kernel implementations in user-space
Useful when the host OS does not provide required support (e.g. Win32 threads vs. pthreads)Mandatory drivers
ExamplesWINE: Win32 API implementation on UnixPOSIX, OS/2 subsystems on Windows
Supports Unix and OS/2 like APILxRun: Linux API implementation on SCO UnixWare, Solaris
CprE 450-550
Closely follows NTImplements all the “core” DLLs (ntdll, user32, kernel32)
Wine server provides the NT backbone
Message passingSynchronizationObject handles
Native DLL support for non-core librariesHardware access through Unix device drivers
API Interception
Wine Architecture
CprE 450-550
The virtualization layer sits as an application program on top of the operating system
Can run any programs written for that virtual machine abstraction regardless of the operating system hosting that virtual machine
Real Machine
OS
JVM
Java Byte Code
Applications
Interpreted Execution
Language Level Virtualization
CprE 450-550
ApplicationsIsolation
Sandboxing Debugging/TestingSecurity Experiments (e.g., honeypots)
EncapsulationManageability
Migration/MobilityVirtual Appliance
PartitionServer/Application Consolidation
CprE 450-550
Examplar Application: VM-based IDSProblem Area: Intrusion Detection Systems (IDS).Trade-offs
Host-based IDS (HIDS): + Good visibility to catch intruder.- Weak isolation from intruder disabling/masking IDS.
Network-based IDS (NIDS):+ Good isolation from attack from intruder. Weak visibility can allow intruder to slip by unnoticed.
Would like visibility of HIDS with isolation of NIDS.Idea: Do it in the virtual machine monitor.
CprE 450-550
VM-based IDSStrong isolation
VMM isolate software in VM from VMMCompromised OS in VM can’t disable IDS in VMM
Introspection – Peer inside at software running in VMVMM can see
Physical memory, registers, I/O device state, etc.
Signature scan of memoryLook through physical memory for patterns or signs of break-in
Interposition – Modify VM abstraction to enhance securityMemory Access Enforcer
Interpose on page protection
NIC Access EnforcerInterpose on virtual network device
CprE 450-550
Control
hardware
host OS
guest OS
applicationIDS
engineState
Policy modules
Intrusionsdetected
VMM
application
VM-based Introspection