www.kernkonzept.com
prpl Hypervisor Overview Michael Hohmuth Kernkonzept MICROKERNEL MADE IN GERMANY www.kernkonzept.com 2 About Kernkonzept
Develops and supports the L4Re system
L4Re Microkernel / Microhypervisor (AKA L4/Fiasco.OC)
L4Re Runtime Environment
L4Linux
L4Android
Based in Dresden, Germany
MICROKERNEL MADE IN GERMANY www.kernkonzept.com 3 Outline
Virtualization
Virtual Machine – Hypervisor – Virtual Machine Monitor
Paravirtualization
Microkernel – Microhypervisor
Tradeoffs
Security – Trust – Certification
MICROKERNEL MADE IN GERMANY www.kernkonzept.com 4 Virtualization
Create a virtual resource
Protect / multiplex the actual resource
Virtual memory
Virtual I/O
Virtual machine (VM) ● Virtual computer ● (Sometimes: abstract machine, e. g. Java VM)
… while keeping the programming model intact
“ As if using the actual resource”
MICROKERNEL MADE IN GERMANY www.kernkonzept.com 5 Virtual Machine
Virtual environment for running systems meant for actual machines
Implemented using system software on the actual system, the “host”:
Hypervisor ● Implements “world switch” ● Virtual CPU: Rich execution model (privileged and user modes) ● Benefits from hardware acceleration: AMD-V, VT-x, VZ
Virtual Machine Monitor ● Virtualizes/emulates platform/devices
MICROKERNEL MADE IN GERMANY www.kernkonzept.com 6 Type 1 hypervisors
Self-hosted (“bare metal”) hypervisor
Sometimes, VMM runs in a VM VMM
Example systems: File File File Driver Net Driver Net Driver Net sys sys sys ● Hyper-V pass virt guest virt virt guest virt virt guest ● Xen thru CPU mem dev CPU mem dev CPU mem ● VMware ESX ● L4Re Microkernel Hypervisor
Device CPU 0MICROKERNELCPU 1 MADEPhys. IN Memory GERMANY www.kernkonzept.com 7 Type 2 hypervisors
Hosted on conventional host OS
VMM runs in a host application
File File Driver Net Driver Net sys sys Example systems: virt virt guest virt virt guest VMM dev CPU mem dev CPU mem ● Linux KVM ● VMware Host OS Kernel Workstation Driver Filesys Net ● VirtualBox
Device CPU 0MICROKERNELCPU 1 MADEPhys. IN Memory GERMANY www.kernkonzept.com 8 Paravirtualization
Relaxes requirement to keep programming model intact
Software API instead of faithful hardware emulation ● Simpler ● Faster ● No need for hardware acceleration
For entire guest system No need to emulate privileged CPU modes
Or just for devices
Virtual network, block devices, clocks, …
Downside: Need to change guest OSes MICROKERNEL MADE IN GERMANY www.kernkonzept.com 9 Microkernel Run OS components as Paravirt. system untrusted user-mode Secure app app app applications app Reduces trusted computing base for Real-time app trusted apps Blends well with Linux server File paravirtualization Native app Driver Net sys virt virt guest Example systems: Driver Filesys Net dev CPU mem ● L4Re microkernel
● PikeOS Microkernel ● seL4 microkernel Device CPU 0MICROKERNELCPU 1 MADEPhys. IN Memory GERMANY www.kernkonzept.com 10 Microhypervisor
Run VMM as untrusted user-mode applications Secure app
Can even have one VMM Real-time app per guest
VMM
Example systems: File File Driver Net Driver Net Net sys sys ● L4Re virt guest virt guest Microkernel Driver virt virt Filesys dev CPU mem dev CPU mem ● Nova microhypervisor Microhypervisor
Device CPU 0MICROKERNELCPU 1 MADEPhys. IN Memory GERMANY www.kernkonzept.com 11 Security – Trust – Certification
Complexity defeats security
Fight complexity:
Remove untrusted systems from the TCB (VMs)
Minimize your application's TCB ● Remove dependencies to unneeded components ● Isolate noncritical functions into secure compartments
Minimal TCBs are amenable to certification / verification
MICROKERNEL MADE IN GERMANY www.kernkonzept.com 12
Thank you! www.kernkonzept.com
MICROKERNEL MADE IN GERMANY