|
Abstract - Security Symposium - 2000
Analysis of the Intel Pentium's Ability to Support a Secure Virtual Machine Monitor
John Scott Robin, U.S. Air Force; Cynthia E. Irvine, Naval Postgraduate School
Abstract
A virtual machine monitor (VMM) allows multiple operating
systems to run concurrently on virtual machines (VMs) on a single
hardware platform. Each VM can be treated as an independent operating
system platform. A secure VMM would enforce an overarching security
policy on its VMs.
The potential benefits of a secure VMM for PCs include: a more secure
environment, familiar COTS operating systems and applications, and
enormous savings resulting from the elimination of the need for
separate platforms when both high assurance policy enforcement, and
COTS software are required.
This paper addresses the problem of implementing secure VMMs on the
Intel Pentium architecture. The requirements for various types of
VMMs are reviewed. We report an analysis of the virtualizability of
all of the approximately 250 instructions of the Intel Pentium
platform and address its ability to support a VMM. Current
"virtualization" techniques for the Intel Pentium architecture are
examined and several security problems are identified. An approach to
providing a virtualizable hardware base for a highly secure VMM is
discussed.
- View the full text of this paper in
HTML form and
PDF form.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.
|
Need help? Use our Contacts page.
