Your SlideShare is downloading. ×
Hypervisor seminar
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Hypervisor seminar

595
views

Published on

Published in: Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
595
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
28
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • system utilization
    시스템의 사용률을 높임
    하나의 시스템에서 통합(consolidation) 할 수 있고, 관리부하를 줄일 수 있음

    isolation
    물리자원을 직접 사용하지 않고, 에뮬레이션 된 자원을 이용하므로
    결함 제거/전파 저지/보안향상
    안전하고, 깨끗한 컴퓨팅 환경 제공

    resource aggregation
    디스크, CPU 같은 분산된 여러 물리자원을 단일 자원으로 집합시킬 수 있음
    동일한 인터페이스로 통합

    mobility
    system 의 이동/마이그레이션을 쉽게 가능하게 해줌
    fast suspend/resume 등

    emulation
    - 존재하지 않는 환경, 하드웨어등을 모의 시험할 수 있게 함
  • Transcript

    • 1. Hardware-assisted Virtual Machine 노용환 (a.k.a. somma) fixbrain@gmail.com
    • 2. Virtualization… system utilization management cost consolidation isolation trusted environment resource aggregation GRID system MPP (Massively Parallel Processing)resource access control mobility emulation
    • 3. History… 1960 1970 1999 2006 현재 CP-40, IBM, Cambridge Scientific Center full virtualization System/370, IBM x86 virtualization, VMWare application virtualization (application streaming) x86,x64, ARM, … Storage, Network … VMWare, Virtual Box, Xen… … OpenStack, CloudStack,… … Amazon, Google…
    • 4. Virtualization techniques Shared Device Memory and I/O Virtualization VMM CPU CPU MEMORY Physical H/W Control Guest OS Guest OS physical h/w virtualized h/w VMM must … - support same hardware interface - can control guest OS when accessing H/W resources.
    • 5. Virtualization techniques Full Virtualization - No OS modification - Binary translation, Trace cache,… - VMware ESX server Para Virtualization - Need OS modification - Hypercall - Xen Direct execution eflags, control registers, MSR registers, port I/O, privileged instructions, …
    • 6. HVM (Hardware-assisted Virtual Machine) Virtualize… CPU - AMD-V , VT-x IOMMU - AMD-Vi, VT-d Network - VT-c VMX operation VMX root operation VMX non-root operation
    • 7. HVM (Hardware-assisted Virtual Machine)
    • 8. HVM – new instructions
    • 9. HVM – instruction execution order VMXON VMCLEAR VMPTRLD VMWRITE VMLAUNCH GUEST Exit VMREAD VMRESUME VMXOFF
    • 10. HVM – data… VMXON Region - created per logical processor - used by VMX instructions VMCS Region - created per virtual CPU for guest OS - used by CPU and VMM - 4Kb aligned - PHYSICAL_ADDRESS == typedef LARGE_INTEGER - …
    • 11. HVM – VMM programming summary check VMX support allocate VMXON region execute VMXON allocate VMCS regionexecute VMCLEARexecute VMPTRLD initialize VMCS data host-state area fields VM-exit control fields VM-entry control fields VM-execution control fields guest-state area fields execute VMLAUNCH handling various VM-exits
    • 12. HVM – VMCS data organization #1 Guest state fields - saved on VM exits, loaded on VM entries #2 Host state fields - loaded on VM exits #3 Execution control fields - control VMX-non root operations #4 Exit control fields - control VM exits #5 Entry control fields - control VM entries #6 VM Exit info - saved VM exits information on VM exits pin-based controls processor-based controls exception-bitmap address I/O bitmap address Timestamp counter offset CR0/CR4 guest/host masks CR3 targets MSR bitmaps
    • 13. HVM – VMCS data organization
    • 14. HVM – accessing VMCS data VMWRITE VMREAD virtual address / physical address READ virtual address / physical address WRITE
    • 15. HVM – accessing VMCS data
    • 16. HVM – accessing VMCS data
    • 17. HVM – initialize and run VMM
    • 18. HVM – handling VM exits #6 VM Exit info
    • 19. HVM – handling VM exits
    • 20. Q & A
    • 21. HVM – Blue Pill
    • 22. HVM – related works Hypersight - Northsecuritylabs( http://northsecuritylabs.com/ ) - 2011 년 이후 업데이트 없음… McAfee DeepSAFE Microsoft - Countering Kernel Rootkits with Lightweight Hook Protection
    • 23. HVM – related works HyperDbg - SoftIce 와 유사 - HVM 을 이용한 커널디버거
    • 24. DEMO & Q & A