Your SlideShare is downloading. ×
0
Hypervisor seminar
Hypervisor seminar
Hypervisor seminar
Hypervisor seminar
Hypervisor seminar
Hypervisor seminar
Hypervisor seminar
Hypervisor seminar
Hypervisor seminar
Hypervisor seminar
Hypervisor seminar
Hypervisor seminar
Hypervisor seminar
Hypervisor seminar
Hypervisor seminar
Hypervisor seminar
Hypervisor seminar
Hypervisor seminar
Hypervisor seminar
Hypervisor seminar
Hypervisor seminar
Hypervisor seminar
Hypervisor seminar
Hypervisor seminar
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Hypervisor seminar

675

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
675
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
34
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • system utilization
    시스템의 사용률을 높임
    하나의 시스템에서 통합(consolidation) 할 수 있고, 관리부하를 줄일 수 있음

    isolation
    물리자원을 직접 사용하지 않고, 에뮬레이션 된 자원을 이용하므로
    결함 제거/전파 저지/보안향상
    안전하고, 깨끗한 컴퓨팅 환경 제공

    resource aggregation
    디스크, CPU 같은 분산된 여러 물리자원을 단일 자원으로 집합시킬 수 있음
    동일한 인터페이스로 통합

    mobility
    system 의 이동/마이그레이션을 쉽게 가능하게 해줌
    fast suspend/resume 등

    emulation
    - 존재하지 않는 환경, 하드웨어등을 모의 시험할 수 있게 함
  • Transcript

    • 1. Hardware-assisted Virtual Machine 노용환 (a.k.a. somma) fixbrain@gmail.com
    • 2. Virtualization… system utilization management cost consolidation isolation trusted environment resource aggregation GRID system MPP (Massively Parallel Processing)resource access control mobility emulation
    • 3. History… 1960 1970 1999 2006 현재 CP-40, IBM, Cambridge Scientific Center full virtualization System/370, IBM x86 virtualization, VMWare application virtualization (application streaming) x86,x64, ARM, … Storage, Network … VMWare, Virtual Box, Xen… … OpenStack, CloudStack,… … Amazon, Google…
    • 4. Virtualization techniques Shared Device Memory and I/O Virtualization VMM CPU CPU MEMORY Physical H/W Control Guest OS Guest OS physical h/w virtualized h/w VMM must … - support same hardware interface - can control guest OS when accessing H/W resources.
    • 5. Virtualization techniques Full Virtualization - No OS modification - Binary translation, Trace cache,… - VMware ESX server Para Virtualization - Need OS modification - Hypercall - Xen Direct execution eflags, control registers, MSR registers, port I/O, privileged instructions, …
    • 6. HVM (Hardware-assisted Virtual Machine) Virtualize… CPU - AMD-V , VT-x IOMMU - AMD-Vi, VT-d Network - VT-c VMX operation VMX root operation VMX non-root operation
    • 7. HVM (Hardware-assisted Virtual Machine)
    • 8. HVM – new instructions
    • 9. HVM – instruction execution order VMXON VMCLEAR VMPTRLD VMWRITE VMLAUNCH GUEST Exit VMREAD VMRESUME VMXOFF
    • 10. HVM – data… VMXON Region - created per logical processor - used by VMX instructions VMCS Region - created per virtual CPU for guest OS - used by CPU and VMM - 4Kb aligned - PHYSICAL_ADDRESS == typedef LARGE_INTEGER - …
    • 11. HVM – VMM programming summary check VMX support allocate VMXON region execute VMXON allocate VMCS regionexecute VMCLEARexecute VMPTRLD initialize VMCS data host-state area fields VM-exit control fields VM-entry control fields VM-execution control fields guest-state area fields execute VMLAUNCH handling various VM-exits
    • 12. HVM – VMCS data organization #1 Guest state fields - saved on VM exits, loaded on VM entries #2 Host state fields - loaded on VM exits #3 Execution control fields - control VMX-non root operations #4 Exit control fields - control VM exits #5 Entry control fields - control VM entries #6 VM Exit info - saved VM exits information on VM exits pin-based controls processor-based controls exception-bitmap address I/O bitmap address Timestamp counter offset CR0/CR4 guest/host masks CR3 targets MSR bitmaps
    • 13. HVM – VMCS data organization
    • 14. HVM – accessing VMCS data VMWRITE VMREAD virtual address / physical address READ virtual address / physical address WRITE
    • 15. HVM – accessing VMCS data
    • 16. HVM – accessing VMCS data
    • 17. HVM – initialize and run VMM
    • 18. HVM – handling VM exits #6 VM Exit info
    • 19. HVM – handling VM exits
    • 20. Q & A
    • 21. HVM – Blue Pill
    • 22. HVM – related works Hypersight - Northsecuritylabs( http://northsecuritylabs.com/ ) - 2011 년 이후 업데이트 없음… McAfee DeepSAFE Microsoft - Countering Kernel Rootkits with Lightweight Hook Protection
    • 23. HVM – related works HyperDbg - SoftIce 와 유사 - HVM 을 이용한 커널디버거
    • 24. DEMO & Q & A

    ×