A presentation based on "Analysis of Monolithic and Microkernel Architectures - Towards Secure Hypervisor Design" by Jordan Shropshire. Available at https://ieeexplore.ieee.org/document/6759218

1. Analysis of Monolithic and Microkernel Architectures
Towards Secure Hypervisor Design
Islam, Pahlwan Rabiul
20-61980-1
By
Dr. Jordan Shropshire

2. Contents
 Hypervisor Architecture
 Hypervisor Security
 Hypervisor Platforms
 ESX
 Xen
 Hyper-V
 Architectural Features
 Management API
 Monitoring Interface
 Hypercalls
 Interrupts
 Networking
 I/O

3. Introduction
Monolithic Hypervisor
 Thin Layer of Software
 Hardware Drivers
 Application Programming Interface
 Virtualization Stack
Microkernel Hypervisor
 Small hypervisor
 Kernel
 Management Partition
 Drivers
 Virtualization Managers
 Administrative Interfaces
Vulnerabilities & Trade-offs Comparison

4. Background

5. Hypervisors
 Intermediary between virtual machines & underlying hardware
 Hypercalls
 Paravirtualization
 Deliberate System Calls
 Interrupts
 Signal to Processor
 Scheduler
 One or more vCPU for each virtual machine
 Multiprocessing
 Abstraction

6. Security Rings
 Hierarchical level of privilege
 Ring 0 → OS Kernel | CPU | Memory
 Ring 1 & Ring 2 → Device Drivers
 Ring 3 → User Mode
 Shared memory privilege
 System flags
 Gate feature
 Context switch

7. Trusted Code Base (TCB)
 Trusted Code Base components
 Hardware
 Drivers
 Operating System
 Abstraction Software
 Resource Brokering Software
“all of the elements of the system responsible for supporting the
security policy and supporting the isolation of objects (code
and data) on which the protection is based”

8. Monolithic
and
Microkernel
Architectures

9. Hypervisor Task
 Starting and Maintaining virtual machines
 Abstracting System Resources
 Sharing Hardware and Assets

10. Microkernel Architecture
Management Partition
Management OS Kernel
Management Interface
Virtualization Stack
Virtual Machine
Guest OS Kernel
Applications
Hypervisor

11. Monolithic Architecture
Application
Guest OS Kernel
Management Interface
Virtualization Stack
Hypervisor Kernel

12. Threat Model
Logical Access but No Physical Access

13. Analysis
Analysis of Six Features of Hypervisors

14. Management Interface
 Remote Agents
 Connect with a Hypervisor
 Perform Managerial Duties
 Management Platforms
 Hyper-V
 Support for classes and objects
 Xen
 Controls for limiting access & permissions
 ESXi
 Allows for basic file system interaction while restricting other usage

15. Monitoring
 Monitoring System Footprint
 Xen → 14 Steps
 Hyper-V → 13 Steps
 ESXi → 10 steps

16. Hypercalls
 Hypercall Support
 Xen → 100 Hypercalls
 Hyper-V → 113 Hypercalls
 ESXi → 82 Hypercalls

17. Interrupts
 User Space Emulators
 Susceptible to tampering
 Privileged Zone Emulator
 Harder to reach

18. Networking
 Network Path
 Xen → 25 Steps
 Hyper-V → 31 Steps
 ESXi → 20 Steps

19. Storage
 Storage Path
 Xen → 23 Steps
 Hyper-V → 25 Steps
 ESXi → 16 Steps

20. Conclusion
“Regardless of the size of the footprint or the type of
architecture, well written and tested kernel code will
provide better security”