A presentation based on
"Analysis of Monolithic and Microkernel Architectures - Towards Secure Hypervisor Design" by Jordan Shropshire.
Available at https://ieeexplore.ieee.org/document/6759218
5. Hypervisors
Intermediary between virtual machines & underlying hardware
Hypercalls
Paravirtualization
Deliberate System Calls
Interrupts
Signal to Processor
Scheduler
One or more vCPU for each virtual machine
Multiprocessing
Abstraction
6. Security Rings
Hierarchical level of privilege
Ring 0 → OS Kernel | CPU | Memory
Ring 1 & Ring 2 → Device Drivers
Ring 3 → User Mode
Shared memory privilege
System flags
Gate feature
Context switch
7. Trusted Code Base (TCB)
Trusted Code Base components
Hardware
Drivers
Operating System
Abstraction Software
Resource Brokering Software
“all of the elements of the system responsible for supporting the
security policy and supporting the isolation of objects (code
and data) on which the protection is based”
14. Management Interface
Remote Agents
Connect with a Hypervisor
Perform Managerial Duties
Management Platforms
Hyper-V
Support for classes and objects
Xen
Controls for limiting access & permissions
ESXi
Allows for basic file system interaction while restricting other usage