The document analyzes monolithic and microkernel hypervisor architectures in the context of secure hypervisor design, highlighting their structural differences and security implications. It compares features such as management interfaces, monitoring capabilities, and the management of hypercalls and interrupts across various platforms like ESXi, Xen, and Hyper-V. The conclusion emphasizes that well-written kernel code enhances security regardless of architecture.

1. Analysis of Monolithic and Microkernel Architectures
Towards Secure Hypervisor Design
Islam, Pahlwan Rabiul
20-61980-1
By
Dr. Jordan Shropshire

2. Contents
 Hypervisor Architecture
 Hypervisor Security
 Hypervisor Platforms
 ESX
 Xen
 Hyper-V
 Architectural Features
 Management API
 Monitoring Interface
 Hypercalls
 Interrupts
 Networking
 I/O

3. Introduction
Monolithic Hypervisor
 Thin Layer of Software
 Hardware Drivers
 Application Programming Interface
 Virtualization Stack
Microkernel Hypervisor
 Small hypervisor
 Kernel
 Management Partition
 Drivers
 Virtualization Managers
 Administrative Interfaces
Vulnerabilities & Trade-offs Comparison

4. Background

5. Hypervisors
 Intermediary between virtual machines & underlying hardware
 Hypercalls
 Paravirtualization
 Deliberate System Calls
 Interrupts
 Signal to Processor
 Scheduler
 One or more vCPU for each virtual machine
 Multiprocessing
 Abstraction

6. Security Rings
 Hierarchical level of privilege
 Ring 0 → OS Kernel | CPU | Memory
 Ring 1 & Ring 2 → Device Drivers
 Ring 3 → User Mode
 Shared memory privilege
 System flags
 Gate feature
 Context switch

7. Trusted Code Base (TCB)
 Trusted Code Base components
 Hardware
 Drivers
 Operating System
 Abstraction Software
 Resource Brokering Software
“all of the elements of the system responsible for supporting the
security policy and supporting the isolation of objects (code
and data) on which the protection is based”

8. Monolithic
and
Microkernel
Architectures

9. Hypervisor Task
 Starting and Maintaining virtual machines
 Abstracting System Resources
 Sharing Hardware and Assets

10. Microkernel Architecture
Management Partition
Management OS Kernel
Management Interface
Virtualization Stack
Virtual Machine
Guest OS Kernel
Applications
Hypervisor

11. Monolithic Architecture
Application
Guest OS Kernel
Management Interface
Virtualization Stack
Hypervisor Kernel

12. Threat Model
Logical Access but No Physical Access

13. Analysis
Analysis of Six Features of Hypervisors

14. Management Interface
 Remote Agents
 Connect with a Hypervisor
 Perform Managerial Duties
 Management Platforms
 Hyper-V
 Support for classes and objects
 Xen
 Controls for limiting access & permissions
 ESXi
 Allows for basic file system interaction while restricting other usage

15. Monitoring
 Monitoring System Footprint
 Xen → 14 Steps
 Hyper-V → 13 Steps
 ESXi → 10 steps

16. Hypercalls
 Hypercall Support
 Xen → 100 Hypercalls
 Hyper-V → 113 Hypercalls
 ESXi → 82 Hypercalls

17. Interrupts
 User Space Emulators
 Susceptible to tampering
 Privileged Zone Emulator
 Harder to reach

18. Networking
 Network Path
 Xen → 25 Steps
 Hyper-V → 31 Steps
 ESXi → 20 Steps

19. Storage
 Storage Path
 Xen → 23 Steps
 Hyper-V → 25 Steps
 ESXi → 16 Steps

20. Conclusion
“Regardless of the size of the footprint or the type of
architecture, well written and tested kernel code will
provide better security”