Implementation of Intel Virtual Machine Extension Root Operation on the NPS Least Privilege Separation Kernel

Abstract

A virtual machine monitor (VMM) supports execution of multiple unmodified operating systems in virtual machines (VMs) on one computer. VMM support has been added to the Intel IA 32 architecture. Enforcement of data flow policies between VMs requires a highly trustworthy VMM. Such VMMs take advantage of hardware support. The work described here explores whether the Naval Postgraduate School Least Privilege Separation Kernel (LPSK) can incorporate Intel hardware support for virtualization. The Intel documentation and LPSK code were reviewed to determine the changes required to transition the target processor to Virtual Machine Extension (VMX) root operation. First, paging in the LPSK had to be enabled. Requirements for the VMXON and VMXOFF instructions were determined and changes were made to the LPSK to enable the target processor to transition to VMX root operation. Testing showed that the changes to the LPSK allowed the target processor to successfully transition to and from VMX root operation.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2010
Accession Number
ADA531609

Entities

People

  • Jayce Martinsen

Organizations

  • Naval Postgraduate School

Tags

DTIC Thesaurus Topics

  • Communication Channels
  • Computer Programming
  • Computer Science
  • Computers
  • Computing System Architectures
  • Cybersecurity
  • Device Drivers
  • Information Assurance
  • Information Systems
  • Instructions
  • Mainframe Computers
  • Operating Systems
  • Security
  • System Software
  • United States Military Academy
  • Virtual Machines
  • Virtualization

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Parallel and Distributed Computing.