- Library Home /
- Search Collections /
- Open Collections /
- Browse Collections /
- UBC Theses and Dissertations /
- Usermode kernel : running the kernel in userspace in...
Open Collections
UBC Theses and Dissertations
UBC Theses and Dissertations
Usermode kernel : running the kernel in userspace in VM environments George, Sharath
Abstract
In many instances of virtual machine deployments today, virtual machine instances are created to support a single application. Traditional operating systems provide an extensive framework for protecting one process from another. In such deployments, this protection layer becomes an additional source of overhead as isolation between services is provided at an operating system level and each instance of an operating system supports only one service. This makes the operating system the equivalent of a process from the traditional operating system perspective. Isolation between these operating systems and indirectly the services they support, is ensured by the virtual machine monitor in these deployments. In these scenarios the process protection provided by the operating system becomes redundant and a source of additional overhead. We propose a new model for these scenarios with operating systems that bypass this redundant protection offered by the traditional operating systems. We prototyped such an operating system by executing parts of the operating system in the same protection ring as user applications. This gives processes more power and access to kernel memory bypassing the need to copy data from user to kernel and vice versa as is required when the traditional ring protection layer is enforced. This allows us to save the system call trap overhead and allows application program mers to directly call kernel functions exposing the rich kernel library. This does not compromise security on the other virtual machines running on the same physical machine, as they are protected by the VMM. We illustrate the design and implementation of such a system with the Xen hypervisor and the XenoLinux kernel.
Item Metadata
Title |
Usermode kernel : running the kernel in userspace in VM environments
|
Creator | |
Publisher |
University of British Columbia
|
Date Issued |
2008
|
Description |
In many instances of virtual machine deployments today, virtual machine
instances are created to support a single application. Traditional operating systems provide an extensive framework for protecting one process from
another. In such deployments, this protection layer becomes an additional
source of overhead as isolation between services is provided at an operating
system level and each instance of an operating system supports only one
service. This makes the operating system the equivalent of a process from
the traditional operating system perspective. Isolation between these operating systems and indirectly the services they support, is ensured by the
virtual machine monitor in these deployments. In these scenarios the process protection provided by the operating system becomes redundant and a
source of additional overhead. We propose a new model for these scenarios
with operating systems that bypass this redundant protection offered by the
traditional operating systems. We prototyped such an operating system by
executing parts of the operating system in the same protection ring as user
applications. This gives processes more power and access to kernel memory
bypassing the need to copy data from user to kernel and vice versa as is
required when the traditional ring protection layer is enforced. This allows
us to save the system call trap overhead and allows application program
mers to directly call kernel functions exposing the rich kernel library. This
does not compromise security on the other virtual machines running on the
same physical machine, as they are protected by the VMM. We illustrate
the design and implementation of such a system with the Xen hypervisor
and the XenoLinux kernel.
|
Extent |
728415 bytes
|
Genre | |
Type | |
File Format |
application/pdf
|
Language |
eng
|
Date Available |
2008-12-08
|
Provider |
Vancouver : University of British Columbia Library
|
Rights |
Attribution-NonCommercial-NoDerivatives 4.0 International
|
DOI |
10.14288/1.0051274
|
URI | |
Degree | |
Program | |
Affiliation | |
Degree Grantor |
University of British Columbia
|
Graduation Date |
2008-11
|
Campus | |
Scholarly Level |
Graduate
|
Rights URI | |
Aggregated Source Repository |
DSpace
|
Item Media
Item Citations and Data
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International