Introduction computer security matt bishopexample vax vax
Chapter 33: Virtual Machines• Virtual Machine Structure
• Virtual Machine Monitor
|
Slide #29-1 |
|---|
– Paging
– Runs directly on hardware
– Provides interface to give each program running on it the illusion that it is the only process on the system and is running directly on hardware
| Slide #29-3 |
|---|
Example: IBM VM/370
| real hardware |
|
|---|
Adapted from Dietel, pp. 606–607
1. VMM running operating system o, which is
running process p
causing trap
3. VMM does read
| – | Slide #29-5 | ||
|---|---|---|---|
| – | |||
©2004 Matt Bishop
Privileged Instructions
©2004 Matt Bishop
| p | return from read call | ||
|---|---|---|---|
| invoked by hardware trap |
| Slide #29-7 |
|---|
©2004 Matt Bishop
Privilege and VMs
©2004 Matt Bishop
When Is VM Possible?
|
Slide #29-9 |
|---|
©2004 Matt Bishop
|
|
Slide #29-11 |
|---|
| Slide #29-13 |
|---|
©2004 Matt Bishop
Example: IBM VM/370
Physical Resources and VMs
• Distributes resources among VMs as appropriate
|
|
Slide #29-15 |
|---|
• VMM returns control to VM when appropriate– If I/O synchronous, when service complete
– If I/O asynchronous, when service begun
– Some pages may be available only at highest level of privilege
• VM must remap level of privilege of these pages– Performance issues
• VMM paging its own pages is transparent to VMs • VM paging is handled by VMM; if VM’s OS does lots of paging, this may introduce significant delays
| Slide #29-17 |
|---|
• On VAX/VMS, only kernel level processes can read some pages
– What happens if process at VM kernel level needs to read such a page?
• If jobs being run under those systems depend on timings, delay caused by VM may affect success of job
– If system supports virtual paging (like MVS), either MVS or VMM may cause paging
| Slide #29-19 |
|---|
