Analysis of the Intel Pentium's ability to support a secure virtual machine monitor

  • Authors:
  • John Scott Robin;Cynthia E. Irvine

  • Affiliations:
  • US Air Force;Naval Postgraduate School

  • Venue:
  • SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
  • Year:
  • 2000

Quantified Score

Hi-index 0.00

Visualization

Abstract

A virtual machine monitor (VMM) allows multiple operating systems to run concurrently on virtual machines (VMs) on a single hardware platform. Each VM can be treated as an independent operating system platform. A secure VMM would enforce an overarching security policy on its VMs. The potential benefits of a secure VMM for PCs include: a more secure environment, familiar COTS operating systems and applications, and enormous savings resulting from the elimination of the need for separate platforms when both high assurance policy enforcement, and COTS software are required. This paper addresses the problem of implementing secure VMMs on the Intel Pentium architecture. The requirements for various types of VMMs are reviewed. We report an analysis of the virtualizability of all of the approximately 250 instructions of the Intel Pentium platform and address its ability to support a VMM. Current "virtualization" techniques for the Intel Pentium architecture are examined and several security problems are identified. An approach to providing a virtualizable hardware base for a highly secure VMM is discussed.