From: Justin Voskuhl (justinv_at_microsoft.com)
Date: Mon Mar 01 2004 - 15:23:32 PST
The Denali Isolation Kernel is a system is a virtualization technology
designed to allow multiple services to run on one physical system and
separate the services to such a large degree that they cannot possibly
interfere with each other. The provides a number of desirable traits
for service providers, since they can host third party services even if
such services aren't trusted or (more likely) are buggy. If one party's
service goes haywire it can't bring down another party's service. Also
untrusted services that attack the system can't gain access to another
party's system because of the low-level of the virtualization. The
scale of the system is potentially very large, the authors stress it
with thousands of virtual machines.
To implement this low level virtualization on x86 hardware, Denali
defines an instruction set that looks very much like x86, but has some
extensions to it, and it changes the definition of certain instructions
that are mode-dependent. They use binary rewriting to run their
modified x86 instruction set on normal x86 hardware. Their new ISA also
adds some new registers so that virtualized services can find out about
the machine they're hosted on. They also change the way in which
interrupts are handled to get higher performance.
As an example OS, the authors implement a guest OS called Ilwaco that
they port various services to. The services they try include Quake II
game server, and a web server. It would have been interesting to see if
the authors could have booted an OS like Linux as one of their services.
It seems something like this approach would be the shortest path to
getting a secured hosting service up and running.
This archive was generated by hypermail 2.1.6 : Mon Mar 01 2004 - 15:23:39 PST