Hardware Reference
In-Depth Information
2.4 Protection: Virtual Memory and Virtual Machines
A virtual machine is taken to be an efficient, isolated duplicate of the real machine. We explain
these notions through the idea of a virtual machine monitor (VMM)…. a VMM has three essen-
tial characteristics. First, the VMM provides an environment for programs which is essentially
identical with the original machine; second, programs run in this environment show at worst
only minor decreases in speed; and last, the VMM is in complete control of system resources.
Gerald Popek and Robert Goldberg
“Formal requirements for virtualizable third generation architectures,”
Communications of the ACM (July 1974)
Security and privacy are two of the most vexing challenges for information technology in
2011. Electronic burglaries, often involving lists of credit card numbers, are announced reg-
ularly, and it's widely believed that many more go unreported. Hence, both researchers and
practitioners are looking for new ways to make computing systems more secure. Although
protecting information is not limited to hardware, in our view real security and privacy will
likely involve innovation in computer architecture as well as in systems software.
This section starts with a review of the architecture support for protecting processes from
each other via virtual memory. It then describes the added protection provided from virtual
machines, the architecture requirements of virtual machines, and the performance of a virtual
machine. As we will see in
Chapter 6
, virtual machines are a foundational technology for cloud
computing.
Protection Via Virtual Memory
Page-based virtual memory, including a translation lookaside buffer that caches page table
entries, is the primary mechanism that protects processes from each other.
Sections B.4
and
B.5
in Appendix B review virtual memory, including a detailed description of protection via
segmentation and paging in the 80x86. This subsection acts as a quick review; refer to those
sections if it's too quick.
Multiprogramming, where several programs running concurrently would share a com-
puter, led to demands for protection and sharing among programs and to the concept of a
process
. Metaphorically, a process is a program's breathing air and living space—that is, a run-
ning program plus any state needed to continue running it. At any instant, it must be possible
to switch from one process to another. This exchange is called a
process switch
or
context switch
.
The operating system and architecture join forces to allow processes to share the hardware
yet not interfere with each other. To do this, the architecture must limit what a process can
access when running a user process yet allow an operating system process to access more. At
a minimum, the architecture must do the following:
1. Provide at least two modes, indicating whether the running process is a user process or an
operating system process. This later process is sometimes called a
kernel
process or a
su-
pervisor
process.
2. Provide a portion of the processor state that a user process can use but not write. This state
includes a user/supervisor mode bit, an exception enable/disable bit, and memory protec-
tion information. Users are prevented from writing this state because the operating system
Search WWH ::
Custom Search