Information Technology Reference
In-Depth Information
and simplifies the implementation of multitasking and the coexistence of
multiple executing environments. In fact, such a model not only requires
limited knowledge of the entire computing stack, but it also provides ways
to implement a minimal security model for managing and accessing shared
resources. For this purpose, the instruction set exposed by the hardware
has been divided into different security classes that define who can operate
them, namely, privileged and nonprivileged instructions.
Privileged instructions are those that are executed under specific
restrictions and are mostly used for sensitive operations, which expose
(behavior-sensitive) or modify (control-sensitive) the privileged state. For
instance, behavior-sensitive instructions are those that operate on the I/O,
whereas control-sensitive instructions alter the state of the CPU registers.
Nonprivileged instructions are those instructions that can be used without
interfering with other tasks because they do not access shared resources.
For instance, this category contains all the floating, fixed-point, and arith-
metic instructions.
All the current systems support at least two different execution modes:
supervisor mode and user mode. The first mode denotes an execution mode
in which all the instructions (privileged and nonprivileged) can be executed
without any restriction. This mode, also called master mode or kernel mode,
is generally used by the operating system (or the hypervisor) to perform
sensitive operations on hardware-level resources. In user mode, there are
restrictions to control the machine-level resources. If code running in user
mode invokes the privileged instructions, hardware interrupts occur and
trap the potentially harmful execution of the instruction.
15.1.3 Virtual Machines
A virtual machine (VM) is an isolated environment that appears to be a
whole computer but actually only has access to a portion of the computer
resources. Each VM appears to be running on the bare hardware, giving
the appearance of multiple instances of the same computer, though all are
supported by a single physical system. Virtual machines have been around
since the early 1970s, when IBM released its VM/370 operating system. There
are two types of VM: process and system VMs. A process VM is a virtual
platform created for an individual process and destroyed once the process
terminates. Virtually, all operating systems provide a process VM for each
one of the applications running, but the more interesting process VMs are
those that support binaries compiled on a different instruction set. A system
VM supports an operating system together with many user processes. When
the VM runs under the control of a normal OS and provides a platform-inde-
pendent host for a single application, we have an application virtual machine
(e.g., Java Virtual Machine [JVM]).
A system virtual machine provides a complete system; each VM can run
its own OS, which in turn can run multiple applications. Systems such as
Search WWH ::
Custom Search