Operating Systems Lecture 11b
Dr Ronald Grau School of Engineering and Informatics Spring term 2018
Previously 1 Security
Terminology
Cryptography Authentication Access Control Vulnerabilities Design
Quick recap of some security topics 2 Questions:
1. What are possible violations of confidentiality?
2. Ransomware poses a threat to which security property?
3. Which security mechanism is targeted by Phishing?
4. What is the principle of least privilege about?
5. What kinds of applications lend themselves to the use of symmetric cryptography?
Today 3 Virtualisation
Virtual machine concepts Hypervisors
Containers
Virtualisation techniques
Virtual Machines 4
Virtualisation 5 What is the motivation behind virtualisation?
Protection
Flexibility
Optimisation of hardware usage Easier maintenance
→Enabler of cloud computing
Virtualisation 6 Requirements of virtualisation
Provision of an environment identical to the original machine Only minor performance impact on applications
Virtual machine manager is in complete control of the system
Some Terminology 7 Disambiguation #1
Virtual machines for programming environments
Program compiled to intermediate language
Intermediate language executed by virtual machine E.g. JVM, .NET, LLVM
Sandboxing, Container
Provides protection of applications against each other E.g. BSD Jails, LXC, Docker, Solaris Zones
Desktop/application virtualisation: e.g. Citrix, Jukebox
Some Terminology 8 Disambiguation #2
Emulation
Full simulation of HW, e.g. instruction set simulator, QEMU
Allows running code compiled for different CPU architectures
Hypervisor, Virtual machine manager
Partial simulation sufficient to run a guest OS Guest OS runs as native code
Hypervisors 9 Type 0 hypervisor
Hardware-based solutions, no need for a dedicated “host“-OS e.g. IBM LPAR (logical partitions)
Type 1 hypervisor
Operating system that manages
guest operating systems
E.g. Xen, Microsoft Hyper-V, VMWare ESX
Hypervisors 10 Type 2 hypervisor
Application that manages guest operating systems
E.g. VMWare Workstation, Oracle VirtualBox
Para-virtualisation
Guest operating system is
aware of running on a VM
Performance optimisations via hypercalls:
E.g. run device drivers of host instead of running guest device drivers in virtualised environment
Hypervisors 11
Hypervisor
Manages resources allocated to guest OSes
Schedules guest OSes, keeps CPU state (“Virtual CPU”)
Requires more than two protection modes
Guest OS user mode Guest OS kernel mode Hypervisor
Guest OS kernel uses privileged instructions: How to ensure protection?
Trap and Emulate 12
Non-privileged instructions execute on physical CPU
Guest OS kernel uses privileged instructions:
VCPU keeps track of guest OS mode
Privileged instructions are emulated (binary translation)
Trap and Emulate Type 1 vs 2 13
Type 2 Hypervisors require a kernel module
Virtualising Virtual Memory 14 Nested Page Tables
Hardware Support
15
Examples: AMD SVM, Intel VT
Additional modes for host and guest system:
VCPU and nested page
tables implemented in hardware
I/O Virtualisation 16
Problems:
Guest OS have ISR for the same interrupt
Guest OS programs DMA with same physical memory addresses
I/O MMU
Interrupt remapping
Protection domains, address translation
Para-virtualisation
Modify guest OS to “forward” I/O system calls as hypercalls to hypervisor
Virtual Infrastructure 17
Advantages of Virtualisation 18
Guest OSes are isolated (security)
We can take snapshots of the current state of a guest OS Suspend execution and resume
Cloning (reliability), templating (maintenance)
Live migration (load balancing)
Containerisation 19 Package an application into a container
Easy and rapid deployment Templating
Sandboxing
More lightweight
Container uses kernel of host OS →cannot run Windows container on Linux host!
Faster start-up
Allows stacking/nesting of containers
Container Technology 20 chroot (1982)
Set root directory of file system for a process →cannot access files outside
Idea extended to BSD Jails (2000), Solaris containers (2005), LXC (2008), Docker (2013)
Linux namespaces
Virtualisation of system resources, e.g. users, processes, file systems, sockets
Namespaces can be nested →hierarchies, isolation
E.g. a process thinks that it is running as root although it has permissions of a less privileged user
Virtualisation vs Containerisation 21
Principle of Virtualisation 22 “All problems in computer science can be solved by
another level of indirection.”
(David Wheeler)
“… except for the problem of too many layers of indirection.”
(Kevlin Henney)
Summary 23
Variety of VM concepts Emulators
Hypervisors Type 0, 1, 2
Containers
Programming language VMs Virtualisation techniques for
CPU, memory, I/O
Fundamental principle of virtualisation: Indirection
Read 24 Tanenbaum & Bos., Modern Operating Systems
Chapter 7
Silberschatz et al., Operating System Concepts Chapter 16
Next Lecture 25 There are no labs on Monday because of the May bank holiday
(Please go to the other sessions on Wednesday or Friday) There is no lecture on Wednesday
Revision lecture on Friday, usual time and place.
If you have any questions, e-mail me or post them the forum and we may take them up in the lecture, as far as time permits.