Virtualization is a technology that allows several guest machines (the Virtual Machines, or VMs) to share one host machine using a Virtual Machine Monitor, or VMM. In contrast to other sharing mechanisms, the virtual machine monitor offers to its virtual machines the same interface that is provided by the host machine. The PERSEUS architecture uses virtualization technology to execute one or more instances of a legacy operating system on top of the trusted software layer. 

Current State: Para-Virtualization

Para-Virtualization is a term that is used to describe a technology that requires a slightly modification of existing virtual machines such that they can be reused on top of another platform. Currently, both the microkernel-based and the hypervisor-based architectures (see section resource management) use para-virtualization to execute legacy operating systems as isolated PERSEUS applications (see Figure 1).

Figure 1: Para-virtualized operating systems executed on top of our security architecture.

The obvious disadvantag of this approaches is that the sourcecode of the legacy operating system has to be modified. This requirement can become a problem, since (i) the sourcecode of the legacy operating system may not be not publicly available,  and (ii) the changes have to be applied to every new release of the legacy operating system.

The Alternative: Software Virtualization

Instead of modifying legacy operating systems such that they can be executed on top of the underlying abstraction layers, it is also possible to implement a software-based virtual machine monitor allowing the reuse of unmodified legacy operating systems (see Figure 2). A common example of a software-based VMMs is VMware.

Figure 2: Complex Virtual Machine Monitor realized as user-mode process based on a microkernel architecture.

Nevertheless, software VMMs for IA32 architectures have, due to some design flaws of the IA32 architecture (see [REF]), two important disadvantages: First, they are not very efficient. Second, they increase the complexity of the trusted computing base since software-based VMMS can become rather complex.

The Future: Hardware-based Virtualization

Fortunately, the CPU vendors Intel and AMD announced to solve the problems of the current CPU designs. The resulting CPU architectures are called Vanderpool (Intel) and XXX (AMD) and they allow the realization of an efficient virtual machine monitor with low complexity. Depending on the underlying architecture (e.g., microkernel or hypervisor), different realizations of a virtual machine monitor are possible:

Figure 3: Small and efficient Virtual Machine Monitor realized as user-mode process based on a microkernel architecture and hardware with virtualization support.

Using the microkernel-based approach, the largest part of the VMM can be realized by a process running in user mode (see Figure 3). This approach keeps the design flexible (the VMM can be loaded on demand) and the complexity of the code running in supervisor mode low. Of course, these advantages have to be paid with a slightly reduced performance. If, on the other hand, performance is more important than high-security, one can follow the hypervisor approach where the VMM functionality is integrated into the hypervisor itself (see Figure 4).

Figure 4: A hypervisor acts as VMM to be able to execute unmodified operating systems on top of it.

However, it is also possible to realize a hybrid approach (see Figure 5),  where the hypervisor executes unmodified legacy operating systems and the microkernel-based security architecture controls virtual machines running security-critical applications (e.g., the security policy management software).

  Figure 5: Hybrid approach using a trusteworthy microkernel-based operating system running as one virtual machine on top of a microkernel.