-
The most widely deployed mobile virtualization solution
Data Sheets
Virtualization for Embedded Systems WP continued
2.2 How Is It Done?
The efficiency feature requires that the vast majority of instructions be directly executed by the hardware: any form of emulation or interpretation replaces a single virtual-machine instruction by several instructions of the underlying host hardware. This requires that the virtual hardware is mostly identical to the physical hardware on which the VMM is hosted.
Small differences between the virtual and physical machines are possible. For example, the virtual machine may have some extra instructions not supported by the physical hardware. The physical hardware may have a different memory-management unit or different devices than the virtual hardware. The virtual machine may be an old version of the same basic architecture, and be used to run legacy code. Or the virtual machine may be a not yet implemented new version of the architecture. As long as the differences are small, and the differing instructions not heavily used, the virtualization can be about as efficient as if the hardware was the same.
Not all instructions can be directly executed. The resource-control characteristic requires that all instructions that deal with resources must access the virtual rather than the physical resources. This means such instructions must be interpreted by the VMM, as otherwise virtualization is broken.
Specifically, there are two classes of instructions that must be interpreted by the virtual machine:
- control-sensitive instructions
- which modify privileged machine state, and therefore interfere with the hypervisor’s control over resources;
- behaviour-sensitive instructions
- which access (read) privileged machine state. While they cannot change resource allocations, they reveal the state of real resources, specifically that it differs from the virtual resources, and therefore breaks the illusion provided by virtualization.
Together, control-sensitive and behaviour-sensitive instructions are called virtualization-sensitive, or simply sensitive instructions.
There are two basic ways to ensure that code running in the virtual machine does not execute any sensitive instructions:
- pure virtualization:
- ensure that sensitive instructions are not executable within the virtual machine, but instead invoke the hypervisor;
- impure virtualization:
- remove sensitive instructions from the virtual machine and replace them with virtualization code.
More White Papers and Publications
-
Defense-Grade Security for the Rest of Us
-
Build Secure Smartphones for the Enterprise
-
Learn How to Build a More Secure Smartphone
-
Build Mass-Market Smartphones with Mobile Virtualization
-
SecureIT Mobile Government White Paper (Chinese Version)
-
SecureIT Mobile Enterprise (Chinese Version)
-
Energy Management
-
Build a Smartphone for the Mass-Market (Korean Version)
-
The NirvanaPhone Concept Specification and Reference Architeture
-
Motorola Evoke Teardown
-
seL4: Formal Verification of an OS Kernel
-
Automatic Device Driver Synthesis with Termite
-
The Motorola Evoke QA4 - A Case Study in Mobile Virtualization
-
Android Migration at the Speed of Light
-
Virtualization and Componentization in Embedded Systems
-
Virtualization for Embedded Systems
-
Role of Virtualization in Embedded Systems
-
Your System is Secure? Prove it!
-
Towards Trustworthy Computing Systems: Taking Microkernels to the Next Level
-
Secure Embedded Systems Need Microkernels