Transplantation of VirtualBox to the NOVA microhypervisor
- Track: Virtualisation devroom
- Room: UD2.120 (Chavanne)
- Day: Sunday
- Start: 14:20
- End: 15:00
NOVA is both a microkernel and a hypervisor. With only 10,000 lines of code, it is able to host virtual machines and applications securely side by side. In contrast to mature virtualization solutions like VirtualBox, however, the range of supported virtual machines used to be limited to a few fine-tuned guest OSes. The talk explains and demonstrates how VirtualBox became able to run on top of Genode/NOVA, and presents the benefits of combining NOVA with VirtualBox.
Commodity open-source virtualization solutions like Qemu/KVM and VirtualBox have received tremendous work and hand-crafted heuristics to enable a wide range of unmodified guest operating systems to run flawlessly inside virtual machines. On the other hand, those commodity virtualization solutions rely on a highly complex trusted computing base. Speaking of VirtualBox, the user has to ultimately trust the VirtualBox application in addition to the host OS kernel because VirtualBox exercises all-encompassing control over the host system. This high complexity comes with a high likelihood for bugs and thereby represents a large attack surface that puts the security and privacy of the user at risk.
With the NOVA virtualization architecture, there exists an alternative approach where the complex parts of the virtualization platform are executed in the form of unprivileged components on top of a low-complexity hybrid microkernel/hypervisor. The hypervisor solely provides mechanisms to segregate platform resources, to enable secure inter-component communication, and to reflect virtualization events to user-level virtual-machine monitors. This way, the effective isolation between virtual machines as well as components that run beside virtual machines depends on a trusted computing base of less than one percent compared to commodity virtualization solutions. On the downside, the beauty of the architecture has not gained much attention because NOVA's existing user-level virtual machine monitor lacked the feature set and out-of-the box experience of mature virtualization products.
The talk will present how the feature-rich VirtualBox virtual machine monitor was brought to the NOVA microhypervisor using the Genode OS framework as user-level infrastructure. It will start with an overview of the VirtualBox architecture on the traditional platforms, followed by a brief introduction into the world of NOVA and Genode. The main part of the talk will explain the methodology of the transplantation work and the challenges that had to be overcome. Finally, it will outline the benefits and possible future directions of combining both technologies.
The presentation will be held using a Genode/NOVA system, which will also be used for a live demonstration.
Speakers
 |
Norman Feske |