Logical Partitions on Many-core Platforms
Abstract
Cloud platforms that use logical partitions to allocate dedicated resources to VMs can benefit from small and therefore secure hypervisors. Many-core platforms, with their abundant resources, are an attractive basis to create and deploy logical partitions on a large scale. However, many-core platforms are designed for efficient cross-core data sharing rather than isolation, which is a key requirement for logical partitions. Typically, logical partitions leverage hardware virtualization extensions that require complex CPU core enhancements. These extensions are not optimal for manycore platforms, where it is preferable to keep the cores as simple as possible. In this paper, we show that a simple address-space isolation mechanism, that can be implemented in the Networkon- Chip of the many-core processor, is sufficient to enable logical partitions. We implement the proposed change for the Intel Single-Chip Cloud Computer (SCC). We also design a cloud architecture that relies on a small and disengaged hypervisor for the security-enhanced Intel SCC. Our prototype hypervisor is 3.4K LOC which is comparable to the smallest hypervisors available today. Furthermore, virtual machines execute bare-metal avoiding runtime interaction with the hypervisor and virtualization overhead.
People
BibTex
@inproceedings{masti2015logical,
author = {Masti, Ramya Jayaram and Marforio, Claudio and Kostiainen, Kari and Soriente, Claudio and Capkun, Srdjan},
title = {{Logical Partitions on Many-core Platforms}},
booktitle = {Proceedings of the 31st Annual Computer Security Applications Conference},
address = {Los Angeles, CA, USA},
year = 2015,
month = dec,
publisher = {Association for Computing Machinery},
doi = {10.1145/2818000.2818026},
url = {https://doi.org/10.1145/2818000.2818026}
}Research Collection: 20.500.11850/106455