Vikram Narayanan and Anton Burtsev, in collaboration with researchers from Penn State University, won the best paper award at ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE 2020).
ACM VEE is an annual, international research conference that brings together researchers and scientists from computer science in the area of virtualization, systems programming and programming languages. 2020 marked VEE’s 16th year.
The paper, “Lightweight Kernel Isolation with Virtualization and VM Functions,” by Vikram Narayanan, Yongzhe Huang, Gang Tan, Trent Jaeger, and Anton Burtsev from UCI’s Department of Computer Science in collaboration with Penn State University presents a lightweight isolation mechanism for commodity operating systems.
In the paper, the UCI security researchers highlight the security threats posed by attackers on modern operating systems and fundamental limitations of existing operating systems to prevent those attacks. Despite many arguments for running kernel subsystems in separate protection domains over the years, commodity operating systems remain monolithic — that is, execute core kernel subsystems in a single address space along with hundreds of dynamically loaded extensions and device drivers. Lack of isolation within the kernel implies that a vulnerability in any of the kernel subsystems or device drivers opens a way to mount a successful attack on the entire kernel.
Historically, isolation within the kernel remained prohibitive due to the high cost of hardware isolation primitives. The UCI team developed a collection of techniques for lightweight isolation of privileged kernel code. The paper relies on the new hardware mechanisms — extended page-table (EPT) switching with VM functions to provide memory isolation and lightweight invocations across boundaries of protection domains with overheads comparable to system calls. The team relies on a minimal hypervisor that transparently deprivileges the system into a virtual machine to utilize VM functions. The researchers demonstrate their isolation mechanism by isolating two software-only device drivers and a 10Gbps ethernet driver with minimal overhead.
“We argue that our work — a practical, lightweight isolation boundary that supports isolation of kernel code without breaking its execution model — takes another step towards enabling isolation as a first-class abstraction in modern operating system kernels,” says Burtsev, the lead researcher on the project. “Our isolation mechanisms can be implemented either as a loadable late-launch hypervisor that transparently provides isolation for a native non-virtualized system, or as a set of hypervisor extensions that enable isolation of kernel code in a virtualized environment.”
While originally planned to take place in Lausanne, Switzerland on March 17, 2020, the conference was organized virtually.
Narayanan is a second-year Ph.D. student who works on developing new abstractions and mechanisms for securing commodity and clean slate operating systems. Burtsev is an assistant adjunct professor of computer science whose research covers operating system, security, and datacenter performance. This research on lightweight virtualized domains (LVDs) was supported by the National Science Foundation. LVDs are available at https://mars-research.github.io/lvds/.