|Research: Projects: VMM|
This research addresses the problem of implementing secure Virtual Machine Monitors (VMM) on the Intel Pentium architecture. A VMM allows multiple operating systems to run concurrently under virtual machines on a single workstation. High-assurance VMMs could allow complete isolation of, or data sharing between, virtual machines according to a security policy such as a mandatory secrecy policy.
The Intel architecture was mapped to a set of hardware requirements for VMMs. It was found that the Intel architecture was not virtualizable. However, several techniques are presented that allow the Intel architecture to support a "virtual VMM". A Commercial virtual VMM was studied and found to be unable to support secure VMMs. Therefore; a foundation upon which a secure VMM could be built for the Intel Pentium architecture is presented.
A secure VMM for the Intel architecture offers several benefits. First, PC users could run familiar Commercial of the Shelf (COTS) operating systems and applications. Finally, secure VMMs could save the DoD millions of dollars by eliminating the need for separate systems when both high assurance and COTS operating systems and applications are required.
What is a Virtual Machine Monitor?
Types of Virtual Machine Monitors
VMM Hardware Requirements
Sensitive instructions include those that:
Claim: "Even rogue application or operating system is confined to the VMware Virtual Platform sandbox"
VMware Virtual Platform can not handle documented/undefined features of the PC hardware
VMware: A Type II VMM?
Thesis Advisors/Principal Investigators
|This U.S. Government Web Site is provided by the Naval Postgraduate School's Center for Information Systems Security Studies and Research for official information regarding CISR's programs and research.|