Hypervisor-Mediated data eXchange (HMX): Primitives for Authentic Communication
Christopher Clark
Edgeform
The technologies provided by VMMs for communication between VMs have a critical impact on VM isolation properties, on the confidence components can have in the delivery of data and in the integrity of the data that is received. This talk will identify aspects of inter-VM communication system architecture that support important properties that are valuable for building secure systems.
We will introduce terminology to enable classification of the existing body of art and survey relevant communication technologies in modern hypervisor, OS and microkernel systems. We will also present an example, an inter-VM communication mechanism developed for the Xen hypervisor, and how it is distinguished from other available communication channels on the Xen platform and elsewhere.
⏭ | |
🔎 | OpenXT · Xen |
⬇ | Slides |
References
- Design and Verification of Secure Systems, John Rushby (1981)
- Multilevel security (MLS)
- Hypercall APIs Explained, Microsoft (2006)