Kurbanmagomed Mallachiev, Nikolay Pakulin, “Remote service of system calls in microkernel hypervisor”, Proceedings of ISP RAS, 27:3 (2015), 267

Proceedings of the Institute for System Programming of the RAS

RUS ENG

JOURNALS PEOPLE ORGANISATIONS CONFERENCES SEMINARS VIDEO LIBRARY PACKAGE AMSBIB

JavaScript is disabled in your browser. Please switch it on to enable full functionality of the website

	General information
	Latest issue
	Archive

	Search papers
	Search references

	RSS
	Latest issue
	Current issues
	Archive issues
	What is RSS

Proceedings of ISP RAS:
Year:
Volume:
Issue:
Page:
	Find

Personal entry:
Login:
Password:
	Save password
	Enter
	Forgotten password?
	Register

Proceedings of the Institute for System Programming of the RAS, 2015, Volume 27, Issue 3, Pages 267–278
DOI: https://doi.org/10.15514/ISPRAS-2015-27(3)-18 (Mi tisp150)

Remote service of system calls in microkernel hypervisor

Kurbanmagomed Mallachiev^a, Nikolay Pakulin^b

^a Lomonosov Moscow State University, Faculty of Computational Mathematics and Cybernetics
^b Institute for System Programming of the Russian Academy of Sciences

Full-text PDF (279 kB)

References:

PDF

HTML

DOI: https://doi.org/10.15514/ISPRAS-2015-27(3)-18

Abstract: This paper presents further development of Sevigator hypervisor-based security system. Original design of Sevigator confines users’ applications in a separate virtual machine that has no network interfaces. For trusted applications Sevigator intercepts network-related system calls and routes them to the dedicated virtual machine that services those calls. This design allows Sevigator protect networking from malicious applications including high-level intruders residing in the kernel. Modern microkernel-based hypervisors opened the door to redesign of Sevigator. Those hypervisors are small operating systems by nature, where management of virtual machines as well as most of hardware operations are isolated in processes with low priority level. Compromising such a process does not result in compromising the whole hypervisor.
In this paper we present an experimental design of Sevigator based on NOVA hypervisor where system calls of trusted applications are serviced by a dedicated process in the hypervisor rather than a separate VM. The experiment shows about 25% performance gain due to reduced number of context switches.

Keywords: virtualization, hypervisor, security, microkernel.

Bibliographic databases:

Document Type: Article

Language: English

Citation: Kurbanmagomed Mallachiev, Nikolay Pakulin, “Remote service of system calls in microkernel hypervisor”, Proceedings of ISP RAS, 27:3 (2015), 267–278

Citation in format AMSBIB

\Bibitem{MalPak15}

\by Kurbanmagomed~Mallachiev, Nikolay~Pakulin

\paper Remote service of system calls in microkernel hypervisor

\jour Proceedings of ISP RAS

\yr 2015

\vol 27

\issue 3

\pages 267--278

\mathnet{http://mi.mathnet.ru/tisp150}

\crossref{https://doi.org/10.15514/ISPRAS-2015-27(3)-18}

\elib{https://elibrary.ru/item.asp?id=23832947}

Linking options:

https://www.mathnet.ru/eng/tisp150

https://www.mathnet.ru/eng/tisp/v27/i3/p267

Citing articles in Google Scholar: Russian citations, English citations
Related articles in Google Scholar: Russian articles, English articles

Proceedings of the Institute for System Programming of the RAS

Statistics & downloads:
Abstract page:	108
Full-text PDF :	74
References:	23

Что такое QR-код?

Registration to the website

Logotypes