Updated on 2024-04-02 GMT+08:00

Hypervisor Security

Hypervisor

The hypervisor isolates ECSs running on a physical server to prevent data theft and attacks. You can only access the ECSs allocated to you, including hardware and software resources and data.

CPU Isolation

The x86 architecture supports four privilege levels ranging from ring 0 to ring 3 with privileges in descending order.

  • Ring 0: OS kernel
  • Ring 1: OS services
  • Ring 2: privileged code (user applications with I/O access permissions)
  • Ring 3: applications

Each privilege level separately restricts the commands that can be executed.

  • The hypervisor runs at ring 0.
  • ECS OSs run at ring 1. This prevents the Guest OS from executing privileged instructions.
  • Applications run at ring 3, ensuring that they are isolated from the OS.

The introduction of CPU hardware-assisted virtualization further isolates the hypervisor from ECS OSs.

Memory Isolation

The hypervisor uses memory virtualization to isolate the virtual memory of different ECSs. Memory virtualization has introduced layer 3 addressing (virtual guest address into physical guest address and into machine address) based on traditional layer 2 addressing (virtual address into machine address). The process is as follows: An ECS translates its virtual guest address into a physical guest address. Then, the hypervisor translates the physical guest address into a machine address, and sends the machine address to the CPU for processing. This allows the ECS to access only the physical memory allocated it and prevents the ECS from obtaining the machine address.

I/O Isolation

The hypervisor uses a separate device model for I/O virtualization. The frontend transfers the I/O requests from an ECS to the hypervisor backend. The backend parses the requests and sends them to the target device to finish I/O operations. The hypervisor ensures that the ECS can access only the I/O resources allocated to it.