At 11:42 +0000 on 05 Nov (1288957359), ding baozeng wrote:
> I use the SPT to obtain security effect and the overhead is also
> small. I would disable EPT. When putting the security code in-vm, I
> further use the VT-d technology, CR3_TARGET_LIST to decrease the
> overhead. As we know, when processes switch, it would update CR3, and
> so trap into xen, which bring up a lot of overhead. But after we
> write the value of CR3 into the CR3_TARGET_LIST, it would not trap
> into xen when process switch. So I would create another address space
> to put the security code and put the address of its shadow page into
> CR3_TARGET_LIST. (when you have time, please take look at the paper in
> attachment, thx)
I've read the paper ("Secure In-VM Monitoring Using Hardware
Virtualization", from Proc. CCS '09, for anyone reading along) and the
thing they do there will be difficult in the Xen shadow pagetables
because Xen shadows individual frames of memory rather than %CR3 values,
so if the guest kernel shares pagetables between the secure and
non-secure %CR3s they will always see exactly the same mappings in the
shadows.
It would take quite a lot of work to make Xen's shadow pagetables treat
one process differently from all the others. Have you tried asking the
authors for their KVM code?
Cheers,
Tim.
--
Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd. (Company #02937203, SL9 0BG)
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
Home