Transparent Driver-Kernel Isolation with VMM Intervention

Hao Zheng,Endong Wang,Yinfeng Wang,Xingjun Zhang,Baoke Chen,Weiguo Wu,Xiaoshe Dong
DOI: https://doi.org/10.1145/2524211.2524219
2013-01-01
Abstract:How to satisfy the on-demand environment while providing highly dependable services with minimum cost is a challenging issue. Improvements in the reusability of virtualization technology have enabled operating system's adaptability, which helps users customize their application environments by using various types and versions of operating systems and drivers. However, driver faults in virtual machine are a critical obstacle to achieve reliable user environment, and may even harm the reliability of the entire server. This paper describes Chariot which transparently isolates drivers in a virtual machine without affecting the reusability of the virtualization environment. An isolation loading mechanism links an isolated driver with monitoring wrappers in a virtual machine, which avoids modifying the VM kernel and drivers. According to the monitoring information, Chariot not only instantaneously updates the access control table which records the memory used by the driver, but also sets the write protection of the shadow page table which is corresponding to the whole kernel space of the virtual machine. As a result, the write operations of a driver can be captured and examined in advance. Experimental results show that Chariot can effectively isolate driver faults and improve the reliability of the operating system in a virtual machine. Furthermore, Chariot can be easily extended to isolate new drivers and ported to other versions of operating systems.
What problem does this paper attempt to address?