2021.05.07
Dune is a system that provides applications with direct but safe access to hardware features such as ring protection, page tables, and tagged TLBs, while preserving the exist- ing OS interfaces for processes.
Intel | AMD | |
---|---|---|
虚拟化扩展指令集 | VT-x | SVM |
虚拟化虚拟内存 | Extended Page Table (EPT) | Nested Page Table (NPT) |
2021.05.08
目录:
- Abstract
- Introduction
- Virtualization and Hardware
- The Intel VT-x Extension
- Supported Hardware Features
- Kernel Support for Dune
- System Overview
- Threat Model
- Comparing to a VMM
- Memory Management
- Exposing Access to Hardware
- Preserving OS Interface
- Implementation
- User-mode Environment
- Bootstrapping
- Limitations
- Applications
- Sandboxing
- Wedge
- Garbage Collection
- Evaluation
- Overhead from Running in Dune
- Optimizations Made Possible by Dune
- Application Performance
- Sandbox
- Wedge
- Garbage Collector
- Reflections on Hardware
- Related Work
- Conclusion