2021.05.07

Dune is a system that provides applications with direct but safe access to hardware features such as ring protection, page tables, and tagged TLBs, while preserving the exist- ing OS interfaces for processes.

IntelAMD
虚拟化扩展指令集VT-xSVM
虚拟化虚拟内存Extended Page Table (EPT)Nested Page Table (NPT)
2021.05.08

目录:

  • Abstract
  1. Introduction
  2. Virtualization and Hardware
    1. The Intel VT-x Extension
    2. Supported Hardware Features
  3. Kernel Support for Dune
    1. System Overview
    2. Threat Model
    3. Comparing to a VMM
    4. Memory Management
    5. Exposing Access to Hardware
    6. Preserving OS Interface
    7. Implementation
  4. User-mode Environment
    1. Bootstrapping
    2. Limitations
  5. Applications
    1. Sandboxing
    2. Wedge
    3. Garbage Collection
  6. Evaluation
    1. Overhead from Running in Dune
    2. Optimizations Made Possible by Dune
    3. Application Performance
      1. Sandbox
      2. Wedge
      3. Garbage Collector
  7. Reflections on Hardware
  8. Related Work
  9. Conclusion