Sciweavers

USENIX
2008

Protection Strategies for Direct Access to Virtualized I/O Devices

14 years 2 months ago
Protection Strategies for Direct Access to Virtualized I/O Devices
Commodity virtual machine monitors forbid direct access to I/O devices by untrusted guest operating systems in order to provide protection and sharing. However, both I/O memory management units (IOMMUs) and recently proposed software-based methods can be used to reduce the overhead of I/O virtualization by providing untrusted guest operating systems with safe, direct access to I/O devices. This paper explores the performance and safety tradeoffs of strategies for using these mechanisms. The protection strategies presented in this paper provide equivalent inter-guest protection among operating system instances. However, they provide varying levels of intra-guest protection from driver software and incur varying levels of overhead. A simple direct-map strategy incurs the least overhead, providing native-level performance but offering no enhanced protection from misbehaving device drivers within the guest operating system. Additional protection against guest drivers can be achieved by li...
Paul Willmann, Scott Rixner, Alan L. Cox
Added 02 Oct 2010
Updated 02 Oct 2010
Type Conference
Year 2008
Where USENIX
Authors Paul Willmann, Scott Rixner, Alan L. Cox
Comments (0)