Channels ▼
RSS

Embedded Systems

System Virtualization


David Kleidermacher is chief technology officer at Green Hills Software where he has been responsible for operating system and virtualization technology over the past decade. David can be contacted at davek at ghs.com.


Vrtualization was first introduced in mainframes during the 1960s and 1970s. Although it remained a largely untapped facility during the 1980s and 1990s, computer scientists have long understood many of the applications of virtualization, including the ability to run distinct and legacy operating systems on a single hardware platform.

At the start of the millennium, VMware proved the practicality of full system virtualization, hosting unmodified, general purpose, "guest" operating systems such as Windows on common Intel architecture-based hardware platforms. In 2005, Intel launched Intel Virtualization Technology (Intel VT), which both simplified and accelerated virtualization. Consequently, a number of virtualization software products have emerged, alternatively called "virtual machine monitors" or "hypervisors", with varying characteristics and goals.

While Intel VT may be best known for its application in data center server consolidation and provisioning, Intel VT has proliferated across desktop- and laptop-class chipsets, and has most recently found its way into Intel Atom processors, built for low power and designed for embedded and mobile applications.

The availability of Intel VT across such a wide range of computing platforms provides developers and technologists with the ultimate open platform: the ability to run any flavor of operating system in any combination, creating an unprecedented flexibility for deployment and usage. This article introduces some of these emerging uses, with an emphasis on the latest platforms enabled with Intel VT: embedded and mobile. Because embedded and mobile platforms often have resource and security constraints that differ drastically from enterprise computing platforms, we focus in this article on the impact of hypervisor architecture upon these constraints.

Applications of System Virtualization

Mainframe virtualization was driven by some of the same applications found in today's enterprise systems. Initially, virtualization was used for time sharing, similar to the improved hardware utilization driving modern data center server consolidation. Another important usage involved testing and exploring new operating system architectures. Virtualization was also used to maintain backward compatibility of legacy versions of operating systems.

Environment Sandboxing

Implicit in the concept of consolidation is the premise that independent virtual machines are kept securely separated from each other. The ability to guarantee separation is highly dependent upon the robustness of the underlying hypervisor software. Researchers have found flaws in commercial hypervisors that violate this separation assumption. Nevertheless, an important theoretical application of virtual machine compartmentalization is to "sandbox" software that is not trusted. For example, a web browser connected to the Internet can be sandboxed in a virtual machine so that Internet-borne malware or browser vulnerabilities are unable to infiltrate or otherwise adversely impact the user's primary operating system environment.

Virtual Security Appliances

Another example, the virtual security appliance, does the opposite: sandbox trusted software away from the user's operating system environment. Consider anti-virus software that runs on a Mobile Internet Device (MID). A few years ago, the "Metal Gear" Symbian Trojan was able to propagate itself by disabling the mobile device's anti-malware software. [1] Virtualization can solve this problem by placing the anti-malware software into a separate virtual machine, as in Figure 1. The virtual appliance can analyze data going into and out of the user's environment or hook into the user's operating system for demand-driven processing.

[Click image to view at full size]
Figure 1: Virtual security appliance. (Source: Green Hills Software, 2008)


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Video