Dynamic Partitioning of Physical Memory Among Virtual Machines, ASMI:Architectural Support for Memory Isolation

Abstract

Cloud computing relies on secure and efficient virtualization. Software level security solutions compromise the performance of virtual machines (VMs), as a large amount of computational power would be utilized for running the security modules. Moreover, software solutions are only as secure as the level that they work on. For example a security module on a hypervisor cannot provide security in the presence of an infected hypervisor. It is a challenge for virtualization technology architects to enhance the security of VMs without degrading their performance. Currently available server machines are not fully equipped to support a secure VM environment without compromising on performance. A few hardware modifications have been introduced by manufactures like Intel and AMD to provide a secure VM environment with low performance degradation. In this paper we propose a novel memory architecture model named Architectural Support for Memory Isolation(ASMI), that can achieve a true isolated physical memory region to each VM without degrading performance. Along with true memory isolation, ASMI is designed to provide lower memory access times, better utilization of available memory, support for DMA isolation and support for platform independence for users of VMs.