zoukankan      html  css  js  c++  java
  • Hardware Virtualization

    There is some suggestion that future operating systems of all sorts (Linux, Mac, Windows, etc.) may be able to use hardware virtualization to indirectly enforce greater security upon the operating system's "kernel" by preventing it from being modified as a means for thwarting dangerous "root kit" style exploits.

    The idea is that our future operating systems would always be running inside a virtual machine under the watchful eye of an OS "hypervisor." This has not been practical before now, without hardware support for virtualization, because virtualization required too much real-time involvement of software which introduced an unacceptable amount of overhead and slowed everything down. Hardware virtualization means that virtual machines - and even the entire operating system running inside a virtual machine container - would be able to run at 100% full speed, thus making a persistent security-oriented OS "hypervisor" practical for the first time.

    But don't hope for this to ever help with the security of 32-bit Windows platforms. Due to the amount of kernel modification already being done by benign kernel drivers in 32-bit versions of Windows, "hypervisory kernel locking" could only ever be implemented under 64-bit versions of Windows where kernel modification has always been actively prohibited. And due to serious compatibility problems inherent in 64-bit systems, it's also not at all clear (at the start of 2007) how quickly, or even whether, 64-bit Windows will become practical on the desktop.

    However, the other current and real security-related application for hardware virtualization is for running your own virtual machines - at 100% full speed - on top of your host operating system. This is possible today with commercial and completely free software from Microsoft, VMware and Parallels. This has an indirect, though strongly positive, impact upon security since possibly unsafe activities such as Internet surfing or peer-to-peer file sharing can be 100% contained within the virtual environment to make online activities much safer.

    This can still be done, of course, without hardware virtualization support, but the virtual machine environment as well as the hosting operating system will be running at substantially less than full speed.

  • 相关阅读:
    bzoj 1588: [HNOI2002]营业额统计 treap
    Codeforces Round #135 (Div. 2) E. Parking Lot 线段数区间合并
    cdoj 851 方老师与素数 bfs
    hdu 5150 Sum Sum Sum 水
    Codeforces Round #376 (Div. 2) F. Video Cards 数学,前缀和
    POJ 1984 Navigation Nightmare 带全并查集
    POJ 1655 Balancing Act 树的重心
    POJ 3140 Contestants Division 树形DP
    HDU 3586 Information Disturbing 树形DP+二分
    HDU 1561 The more, The Better 树形DP
  • 原文地址:https://www.cnblogs.com/smwikipedia/p/1325703.html
Copyright © 2011-2022 走看看