Executing secured virtual machines within a manycore architecture

- Design of an efficient secure manycore architecture allowing the execution of physically isolated virtual machines of variable size, and supporting cache coherency.
- Design of a blind hypervisor adapted to this architecture, and requiring little hardware extensions.
- Demonstration of the feasibility of our approach by the implementation and evaluation of a cycle-accurate virtual prototype, and confirmation that the virtualization overhead remains low.

Manycore processors are a way to face the always growing demand in digital data processing. However, by putting closer distinct and possibly private data, they open up new security breaches. Splitting the architecture into several partitions managed by a hypervisor is a way to enforce isolation between the running virtual machines. Thanks to their high number of cores, these architectures can mitigate the impact of dedicating cores both to the virtual machines and the hypervisor, while allowing an efficient execution of the virtualized operating systems. We present such an architecture allowing the execution of fully virtualized multicore operating systems benefiting of hardware cache coherence. The physical isolation is made by the means of address space via the introduction of a light hardware module similar to a memory-management unit at the network-on-chip entrance, but without the drawback of relying on a page table. We designed a cycle-accurate virtual prototype of the architecture, controlled by a light blind hypervisor with minimum rights, only able to start and stop virtual machines. Experiments made on our virtual prototype shows that our solution has a low time overhead - typically 3% on average.

145