The ring architecture of modern CPUs arose from a need for hardware protection for software at different privilege levels the OS, drivers and applications. Today’s endpoints depend on it, but software bloat and key use cases leave endpoints exposed to attack. Hardware virtualization added what is in effect a ring to the CPU, facilitating hypervisor-delivered: utility, manageability, availability that changed the economics of data center and desktops. But it is also necessarily secure. The interface between a hypervisor and guest is much narrower than the system call interface between applications and the OS - and there is solid evidence of their security. This talk plots the path forward for hypervisors and virtualization, drawing on Xen to show how future virtual infrastructure will deliver both the utilities and hardware-based security. Our focus is on next-gen endpoints from PCs to tablets and phones. The talk will be a detailed look at modern hypervisor design, and will cover the next generation of hardware virtualization support, nesting, side-by-side hypervisors and hardware security features. This talk will be vendor-agnostic, from a Xen.org perspective.
Presented by Simon Crosby