[cap-talk] POLA 'capabilities' under Windows,
2 level encapsulation (was: Polaris)
hal at finney.org
Fri Dec 10 15:24:00 EST 2004
The Intel X86 architecture unfortunately does not lend itself to fully
transparent virtualization. Some privileged operations do not trap
but simply behave differently when run in user mode. This requires
programs like VMware to take extreme measures to run X86 operating systems
virtually. I've heard that they rewrite code and perform other tricks,
but I don't know the details.
A reference on the X86 architecture problems is
http://denali.cs.washington.edu/relwork/papers/pentium.pdf , "Analysis of
the Intel Pentium's Ability to Support a Secure Virtual Machine Monitor".
The Xen web page claims that future versions of the X86 family will allow
for full virtualization. I don't know any details of that, although this
paper has some suggestions for fixups.
More information about the cap-talk