Where does Microsoft's Hyper-V security come from?

Microsoft has been focusing on its security advantages in the new Hyper-V, and Microsoft may also hope to bring out two points through its explanation of security:

1. Microsoft's Hyper-V is different;

2. Hyper-V micro-architecture has special security advantages over other "third-party solutions.

Indeed, due to the advantages of Hyper-V on the micro-kernel: the micro-kernel hypervisor contains as few code as possible, in the Hyper-V hypervisor, you cannot see the device driver (the driver runs in every independent partition, although the Virtual Machine OS is in a separate partition, it can directly access the hardware through the Hypervisor). At the same time, Hyper-V also rarely sees third-party code. Therefore, microsoft successfully minimized Hyper-V security risks.

However, this is only part of Hyper-V's security topic. Microsoft's efforts to protect Hyper-V are obviously more powerful and secure, security, especially after close integration with Windows Server, is becoming an important weight for Microsoft to compete with third-party solutions such as VMware and Xen Source.

Microsoft's Hyper-V virtualization, formerly from Virtual Server, is a traditional mode built on the Ring0 kernel mode and Ring3 user mode, the Windows and driver programs of the host machine and the underlying driver of VS are both under Ring0, while the Virtual Server is on Windows Server. It is managed through IIS and communicates with the kernel, on the other hand, the Virtual Server runs on a Virtual Kernel Mode higher than Ring1 in WIndows and has a lower privilege than Ring0, but higher than Ring3-the problem is that many privileged commands may not be fully supported on Ring1. Of course, I remember what kind of binary instruction translation technology does Microsoft have to deal, however, this is not the most "fundamental" solution.

In Hyper-V, there is no longer a distinction between a host and a virtual machine. Microsoft introduces a new concept: parent partition and subpartition. By installing Hypervisor at the underlying hardware layer, then multiple partitions are divided on the Virtual Machine. Although the parent partition and sub-partition can correspond to the previous host machine and virtual machine, their status is basically equal, their kernels are all running on Ring0, and applications are running in Ring3 user mode. The biggest difference with VS is that the kernel of the virtual machine no longer runs in ring1, hypervisor runs at a lower level, which is roughly a layer on the CPU. Microsoft's name is also very interesting, called Ring-1. We can see that, the functions and structure of Microsoft virtualization have been greatly complicated and systematic (SEE ).

498) this. style. width = 498; "border = 0>

 

Well, now we have a certain understanding of the Hyper-V architecture-from the third-party structure, Hypervisor has two security points worth noting: first, it cannot satisfy the deep defense system, which is of course the same respect of Microsoft. Second, Hypervisor runs directly on the hardware, which leads to the maximization of privileges, and the risk can be imagined. Therefore, since Hyper-V is based on Hypervisor technology, it faces the same problems.

Microsoft's solution is: in Hyper-V, only memory management and CPU scheduling are performed, while other devices use the key VMbus. This is a traversal mechanism that transfers data to Ring0 through VMbus, thus a three-tier architecture of Microsoft Hyper-V is built (that is, the deep defense system, of course ): hypervisor layer for CPU management, storage/network stack, Ring0 layer for driver running, and virtual devices/Management APIs/virtual machines in ring3. (SEE ).

498) this. style. width = 498; "border = 0>

I wonder if anyone has noticed that VMbus is one of the core security aspects, he is responsible for executing commands and code that may cause problems-the VMbus-based high-speed memory bus architecture is the main contributor to its security implementation, the isolated VMbus call between each virtual machine ensures that each partition is fully isolated from each other (maybe we can say it is a "physical machine like "?)

In addition, we can also see that, as I said at the beginning of the article, the Hypervisor code at the underlying level of Hyper-V is small and does not contain third-party drivers, under a very streamlined architecture that is responsible for two things-and purely Microsoft code (Microsoft claims that it does not contain any bugs), security can be greatly improved-only at the core, do not blame Hypervisor for any problems that may occur ?!

Of course, this is not all about it. Microsoft engineers once mentioned Hpyer-V security reinforcement: first, Hypervisor has its own address space, which is isolated from the Guest address space; secondly, Hypervisor can run on Server Core on Windows Server 2008. This is a streamlined Windows Server that only supports command line interfaces, A strange system that does not have a GUI Shell but can run GUI programs.

The advantages of using Server Core to install Hyper-V are obvious: After the GUI Shell is removed, the performance is better, and after the minimum amount of code, the chance of a system needing a patch is smaller-I think this is the most critical. Everyone knows that Microsoft's Windows is definitely the patch king.

Note: The Sub-partition still needs to access hardware resources through the parent partition. When the operating system in the sub-partition needs to access hardware, the request is sent by the VSC (Virtualization Service Client) in the subpartition to the vsp (Virtualization Service Provider) in the parent partition through VMBUS, and the real hardware Service is provided by the VSP. In this way, the access performance of hardware is greatly improved compared with the hardware simulation method.