A Microkernel Virtual Machine: Building Security with Clear Interfaces. Xiaoqi Lu, Scott Smith, PLAS 2006, 6, Ottawa, Ontario, Canada.  PDF Slides

Abstract: In this paper we propose a novel microkernel-based virtual machine (µKVM), a new code-based security framework with a simple and declarative security architecture. The main design goals of the µKVM are to put a clear, inviolable programming interface between different codebases or security components, and to limit the size of the trusted codebase in the spirit of a microkernel. Security policies are enforced solely on the interface because all data must explicitly pass through the inviolable interface. The architecture of the µKVM effectively removes the need for expensive runtime stack inspection, and applies the principle of least privilege to both library and application code elegantly and efficiently. We have implemented a prototype of the proposed µKVM. A series of benchmarks show that the prototype preserves the original functionality of Java and compares favorably with the J2SDK performance-wise.

The Microkernel Virtual Machine (µKVM) Benchmark

Four groups of test programs have been developed to benchmark the µKVM:

1. File Open Benchmark : measure the time and memory consumption in file open operations.
   

2. File Read/Write Benchmark : read/write a big chuck of data from/to a file, measure the time and memory consumption these operations
   

3. Network Benchmark: test message transfer time between a server and a client.
   

4. Thread Benchmark: measure thread creation time, duration time and memory consumption.

5. Security Overhead Benchmark: measure time and memory overhead on file open operation when security checks are enforced.

In each test group, there are two set of almost identical test programs for the Java and the µKVM respectively. Test programs for the µKVM always have a prefix "K". For example, the MemoryTest.java is the test program for the Java, while KMemoryTest.java is for the µKVM.

• File Open Benchmark
  

J2SDK : MemoryTest.java
µKVM  : KMemoryTest.java

usage: java [K]MemoryTest [file_num]

file_num    The number of files to be opened at once.

• File Read/Write Benchmark

J2SDK : TestRead.java
        TestWrite.java
µKVM  : KTestRead.java
        KTestWrite.java

usage: java [K]TestRead/[K]TestWrite file_size test_round step

file_size    The size (bytes) of data to be read.
test_round   The number of times that file_size data will be read.
step         Specify how many block sizes will be used in testing. Block size is the bytes of data each read/write gets. It starts from 64 and increases by power of 2. For example, if steps is set to 3, then the block size 64,128 and 256 will be tested respectively.

• Network Benchmark

J2SDK : Server.java and Client.java
µKVM  : KServer.java and KClient.java

usage: java [K]Server message_size message_number
        java [K]Client [server_name] message_size message_number

message_size    The size (in bytes) of each message to be transferred.
message_number  The total number of the messages to be transferred.

• Thread Benchmark

J2SDK : ThreadBenchmark.java  and TestThread.java
µKVM  : KVMThreadBenchmark.java and KVMTestThread.java

usage: java [K]ThreadBenchmark thread_number

thread_number    The number of threads to be created.

• Security Overhead Benchmark
  

J2SKD : MemoryTest.java
µKVM  : SKMemoryTest.java

security policy file

usage: java -Djava.security.mananger -Djava.security.policy=rw.policy [K]Memorytest [file_num]

file_num    The number of files to be opened at once.

Part II: Benchmark Results and Analysis

The benmark.pdf file contains the complete benchmark results of running test programs listed in Part I and a detailed analysis on those data.