I/O for virtual machine monitors: Security and performance issues

Abstract

Virtual machine monitors (VMM) or hypervisor, is a specialized operating system (OS) that creates multiple virtual processors and behave exactly like a real hardware CPU. The Xen VMM popularized the concept of paravirtualization to simplify some aspects of CPU virtualization and I/O virtualization. Studies have demonstrated the feasibility of using hypervisions for the very high levels of security demanded by the Department of Defense projects. Pure isolation VMMs such as PR/SM on zSeries mainframes or systems, allow each guest partition with a dedicated I/O hardware and device drivers, without sharing device between them. The biggest source of performance overhead in a VMM is the cost of context switching into and out of the VMM and between guest partitions. The VMMs can run a full Linux or AIX OS in the special partitions and redirect all I/O requests from guest.