Dynamic Partitioning of Physical Memory Among Virtual Machines, ASMI:Architectural Support for Memory Isolation

TL;DR

This paper introduces ASMI, a hardware-based memory architecture that ensures secure, isolated, and efficient physical memory allocation for virtual machines without performance loss.

Contribution

The paper proposes ASMI, a novel hardware architecture that provides true memory isolation and improved performance for VMs, surpassing existing software and hardware solutions.

Findings

Achieves true memory isolation for VMs

Reduces memory access times

Enhances memory utilization and security

Abstract

Cloud computing relies on secure and efficient virtualization. Software level security solutions compromise the performance of virtual machines (VMs), as a large amount of computational power would be utilized for running the security modules. Moreover, software solutions are only as secure as the level that they work on. For example a security module on a hypervisor cannot provide security in the presence of an infected hypervisor. It is a challenge for virtualization technology architects to enhance the security of VMs without degrading their performance. Currently available server machines are not fully equipped to support a secure VM environment without compromising on performance. A few hardware modifications have been introduced by manufactures like Intel and AMD to provide a secure VM environment with low performance degradation. In this paper we propose a novel memory architecture model named \textit{ Architectural Support for Memory Isolation(ASMI)}, that can achieve a true isolated physical memory region to each VM without degrading performance. Along with true memory isolation, ASMI is designed to provide lower memory access times, better utilization of available memory, support for DMA isolation and support for platform independence for users of VMs.