On the Impossibility of a Perfect Hypervisor
Mordechai Guri
TL;DR
This paper proves that a perfect hypervisor, which perfectly mimics native execution without overhead, cannot exist on finite machines, establishing fundamental limits for virtualization technologies.
Contribution
It introduces formal theorems demonstrating the impossibility of perfect hypervisors, providing a foundational understanding of virtualization limits.
Findings
Indetectability theorem: perfect hypervisors cannot be distinguished from native execution.
Impossibility theorem: perfect hypervisors cannot exist on finite-resource machines.
Results are architecture-agnostic and extend to various virtualization layers.
Abstract
We establish a fundamental impossibility result for a `perfect hypervisor', one that (1) preserves every observable behavior of any program exactly as on bare metal and (2) adds zero timing or resource overhead. Within this model we prove two theorems. (1) Indetectability Theorem. If such a hypervisor existed, no guest-level program, measurement, or timing test could distinguish it from native execution; all traces, outputs, and timings would be identical. (2) Impossibility Theorem. Despite that theoretical indetectability, a perfect hypervisor cannot exist on any machine with finite computational resources. These results are architecture-agnostic and extend beyond hypervisors to any virtualization layer emulators, sandboxes, containers, or runtime-instrumentation frameworks. Together they provide a formal foundation for future work on the principles and limits of virtualization.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Cloud Computing and Resource Management · Parallel Computing and Optimization Techniques