Implementing a Hybrid Virtual Machine Monitor for Flexible and Efficient Security Mechanisms

Virtual machine monitors (VMMs) have emerged as potential tools %% are one of the promising approaches for implementing security mechanisms to enhance the security and/or reliability of software systems. There are two approaches to implementing VMMs. One is a software-based approach that emulates the execution of virtual machines via software. The other is a hardware-based approach that utilizes the hardware virtualization support of CPUs. The software-based approach is preferred for implementing security mechanisms, whereas the hardware-based approach is preferred from the viewpoint of performance. In this paper, we present an approach to implementing a hybrid VMM for flexible and efficient security mechanisms. The hybrid VMM consists of a software-based VMM (QEMU) and hardware-based VMM (KVM), and it dynamically switches between them. Using the hybrid VMM, security- and reliability-critical software can be executed on the software-based VMM, and performance-critical software can be executed on the hardware-based VMM. We also present the results of experiments conducted to evaluate the performance and verify the effectiveness of the hybrid VMM.