HowTo: Xen, for the Everyday Microkernel

~~   Forward   ~~

xen-logoMost people think of Xen as only being applicable to large organizations like Amazon’s AWS, RackSpace and other clouds, and various clustering applications.   Why is Xen such a good model of virtualization, clustering and security?   Because it’s the closest we have for now, to a production microkernel architecture.

~~   The Microkernel Model   ~~

The microkernel operating system model is one which rethinks the very core of the way operating systems work.   With microkernel, very few functions are actually handled by the core kernel in privileged mode, and the kernel itself is simple, compact, and fast.   The minimal functions handled by the microkernel are low-level address space management, thread management, and inter-process communication.   All other OS functions, including device drivers, protocol stacks, file systems, etc, are handled in user space.   If there is a buffer overflow or other vuln in a driver of the microkernel system, the best a cracker could do is get to the non-privileged user that driver is running as, inside the virtual machine it’s running in.

(more…)