Secure, efficient and manageable virtual machine systems

This dissertation is about structuring, building and testing virtual machines. Virtual machine systems are compelling because they simultaneously promise extensibility, performance and safety. They can guarantee system integrity in the presence of untrusted applications, offer a uniform interface, and permit a resource-efficient implementation. While these features make modern virtual machines compelling, current state of the art virtual machine implementations suffer from fundamental problems related to resource consumption, manageability and security. Existing virtual machines perform all of the services that they rely on locally, and consequently require excessive resources on each client. In addition, virtual machines embody a significant amount of state on each client, and consequently make it difficult to administer large networks of virtual machines. Finally, security checking and enforcement is an integral part of each virtual machine implementation and is performed without any hardware barriers between potentially malicious applications and system code, consequently making virtual machines prone to security breaches. We observe that these problems of cost, performance, management and security stem fundamentally from the internal architecture of modern virtual machines. This dissertation addresses the problems of cost, performance, management and security found in modern virtual machine systems. It makes four contributions. First, it introduces a new, distributed architecture for virtual machines that factors services out of endpoints into dedicated network servers. This simplifies administration through centralization, provides strong security through physical isolation and enables small, cheap and fast clients through service partitioning. Second, it proposes a methodology for structuring existing virtual machine services under this distributed service architecture. Third, this dissertation demonstrates that the proposed system architecture enables a new class of services based on secure computational platforms distributed inside a network. Finally, this thesis describes practical and effective assurance techniques for virtual machine components, such as verifiers, compilers and interpreters. These four contributions are demonstrated in the context of a commercial-grade virtual machine operating system, the Java virtual machine. Overall, these techniques address the problems in current virtual machine systems and lead to secure, manageable and efficient virtual machine systems for large networks.