August 22nd - 24th in Toronto, Canada
Register Now for LinuxCon+ContainerCon North America 2016!
Wednesday, August 24 • 4:35pm - 5:25pm
Kernel Protection Using Hardware-Based Virtualization - Jun Nakajima & Sainath Grandhi, Intel

Sign up or log in to save this to your schedule and see who's attending!

We propose that the Linux run in virtualization mode, activating hardware virtualization features to improve security and monitoring. Hardware enforced virtualization features can be used for hardening the kernel, by protecting key kernel data structures and locking the processor state when the processor is executing in guest mode. Security features from the latest processors can be added to virtual processors. Kernels running on platforms with processors from older generations are benefitted.

For the bare-metal, we have added a thin hypervisor to the kernel, and we have extended KVM for guest kernels so that they can identify this capability as a CPU feature, become enlightened and work with the hypervisor to lock and monitor kernel resources and processor state.

In this talk we will present the idea, its benefits and the work we have done in Linux/KVM.


Sainath Grandhi

Work for Intel in Open Source Virtualization group. Work on Xen and KVM kernel feature enabling. Currently working on a project that is a solution to run containers with a hypervisor underneath to provide security and resource isolation.
avatar for Jun Nakajima

Jun Nakajima

Sr. Principal Engineer, Intel Corp.
Jun Nakajima is a Senior Principal Engineer at the Intel Open Source Technology Center, leading open source virtualization, such as KVM and Xen. Recently Jun worked on various security issues, implementing migitations for KVM. Jun presented a number of times at technical conferences... Read More →

Wednesday August 24, 2016 4:35pm - 5:25pm
Harbour A

Attendees (24)