Hypercallbacks
Introduces hypercallbacks to bridge the semantic gap between hypervisors and VMs using verified, safety-checked code that decouples policy decisions from execution.
Abstract
Hypervisors and virtual machines (VMs) running under them must coordinate policy decisions in order to run efficiently. The abstraction of a VM, however, creates a semantic gap which makes it difficult for hypervisor and VM to work in unison due to privilege separation. Today, the semantic gap is bridged by techniques which couple policy decision with execution. In this paper, we introduce a new mechanism, the hypercallback, which enables hypervisors and VMs to coordinate policy with verified, safety-checked code, decoupling execution and decision making. Our preliminary results show that hypercallbacks can significantly improve memory management without compromising security and robustness, and we believe hypercallbacks can be applied to many domains outside of memory management.