Article

Performance and security lessons learned from virtualizing the alpha processor

Author:

Paul A. KargerAuthors Info & Claims

ISCA '07: Proceedings of the 34th annual international symposium on Computer architecture

Pages 392 - 401

https://doi.org/10.1145/1250662.1250711

Published: 09 June 2007 Publication History

Abstract

Virtualization has become much more important throughout the computer industry both to improve security and to support multiple workloads on the same hardware with effective isolation between those workloads. The most widely used chip architecture, the Intel and AMD x86 processors, have begun to support virtualization, but the initial implementations show some limitations. This paper examines the virtualization properties of the Alpha architecture with particular emphasis on features that improve performance and security. It shows how the Alpha's features of PALcode, address space numbers, software handling of translation buffer misses, lack of used and modified bits, and secure handling of unpredictable results all contribute to making virtualization of the Alpha particularly easy. The paper then compares the virtual architecture of the Alpha with Intel's and AMD's virtualization approaches for x86. It also comments briefly on Intel's virtualization technology for Itanium, IBM's zSeries and pSeries hypervisors and Sun's UltraSPARC virtualization. It particularly identifies some differences between translation buffers on x86 and translation buffers on VAX and Alpha that can have adverse performance consequences.

References

[1]

Alpha 21164 Microprocessor Hardware Reference Manual, Order No. EC-QP99C-TE, December 1998, Compaq Computer Corporation. URL: http://ftp.digital.com/pub/Digital/info/semiconductor/literature/164hrm.pdf

[2]

Alpha 21264 Microprocessor Hardware Reference Manual, Order Number: EC-RJRZA-TE, July 1999, Compaq Computer Corporation. URL: http://ftp.digital.com/pub/Digital/info/semiconductor/literature/21264hrm.pdf

[3]

Alpha Architecture Handbook, Order Number: EC-QD2KC-TE, October 1998, Compaq Computer Corporation. URL: http://ftp.digital.com/pub/Digital/info/semiconductor/literature/alphaahb.pdf

[4]

AMD64 Architecture Programmer's Manual Volume 2: System Programming, Publication No. 24593, December 2005, Advanced Micro Devices. URL: http://www.amd.com/us--en/assets/content_type/white_papers_and_tech_docs/24593.pdf

[5]

AMD64 Virtualization Codenamed "Pacifica" Technology: Secure Virtual Machine Architecture Reference Manual, Publication No. 33047, Revision 3.01, May 2005, Advanced Micro Devices: Sunnyvale, CA. URL: http://www.amd.com/usen/assets/content_type/white_papers_and_tech_docs/33047.pdf

[6]

Department of Defense Trusted Computer System Evaluation Criteria, DOD 5200.28-STD, December 1985: Washington, DC. URL: http://csrc.nist.gov/publications/history/dod85.pdf

[7]

Guidance for Smartcard Evaluation, Version 1.1, March 2002, Direction Centrale de la Sécuritß des Systémes d'Information (DCSSI): Paris, France. URL: http://www.bsi.de/zertifiz/zert/interpr/scgui11.pdf

[8]

A Guide to the IBM System/370 Model 168, GC20-1755-2, June 1975, IBM Corporation: White Plains, NY. URL: http://www.bitsavers.org/pdf/ibm/370/GC20--1755-2_370-168gdeJun75.pdf

[9]

IA-32 Intel Architecture Software Developer's Manual: Volume 3A: System Programming Guide, Part 1, Order Number: 253668-020US, June 2006, Intel Corporation: Denver, CO.

[10]

IA-32 Intel Architecture Software Developer's Manual: Volume 3B: System Programming Guide, Part 2, Order Number: 253669-020US, June 2006, Intel Corporation: Denver, CO.

[11]

IBM System/370 Principles of Operation, GA22-7000-4, September 1974, IBM Corporation: Poughkeepsie, NY. URL: http://www.bitsavers.org/pdf/ibm/370/GA22-7000-4_370PoO_Sep75.pdf

[12]

Intel Itanium Architecture Software Developer's Manual: Volume 2: System Architecture, Document No. 245318--005, Revision 2.2, January 2006, Intel Corporation. URL: ftp://download.intel.com/design/Itanium/manuals/24531805.pdf

[13]

Intel Virtualization Technology Specification for the IA-32 Intel Architecture, C97063-002, April 2005, Intel Corporation.

[14]

Intel Virtualization Technology Specification for the Intel Itanium Architecture (VT-i), Document Number: 305942-002, 2005, Intel Corporation. URL: ftp://download.intel.com/technology/computing/vptech/30594202.pdf

[15]

UltraSPARC Architecture 2005, Part No: 950-4895-08, Revision: Draft D0.8.8, 15 June 2006, Sun Microsystems: Santa Clara, CA. URL: http://opensparc-t1.sunsource.net/specs/UA2005-current-draft-HP-EXT.pdf

[16]

UltraSPARC Virtual Machine Specification (The sun4v architecture and Hypervisor API specification), Revision 1.0, 24 January 2006, Sun Microsystems: Santa Clara, CA. URL: http://opensparc-t1.sunsource.net/specs/Hypervisor-api-current-draft.pdf

[17]

VAX-11 Architecture Reference Manual, EK-VAXAR-RM-001, Revision 6.1, 20 May 1982, Digital Equipment Corporation: Bedford, MA. URL: http://www.bitsavers.org/pdf/dec/vax/archSpec/EK-VAXAR-RM-001_Arch_May82.pdf

[18]

z/Architecture Principles of Operation, SA22-7832-04, September 2005, IBM Corporation: Poughkeepsie, NY. URL: http://publibz.boulder.ibm.com/epubs/pdf/a2278324.pdf

[19]

Adair, R.J., R.U. Bayles, L.W. Comeau, and R.J. Creasy, A Virtual Machine System for the 360/40, Report 320-2007, May 1966, IBM Cambridge Scientific Center: Cambridge, MA.

[20]

Adams, K. and O. Agesen. A Comparison of Software and Hardware Techniques for x86 Virtualization. in Twelfth International Conference on Architectural Support for Programming Languages and Operating Systems. 21--25 October 2006, San Jose, CA: published in ACM SIGARCH Computer Architecture News, Vol. 34, No. 5. p. 2--13. URL: http://www.vmware.com/pdf/asplos235_adams.pdf

Digital Library

[21]

Armstrong, W.J., R.L. Amdt, D.C. Boutcher, R.G. Kovacs, D. Larson, K.A. Lucke, N. Nayar, and R.C. Swanberg, Advanced Virtualization Capabilities of POWER5 Systems. IBM Journal of Research and Development, July/September 2005. 49(4/5): p. 523--532. URL: http://www.research.ibm.com/journal/rd/494/armstrong.html

Digital Library

[22]

Barham, P., B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the Art of Virtualization. in Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles (SOSP). 19--22 October 2003, Bolton Landing, NY: ACM Press. URL: http://www.cl.cam.ac.uk/Research/SRG/netos/papers/2003--xensosp.pdf

Digital Library

[23]

Blank, A., P. Keifer, C. Sallave Jr., G. Valencia, J. Wain, and A.M. Warda, Advanced POWER Virtualization on IBM System p5, SG24-7940-01, December 2005, IBM Corporation: Austin, TX. URL: http://www.redbooks.ibm.com/redbooks/pdfs/sg247940.pdf

[24]

Boggs, D., A. Baktha, J. Hawkins, D.T. Marr, J.A. Miller, P. Roussel, R. Singhal, B. Toll, and K.S. Venkatraman, The Microarchitecture of the Intel Pentium 4 Processor on 90nm Technology. Intel Technology Journal, 18 February 2004. 8(1): p. 1--17. URL: http://download.intel.com/technology/itj/2004/volume08issue01/art01_microarchitecture/vol8iss1_art01.pdf

[25]

Clark, D.W. and J.S. Emer, Performance of the VAX-11/780 Translation Buffer: Simulation and Measurement. ACM Transactions on Computer Systems, February 1985. 3(1): p. 31--62.

Digital Library

[26]

Downey, P.J., Multics Security Evaluation: Password and File Encryption Techniques, ESD-TR-74-193, Vol. III, June 1977, HQ Electronic Systems Division: Hanscom AFB, MA.

[27]

Emer, J.S., Personal Communication, 1 March 2007.

[28]

Goldberg, R.P., Architectural Principles for Virtual Computer Systems, Ph. D. thesis in Division of Engineering and Applied Physics, February 1973, Harvard University: Cambridge, MA. Published as ESD-TR-73105. HQ Electronic Systems Division, Hanscom AFB, MA.

[29]

Halfill, T.R., The Truth Behind the Pentium Bug. Byte, March 1995. URL: http://www.byte.com/art/9503/sec13/art1.htm

[30]

Hall, J.S. and P.T. Robinson. Virtualizing the VAX Architecture. in 18th International Symposium on Computer Architecture. May 1991, Toronto, ON, Canada: published in Computer Architecture News, Vol. 19, No. 3. p. 380--389. URL: http://doi.acm.org/10.1145/115952.115990

Digital Library

[31]

Hamilton, G. and P. Kougiouris. The Spring Nucleus: A Microkernel for Objects. in Proceedings of the USENIX Summer 1993 Technical Conference. 21--25 June 1993, Cincinnati, OH: USENIX Association. p. 147--159. URL: http://www.usenix.org/publications/library/proceedings/cinci93/full_papers/hamilton.txt

[32]

Heller, L.C. and M.S. Farrell, Millicode in an IBM zSeries Processor. IBM Journal of Research and Development, May/July 2004. 48(3/4): p. 425--434. URL: http://www.research.ibm.com/journal/rd/483/heller.pdf

Digital Library

[33]

Hinton, G., D. Sager, M. Upton, D. Boggs, D. Carmean, A. Kyker, and P. Roussel, The Microarchitecture of the Pentium 4 Processor. Intel Technology Journal, February 2001. 5(1): p. 1--12. URL: ftp://download.intel.com/technology/itj/q12001/pdf/art_2.pdf

[34]

Houdek, M.E. and G.R. Mitchell, Translating a Large Virtual Address, in IBM System/38 Technical Developments. 1980, G580-0237-1, IBM General Systems Division: Atlanta, GA. p. 22--24.

[35]

Hu, W.-M. Reducing Timing Channels with Fuzzy Time. in Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy. 20--22 May 1991, Oakland, CA: IEEE Computer Society. p. 8--20.

[36]

Karadeniz, K., Analysis of Intel IA-64 Processor Support for a Secure Virtual Machine Monitor, March 2001, Naval Postgraduate School: Monterey, CA. URL: http://handle.dtic.mil/100.2/ADA391770

[37]

Karger, P.A., T.E. Leonard, and A.H. Mason, Computer with virtual machine mode and multiple protection rings, US patent No. 4787031, 22 November 1988.

[38]

Karger, P.A. and R.R. Schell, Multics Security Evaluation: Vulnerability Analysis, ESD-TR-74-193, Vol. II, June 1974, HQ Electronic Systems Division: Hanscom AFB, MA. URL: http://csrc.nist.gov/publications/history/karg74.pdf

[39]

Karger, P.A., M.E. Zurko, D.W. Bonin, A.H. Mason, and C.E. Kahn, A Retrospective on the VAX VMM Security Kernel. IEEE Transactions on Software Engineering, November 1991. 17(11): p. 1147--1165.

Digital Library

[40]

Keltcher, C., K.J. McGrath, A. Ahmed, and P. Conway, The AMD Opteron Processor for Multiprocessor Servers. IEEE Micro, March-April 2003. 23(2): p. 66--76.

Digital Library

[41]

Kenah, L.J. and S. Bate, VAX/VMS Internals and Data Structures. 1984, Burlington, MA: Digital Press.

Digital Library

[42]

Kilburn, T., R.B. Payne, and D.J. Howarth. The Atlas Supervisor. in Computers-Key to Total Systems Control, Proceedings of the Eastern Joint Computer Conference. 12--14 December 1961, New York, NY: Vol. 20. American Federation of Information Processing Societies (AFIPS), Macmillan Company. p. 279--294.

[43]

Lampson, B.W., A note on the confinement problem. Communications of the ACM, October 1973. 16(10): p. 613--615.

Digital Library

[44]

Lindquist, A.B., R.R. Seeber, and L.W. Comeau, A Time-Sharing System Using an Associative Memory. Proceedings of the IEEE, December 1966. 54(12): p. 1774--1779.

[45]

Lipner, S.B., A comment on the confinement problem. Operating Systems Review, 19--21 November 1975. 9(5): p. 192--196. Proceedings of the Fifth Symposium on Operating Systems Principles.

Digital Library

[46]

Lowell, D.E., Y. Saito, and E.J. Sambert, Devirtualizable virtual machines enabling general, single-node, online maintenance, in Proceedings of the Eleventh International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) 9--13 October 2004: Boston, MA. p. 211--223. URL: http://www.ysaito.com/microvisor--asplos04.pdf

Digital Library

[47]

Meyer, R.A. and L.H. Seawright, A Virtual Machine Time-Sharing System. IBM Systems Journal, 1970. 9(3): p. 199--218. URL: http://www.research.ibm.com/journal/sj/093/ibmsj0903D.pdf

[48]

Morris, D. and G.D. Detlefsen. An Implementation of a Segmented Virtual Store. in Conference on Computer Science and Technology. 30 June-3 July 1969, University of Manchester Institute of Science and Technology: Vol. IEE Conference Publication 55. Institution of Electrical Engineers. p. 63--71.

[49]

Morris, D. and R.N. Ibbett, The MU5 Computer System. 1979, New York: Springer-Verlag.

[50]

Neiger, G., A. Santoni, F. Leung, D. Rodgers, and R. Uhlig, Intel Virtualization Technology: Hardware Support for Efficient Processor Virtualization. Intel Technology Journal, 10 August 2006. 10(03): p. 167--178. URL: http://www.intel.com/technology/itj/2006/v10i3/1-hardware/1-abstract.htm

[51]

Olbert, A.G. Crossing the Machine Interface. in MICRO 15: Proceedings of the 15th Annual Workshop on Microprogramming. December 1982, Palo Alto, CA: published in ACM SIGMICRO Newsletter, Vol. 13, No. 2. p. 163--170. URL: http://portal.acm.org/citation.cfm?id=800036.800946

Digital Library

[52]

O'Neill, R.W. Experience using a time-shared multi-programming system with dynamic address relocation hardware. in Proceedings of the 1967 Spring Joint Computer Conference. 18--20 April 1967, Atlantic City, NJ: Vol. 30. Thompson Books. p. 611--621.

Digital Library

[53]

Popek, G.J. and R.P. Goldberg, Formal Requirements for Virtualizable Third Generation Architectures. Comm. ACM, July 1974. 17(7): p. 41--421.

Digital Library

[54]

Robin, J.S., Analyzing the Intel Pentium's Architecture to Support Virtual Machine Monitors, MS in Department of Computer Science 1999, Naval Postgraduate School: Monterey, CA. URL: http://cisr.nps.navy.mil/downloads/theses/99thesis_robin.pdf

[55]

Robin, J.S. and C.E. Irvine. Analysis of the Intel Pentium's Ability to Support a Secure Virtual Machine Monitor. in 9th USENIX Security Symposium. 14-17 August 2000, Denver, CO: USENIX, the Advanced Computing Systems Association. p. 129--144. URL: http://www.usenix.org/events/sec2000/robin.html

Digital Library

[56]

Simpson, R.O. and P.D. Hester, The IBM RT PC ROMP and Memory Management Unit Architecture. IBM Systems Journal, 1987. 26(4): p. 346--360. URL: http://www.research.ibm.com/journal/sj/264/ibmsj2604D.pdf

Digital Library

[57]

Varian, M. VM and the VM Community: Past Present, and Future. in SHARE 89, Sessions 9059-9061. August 1997. URL: http://www.princeton.edu/~melinda/25paper.pdf

[58]

Wall, D.W. Global Register Allocation at Link Time. in Proceedings of the SIGPLAN '86 Symposium on Compiler Construction. 25-27 June 1986, Palo Alto, CA: ACM SIGPLAN Notices, Vol. 21, No. 7. p. 264--275.

Digital Library

[59]

Wall, D.W. Register Windows vs. Register Allocation. in Proceedings of the ACM SIGPLAN 1988 Conference on Programming Language Design and Implementation. 20-24 June 1988, Atlanta, GA: ACM SIGPLAN Notices, Vol. 23, No. 7. p. 67--78.

Digital Library

[60]

Webb, C.F. and J.S. Liptay, A High-Frequency Custom CMOS S/390 Microprocessor. IBM Journal of Research and Development, July/September 1997. 41(4/5): p. 463--473. URL: http://www.research.ibm.com/journal/rd/446/webb.pdf

Digital Library

[61]

Whitaker, A., M. Shaw, and S.D. Gribble, Denali: Lightweight Virtual Machines for Distributed and Networked Applications, University of Washington Technical Report 02-02-01, 2001, University of Washington: Seattle, WA. URL: http://denali.cs.washington.edu/pubs/distpubs/papers/denali_usenix2002.pdf

Cited By

Zhao SMashtizadeh ABaumann ACrooks NSchwarzkopf M(2023)Metal: An Open Architecture for Developing Processor FeaturesProceedings of the 19th Workshop on Hot Topics in Operating Systems10.1145/3593856.3595915(15-22)Online publication date: 22-Jun-2023
https://dl.acm.org/doi/10.1145/3593856.3595915
Bae CLange JDinda PSchmeck HRosenstiel WAbdelzaher THellerstein J(2011)Enhancing virtualized application performance through dynamic adaptive paging mode selectionProceedings of the 8th ACM international conference on Autonomic computing10.1145/1998582.1998639(255-264)Online publication date: 14-Jun-2011
https://dl.acm.org/doi/10.1145/1998582.1998639
Hoang GBae CLange JZhang LDinda PJoseph R(2010)A Case for Alternative Nested Paging Models for Virtualized SystemsIEEE Computer Architecture Letters10.1109/L-CA.2010.69:1(17-20)Online publication date: 1-Jan-2010
https://dl.acm.org/doi/10.1109/L-CA.2010.6
Show More Cited By

Index Terms

Performance and security lessons learned from virtualizing the alpha processor
1. Computer systems organization
  1. Architectures
    1. Serial architectures
      1. Pipeline computing
2. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Performance and security lessons learned from virtualizing the alpha processor

Virtualization has become much more important throughout the computer industry both to improve security and to support multiple workloads on the same hardware with effective isolation between those workloads. The most widely used chip architecture, the ...
Xen and the art of virtualization
SOSP '03

Numerous systems have been designed which use virtualization to subdivide the ample resources of a modern computer. Some require specialized hardware, or cannot support commodity operating systems. Some target 100% binary compatibility at the expense of ...
Securing virtual machine monitors: what is needed?
ASIACCS '09: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security

It is widely believed that the use of a virtual machine monitor (VMM) is at least as secure, if not more secure than separate systems. A recent Information Week survey [6] reports that 55% of responding business technology professionals believe that a ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ISCA '07: Proceedings of the 34th annual international symposium on Computer architecture

June 2007

542 pages

ISBN:9781595937063

DOI:10.1145/1250662

General Chair:
Dean Tullsen
University of California, San Diego
,
Program Chair:
Brad Calder
Microsoft & University of California, San Diego

ACM SIGARCH Computer Architecture News Volume 35, Issue 2
May 2007
527 pages
ISSN:0163-5964
DOI:10.1145/1273440
Issue’s Table of Contents

Copyright © 2007 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGARCH: ACM Special Interest Group on Computer Architecture
IEEE-CS: Computer Society

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 June 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SPAA07

Sponsor:

SIGARCH
IEEE-CS

SPAA07: 19th ACM Symposium on Parallelism in Algorithms and Architectures

June 9 - 13, 2007

California, San Diego, USA

Acceptance Rates

Overall Acceptance Rate 543 of 3,203 submissions, 17%

Upcoming Conference

ISCA '25

Sponsor:
sigarch

The 52nd Annual International Symposium on Computer Architecture

June 21 - 25, 2025

Tokyo , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
1,219
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 21 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhao SMashtizadeh ABaumann ACrooks NSchwarzkopf M(2023)Metal: An Open Architecture for Developing Processor FeaturesProceedings of the 19th Workshop on Hot Topics in Operating Systems10.1145/3593856.3595915(15-22)Online publication date: 22-Jun-2023
https://dl.acm.org/doi/10.1145/3593856.3595915
Bae CLange JDinda PSchmeck HRosenstiel WAbdelzaher THellerstein J(2011)Enhancing virtualized application performance through dynamic adaptive paging mode selectionProceedings of the 8th ACM international conference on Autonomic computing10.1145/1998582.1998639(255-264)Online publication date: 14-Jun-2011
https://dl.acm.org/doi/10.1145/1998582.1998639
Hoang GBae CLange JZhang LDinda PJoseph R(2010)A Case for Alternative Nested Paging Models for Virtualized SystemsIEEE Computer Architecture Letters10.1109/L-CA.2010.69:1(17-20)Online publication date: 1-Jan-2010
https://dl.acm.org/doi/10.1109/L-CA.2010.6
Zou DZheng WLong JJin HChen X(2010)Constructing trusted virtual execution environment in P2P gridsFuture Generation Computer Systems10.1016/j.future.2009.05.02026:5(769-775)Online publication date: 1-May-2010
https://dl.acm.org/doi/10.1016/j.future.2009.05.020

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents