Loading…
KVM Forum 2022 has ended

September 12-14, 2022
Dublin, Ireland + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KVM Forum 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.


This schedule is automatically displayed in Irish Standard Time (IST), UTC +1. To see the schedule in your preferred time zone, please select from the drop-down menu on the right, just above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Tuesday, September 13 • 11:05 - 11:30
No More Turtles: The SecondaryVM Framework - An Alternative to Nested Virtualization  - Mengmei Ye & Angelo Ruocco, IBM Research

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Although nested virtualization has been well-designed in the community, there still exist several challenges that remain to be addressed. For instance, enabling such feature exposes more attack surfaces, since the implementation of nested virtualization heavily enlarges the code base of hypervisors. Furthermore, in the emerging field of confidential computing, encrypted VM technology such as AMD SEV and Intel TDX does not support nested virtualization. To address these challenges, the presenters propose an alternative to nested virtualization, namely a SecondaryVM framework. In this framework, a primary VM is booted within a cgroup partition and given the capability to launch secondary VMs in the same cgroup. The presenters will show current implementation progress, challenges, and future use cases of this framework, such as allowed operations/processes issued by primary VMs, network communications among primary and secondary VMs, storage/images of the secondary VMs, and deployment with diverse platforms (Libvirt, Kubevirt, etc.).

Speakers
avatar for Mengmei Ye

Mengmei Ye

Research Staff Member, IBM Research
Mengmei Ye is a Research Staff Member in IBM Research working on cloud security and system partitioning. She received her Ph.D. in Electrical and Computer Engineering from Rutgers University in 2021. Her research work has been recognized with a Best Paper Award at IEEE ICCD 2016 and... Read More →
AR

Angelo Ruocco

Software Developer, IBM Research
Angelo has worked in static-partitioning hypervisors on embedded arm64 systems. Recently he moved to IBM to focus more on hypervisor security and performance on x86.



Tuesday September 13, 2022 11:05 - 11:30 IST
Liffey Meeting Room 2
  KVM Forum Track 2