Virtualization | A Machine Reference Model

Prerequisite: Introduction to Virtualization

When an execution environment is virtualized at unlike levels of the stack of computation then it requires a reference model which defines the interfaces within the level of abstractions, and this level of abstraction hides the details of implementations.
This projects an idea that, virtualization techniques can substitute any one layer and can intercept the calls which are directed to it. That’s why a clear separation within the layers can simplify their implementations, which only need an emulation of the interfaces and a proper response with the underlying layer.

At the base layer, the model for the hardware is declared or manifested on terms of an architecture i.e. Instruction Set Architecture (ISA).

Figure- A machine reference model

Instruction Set Architecture (ISA) defines the instruction set for the processor, registers, memory, and interrupt management. It is an interface between software and hardware and It is mandatory for the operating system (OS) developer (system ISA) developers of applications who directly manages core hardware (user ISA). The operating system layer is separated by the application binary interface (ABI) from the application and libraries, which are managed by operating system.

Application Binary Interface (ABI) covers facts such as low-level data types and call conventions and it also defines a format for many programs. Mainly, system calls are defined at this level. Moreover, this type of interface enables portability of various applications and libraries across OS which employ the same ABI. Application programming interface (API) is represented by the highest level of abstraction. This API interfaces applications to libraries and/or the core OS. For an action is to be performed in the application level API, ABI and the two which are responsible to make it done. Mainly, CPU runs on two privilege levels:

1. User Mode: In this mode, memory access is restricted up to some limit whereas access to peripherals is denied.
2. Kernel Mode: In this mode, CPU has instructions which manage memory and how to be accessed and it also has instructions which enable access of the peripherals like disks and network cards. From one running program to another running program, CPU switches automatically. The expansions and applications of computing system are simplified by this layered approach. Application of multitasking and co-existence of multiple executing is simplified by this layered approach.

The first can be made within privileged and non-privileged instructions. Those instructions which can be used with interrupting with another task are known as Non- privileged instruction. They are also called so because shared resources are not accessed. Ex- contains all the fixed points, floating and arithmetic instructions. The instructions which are executed under particular restrictions and which are frequently used for sensitive operations (which expose behavior-sensitive or modify control sensitive) are known as privileged instructions.

Figure- Security Rings and Privileged Mode

It is expected that in a hyper visor-managed environment, code of guest OS runs in user to prevent it from the direct access of OS’s status. It is no longer possible to completely isolate the guest OS when non-privileged instructions are implemented.
 
Reference: Book- Mastering Cloud Computing