Nested Kernel and Intel-KGT
by Dautenhahn, Nathan Daniel
Hi All-
First I want to say, really cool work!
I am a PhD student working at the University of Illinois at Urbana Champaign and recently observed your IKGT work. This looks extremely interesting.
The first thing I would like to mention is that IKGT greatly overlaps with my recent efforts to create a new operating system architecture called the Nested Kernel. In fact it appears as almost the same thing—the example policies listed on the web page are all enforced by the Nested Kernel.
The two approaches seem to provide equivalent protection capabilities, but we would like to understand the exact capabilities of IKGT better.
One key difference is that the Nested Kernel x86-64 design provides a new technique that virtualizes ring 0 using the WP-bit as the privilege switch mechanism in contrast to the VT-x based isolation.
I am wondering if you have a paper on it so that I can get a few more details? I am working through the source code as well.
Also, I would be interested if any of the creators would be able to review the nested kernel paper at nestedkernel.org<https://urldefense.proofpoint.com/v2/url?u=http-3A__nestedkernel.org&d=Aw...>. I am interested to ascertain how much overlap exists between the features.
Some technical questions:
— Are you using VMFUNC for fast context switching? The code appears to do this, but I am just wondering.
— Do you have any performance evaluation of the system?
Thanks,
- Nathan Dautenhahn
