> uber eXtensible Micro-Hypervisor Framework

Overview

Latest News:
  • October 3rd, 2018: uberXMHF 4.1 released, see release notes and changelog here
  • April 26th, 2018: Our paper describing uberXMHF for the Raspberry PI 3 platform received the "Best Paper Award" at the 2018 IEEE European Symposium on Security and Privacy.

The uber eXtensible Micro-Hypervisor Framework (uberXMHF) is a compositionally verifiable, extensible, micro-hypervisor framework for commodity platforms advocating the design and development of a new class of security-oriented micro-hypervisor based applications (“uberapps”).

uberXMHF is designed to achieve three goals: modular extensibility, automated (compositional) verification, and high performance.

uberXMHF includes a core that provides functionality common to many hypervisor-based security architectures and supports extensions that augment the core with additional security or functional properties while preserving the fundamental hypervisor security property of memory integrity (i.e., ensuring that the hypervisor’s memory is not modified by software running at a lower privilege level).

uberXMHF advocates a “rich” commodity single-guest execution model (uberguest) where the hypervisor framework supports only a single, commodity guest OS and allows the guest direct access to all performance-critical system devices and device interrupts. In principle, the uberguest could also be a traditional hypervisor/VMM.

uberXMHF currently runs on both x86 (Intel and AMD) and ARM (Raspberry PI) multi-core hardware virtualized platforms with support for nested (2-dimensional) paging. The framework is capable of running unmodified legacy multiprocessor capable OSes such as Linux and Windows.