NOVA Microhypervisor

The NOVA OS Virtualization Architecture is a research project aimed at constructing a secure virtualization environment with a small trusted computing base. NOVA consists of a microhypervisor and a deprivileged multi-server user-mode environment running on top of it.

Like third-generation microkernels, the NOVA microhypervisor uses a capability-based authorization model and provides only basic mechanisms for virtualization, spatial and temporal separation, scheduling, communication, and management of platform resources. The disaggregated multi-server environment implements additional operating-system services in user mode, such as device drivers, protocol stacks, and policies. On machines with hardware virtualization features, NOVA can run multiple unmodified guest operating systems concurrently. Each VM has its own associated virtual-machine monitor (VMM) that runs as an unprivileged user application on top of the microhypervisor.

Supported Hardware Platforms

• NOVA runs on multi-core 64-bit x86 and ARMv8 machines that support ACPI.
• It also runs under QEMU (including VM support), and as a microkernel in a virtual machine on top of itself.
• On x86, a platform with Intel VT-x or AMD-V is required for running guest operating systems in VMs.

Download

The source code of the NOVA microhypervisor is available as a git repository at https://github.com/udosteinberg/NOVA.

NOVA is licensed under the terms of the GNU General Public License version 2.

Deployments

• NOVA is the foundation for the BlueRock Trusted Runtime, which combines a formally verified secure trusted computing base with VM introspection and policy enforcement.
• The Genode Operating System Framework, a highly dynamic user-level environment, uses the NOVA microhypervisor as the default kernel for the Sculpt general-purpose OS.
• The Hedron Hypervisor is a derivative of the NOVA microhypervisor.
• The NOVA User-Level Environment (NUL) includes the virtual-machine monitor, a partition manager, and host device drivers.
• The NOVA Runtime Environment (NRE) is being developed as a potential successor of NUL.

Presentations

• U. Steinberg
  Minimize your TCB using a Microkernel-Based System
  Charter of Trust 2024
• U. Steinberg
  Using the NOVA Microhypervisor for Trusted Computing at Scale
  FOSDEM 2024
• U. Steinberg
  NOVA Microhypervisor: Measured Launch
  TU Dresden 2023
• U. Steinberg
  NOVA Microhypervisor: Feature Update
  FOSDEM 2023
• U. Steinberg
  NOVA Microhypervisor on ARMv8-A
  FOSDEM 2020
• U. Steinberg
  The NOVA Microhypervisor
  FOSDEM 2013

Publications

• U. Steinberg, B. Kauer
  NOVA: A Microhypervisor-Based Secure Virtualization Architecture
  Eurosys 2010
• U. Steinberg, B. Kauer
  Towards a Scalable Multiprocessor User-Level Environment
  IIDS 2010
• U. Steinberg, A. Böttcher, B. Kauer
  Timeslice Donation in Component-Based Systems
  OSPERT 2010

Posters

• U. Steinberg, B. Kauer
  NOVA: Virtualization with a Small Trusted Computing Base
  OSDI 2008 Poster Session
• B. Kauer, U. Steinberg, J. Stecklina
  Rapid I/O: Improving the Efficiency of I/O Virtualization
  Eurosys 2010 Poster Session

Theses

• M. Partheymüller
  Adding SMP Support to a User-Level VMM
  Diploma Thesis
• J. Galowicz
  Live Migration of Virtual Machines between Heterogeneous Host Systems
  Master Thesis