No More Turtles: The SecondaryVM Framework - An Alternative to Nested Virtualization

Explore an innovative alternative to nested virtualization in this conference talk by Mengmei Ye and Angelo Ruocco from IBM Research. Delve into the challenges of traditional nested virtualization, including increased attack surfaces and incompatibility with encrypted VM technologies like AMD SEV and Intel TDX. Learn about the proposed SecondaryVM framework, which allows a primary VM to launch secondary VMs within the same cgroup partition. Discover the current implementation progress, challenges, and potential future applications of this framework. Gain insights into key aspects such as operations and processes issued by primary VMs, network communications between primary and secondary VMs, storage and image management for secondary VMs, and deployment across various platforms like Libvirt and Kubevirt.

No More Turtles: The SecondaryVM Framework - An Alternative to Nested... Mengmei Ye & Angelo Ruocco