A feather-weight virtual machine for windows applications

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A feather-weight virtual machine for windows applications

Full text

Pdf (192 KB)

Source

ACM/Usenix International Conference On Virtual Execution Environments archive
Proceedings of the 2nd international conference on Virtual execution environments table of contents

Ottawa, Ontario, Canada

SESSION: Security and eliability table of contents

Pages: 24 - 34

Year of Publication: 2006

ISBN:1-59593-332-6

Authors

Yang Yu	Stony Brook University
Fanglu Guo	Stony Brook University
Susanta Nanda	Stony Brook University
Lap-chung Lam	Stony Brook University
Tzi-cker Chiueh	Stony Brook University

Sponsors

ACM: Association for Computing Machinery
SIGPLAN: ACM Special Interest Group on Programming Languages
SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 19, Downloads (12 Months): 198, Citation Count: 2

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTex EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1134760.1134766 What is a DOI?

ABSTRACT

Many fault-tolerant and intrusion-tolerant systems require the ability to execute unsafe programs in a realistic environment without leaving permanent damages. Virtual machine technology meets this requirement perfectly because it provides an execution environment that is both realistic and isolated. In this paper, we introduce an OS level virtual machine architecture for Windows applications called Feather-weight Virtual Machine (FVM), under which virtual machines share as many resources of the host machine as possible while still isolated from one another and from the host machine. The key technique behind FVM is namespace virtualization, which isolates virtual machines by renaming resources at the OS system call interface. Through a copy-on-write scheme, FVM allows multiple virtual machines to physically share resources but logically isolate their resources from each other. A main technical challenge in FVM is how to achieve strong isolation among different virtual machines and the host machine, due to numerous namespaces and interprocess communication mechanisms on Windows. Experimental results demonstrate that FVM is more flexible and scalable, requires less system resource, incurs lower start-up and run-time performance overhead than existing hardware-level virtual machine technologies, and thus makes a compelling building block for security and fault-tolerant applications.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	K. Lawton, B. Denney, N. D. Guarneri, V. Ruppert, C. Bothamy, and M. Calabrese, "Bochs user manual," http://bochs.sourceforge.net/doc/docbook/user/index.html.
	2	VMware, "Vmware products," http://www.vmware.com/products/, 2006.
	3	Microsoft, "Microsoft virtual pc 2004," http://www.microsoft.com/windows/virtualpc/default.mspx.
	4	P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield, "Xen and the art of virtualization," in Proceedings of the 19th ACM Symposium on Operating Systems Principles. ACM Press, 2003, pp. 164--177.
	5	P. Kamp and R. Watson, "Jails: Confining the omnipotent root," in Proceedings of the 2nd International SANE Conference, 2000.
	6	Sun Microsystems, "Solaris containers: Server virtualization and manageability," http://www.sun.com/software/whitepapers/solaris10/grid_containers.pdf, September 2004.
	7	H. Potzl, "Linux-vserver technology," http://linux-vserver.org/Linux-VServer-Paper, 2004.
	8	B. Alpern, J. Auerbach, V. Bala, T. Frauenhofer, T. Mummert, and M. Pigott, "Pds: A virtual execution environment for software deployment," in Proceedings of the 1st International Conference on Virtual Execution Environments, 2005.
	9	Softricity, "Application virtualization technology," http://www.softricity.com/products/virtualization.asp.
	10	J. Sugerman, G. Venkitachalam, and B. Lim, "Virtualizing i/o devices on vmware workstation's hosted virtual machine monitor," in Proceedings of the 2001 USENIX Annual Technical Conference, June 2001.
	11	A. Whitaker, M. Shaw, and S. D. Gribble, "Denali: Lightweight virtual machines for distributed and networked applications," in Proceedings of the USENIX Annual Technical Conference, June 2002.
	12	J. Dike, "A user-mode port of the linux kernel," in Proceedings of the 4th Annual Linux Showcase and Conference, 2001.
	13	C. A. Waldspurger, "Memory resource management in vmware esx server," in Proceedings of the 5th Symposium on Operating Systems Design and Implementation, December 2002.
	14	Sphera, "Sphera server virtualization," http://www.sphera.com/prod-serv-server_virtualization.php.
	15	SWsoft, "Virtuozzo for windows & linux server virtualization," http://www.virtuozzo.com/en/products/virtuozzo/.
	16	AppStream, "Appstream technology overview," http://www.appstream.com/products-technology.html.
	17	Thinstall, "Application virtualization: A technical overview of the thinstall application virtualization platform," https://thinstall.com/products/documents/ThinstallTechnicalOverview_V1Feb06.pdf.
	18	A. Dornan, "Application streaming: The virtual thin client," http://www.itarchitectmag.com/shared/article/showArticle.jhtml?articleId=175001526&pgno=1, January 2006.
	19	Trigence, "Optimized application management with trigence ae," http://www.trigence.com/whitepaper/download/OptAppMgmt.pdf, 2005.
	20	A. Ernst, "Meiosys: Application virtualization and stateful application relocation," http://www.virtual-strategy.com/article/articleview/680/1/2/, 2005.
	21	R. A. Baratto, S. Potter, G. Su, and J. Nieh, "Mobidesk: Mobile virtual desktop computing," in Proceedings of the 10th ACM Conference on Mobile Computing and Networking, 2004.
	22	Z. Liang, V. Venkatakrishnan, and R. Sekar, "Isolated program execution: An application transparent approach for executing untrusted programs," in Proceedings of 19th Annual Computer Security Applications Conference, December 2003.
	23	W. Sun, Z. Liang, V. Venkatakrishnan, and R. Sekar, "One-way isolation: An effective approach for realizing safe execution environments," in Proceedings of 12th Annual Network and Distributed System Security Symposium, 2005.
	24	GreenBorder, "Greenborder's proactive security architecture," http://www.greenborder.com/solutions/technology.php.
	25	R. Balzer, "Safe email, safe office, and safe web browser," in Proceedings of the DARPA Information Survivability Conference and Exposition, 2003.
	26	K. Brown, "Security in longhorn: Focus on least privilege," http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnlong/html/leastprivlh.asp, 2004.
	27	Wine, "Wine user guide," http://www.winehq.com/site/docs/wineusr-guide/index.
	28	Red Hat, Inc, "Cygwin user's guide," http://cygwin.com/cygwin-ug-net/cygwin-ug-net.html.
	29	C. Soules, G. Goodson, J. Strunk, and G. Ganger, "Metadata efficiency in a comprehensive versioning file system," in Proceedings of USENIX Conference on File and Storage Technologies, April 2003.
	30	N. Zhu and T. Chiueh, "Design, implementation, and evaluation of repairable file service," in Proceedings of the 2003 International Conference on Dependable Systems and Networks, June 2003.
	31	K.-K. Muniswamy-Reddy, C. P. Wright, A. Himmer, , and E. Zadok, "A versatile and user-oriented versioning file system," in Proceedings of USENIX Conference on File and Storage Technologies, 2004.
	32	T. Close, A. H. Karp, and M. Stiegler, "Shatter-proofing windows," Technical Report HPL-2005-87, HP Laboratories Palo Alto, May 2005.
	33	M. Corporation, "Technical overview of windows server 2003 terminal services," http://download.microsoft.com/download/2/8/1/281f4d94-ee89-4b21-9f9e-9accef44a743/TerminalServerOverview.doc, January 2005.
	34	G. Nebbett, Windows NT/2000 Native API Reference. New Riders Publishing, 2000.
	35	skape and Skywing, "Bypassing patchguard on windows x64," http://www.uninformed.org/?v=3&a=3&t=pdf, December 2005.
	36	D. A. Solomon and M. E. Russinovich, Inside Microsoft Windows 2000. Microsoft Press, 2000, ch. 3.
	37	T. Chiueh, L. Lam, Y. Yu, P. Cheng, and C. Chang, "Secure mobile code execution service," in Proceedings of 2004 Virus Bulletin Conference, August 2004.
	38	T. Chiueh, H. Sankaran, and A. Neogi, "Spout: A transparent distributed execution engine for java applets," IEEE Journal of Selected Areas in Communications, vol. 20, no. 7, September 2002.
	39	R. A. Grimes, Malicious Mobile Code - Virus Protection for Windows. O'Reilly, 2001, ch. 1.
	40	A. Conry-Murray, "Product focus: Behavior-blocking stops unknown malicious code," http://www.itarchitect.com/article/NMG20020603S0009, June 2002.
	41	F. Guo, Y. Yu, and T. cker Chiueh, "Automated and safe vulnerability assessment," in Proceedings of the 21th Annual Computer Security Applications Conference, December 2005.
	42	J. Srouji, P. Schuster, M. Bach, and Y. Kuzmin, "A transparent checkpoint facility on nt," in Proceedings of 2nd USENIX Windows NT Symposium, August 1998.

CITED BY 2

	Yang Yu , Hariharan Kolam , Lap-Chung Lam , Tzi-cker Chiueh, Applications of a feather-weight virtual machine, Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments, March 05-07, 2008, Seattle, WA, USA
	Christian Seifert , Ian Welch , Peter Komisarczuk, Application of divide-and-conquer algorithm paradigm to improve the detection speed of high interaction client honeypots, Proceedings of the 2008 ACM symposium on Applied computing, March 16-20, 2008, Fortaleza, Ceara, Brazil