skip to main content
10.1145/1346256.1346280acmconferencesArticle/Chapter ViewAbstractPublication PagesveeConference Proceedingsconference-collections
research-article

Applications of a feather-weight virtual machine

Published: 05 March 2008 Publication History

Abstract

A Feather-weight Virtual Machine (FVM) is an OS-level virtualization technology that enables multiple isolated execution environments to exist on a single Windows kernel. The key design goal of FVM is efficient resource sharing among VMs so as to minimize VM startup/shutdown cost and scale to a larger number of concurrent VM instances. As a result, FVM provides an effective platform for fault-tolerant and intrusion-tolerant applications that require frequent invocation and termination of dispensable VMs. This paper presents three complete applications of the FVM technology: scalable web site testing; shared binary service for application deployment and distributed Display-Only File Server (DOFS). To identify malicious web sites that exploit browser vulnerabilities, we use a web crawler to access untrusted sites, render their pages in multiple browsers each running in a separate VM, and monitor their execution behaviors. To allow Windows-based end user machines to share binaries that are stored, managed and patched on a central location, we run shared binaries in a special VM on the end user machine whose runtime environment is imported from the central binary server. To protect confidential files in a file server against information theft by insiders, we ensure that file viewing/editing programs run in a VM, which grants file content display but prevents file content from being saved on the host machine. In this paper, we show how to customize the generic FVM framework to accommodate the needs of the three applications, and present experimental results that demonstrate their performance and effectiveness.

References

[1]
Yang Yu, Fanglu Guo, Susanta Nanda, Lap-chung Lam, and Tzi-cker Chiueh. A Feather-weight Virtual Machine for Windows Applications. In Proceedings of the 2nd International Conference on Virtual Execution Environments, June 2006.
[2]
Fanglu Guo, Yang Yu, and Tzi-cker Chiueh. Automated and Safe Vulnerability Assessment. In Proceedings of the 21th Annual Computer Security Applications Conference, December 2005.
[3]
Yang Yu and Tzi-cker Chiueh. Display-Only File Server: A Solution Against Information Theft due to Insider Attack. In Proceedings of 4th ACM Workshop on Digital Rights Management, December 2004.
[4]
Kevin Lawton, Bryce Denney, N. David Guarneri, Volker Ruppert, and Christophe Bothamy. Bochs User Manual. http://bochs.sourceforge.net/doc/docbook/user/index.html.
[5]
VMware. VMware Products. http://www.vmware.com/products/home.html.
[6]
Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. Xen and the Art of Virtualization. In Proceedings of the 19th ACM Symposium on Operating Systems Principles, pages 164--177. ACM Press, 2003.
[7]
Poul-Henning Kamp and Robert N. M. Watson. Jails: Confining the Omnipotent Root. In Proceedings of the 2nd International SANE Conference, 2000.
[8]
Herbert Potzl. Linux-VServer Technology. http://linux-vserver.org/Linux-VServer-Paper, 2004.
[9]
Sun Microsystems. Solaris Containers: Server Virtualization and Manageability. http://www.sun.com/software/whitepapers/solaris10/grid containers.pdf, September 2004.
[10]
SWsoft. Virtuozzo Server Virtualization. http://www.swsoft.com/en/products/virtuozzo.
[11]
Yi-Min Wang, Doug Beck, Xuxian Jiang, Roussi Roussev, Chad Verbowski, Shuo Chen, and Sam King. Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities. In Proceedings of 13th Annual Network and Distributed System Security Symposium, February 2006.
[12]
Alexander Moshchuk, Tanya Bragin, Steven D. Gribble, and Henry M. Levy. A Crawler-based Study of Spyware on the Web. In Proceeding of the 13th Annual Network and Distributed System Security Symposium, February 2006.
[13]
Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang, and Nagendra Modadugu. The Ghost In The Browser Analysis of Webbased Malware. In Proceeding of the first Workshop on Hot Topics in Understanding Botnets, April 2007.
[14]
Alexander Moshchuk, Tanya Bragin, Damien Deville, Steven D. Gribble, and Henry M. Levy. SpyProxy: Execution-based Detection of Malicious Web Content. In Proceeding of the 16th USENIX Security Symposium, August 2007.
[15]
Microsoft Corporation. Technical Overview of Windows Server 2003 Terminal Services. http://download.microsoft.com/download/2/8/1/281f4d94-ee89-4b21-9f9e-9accef44a743/TerminalServerOverview.doc, January 2005.
[16]
Citrix Ardence. Software-Streaming Platform. http://www.ardence.com/enterprise/products.aspx?id=56.
[17]
Constantine Sapuntzakis, David Brumley, Ramesh Chandra, Nickolai Zeldovich, Jim Chow, Monica S. Lam, and Mendel Rosenblum. Virtual Appliances for Deploying and Maintaining Software. In Proceedings of 17th Large Installation Systems Administration Conference, October 2003.
[18]
Ramesh Chandra, Nickolai Zeldovich, Constantine Sapuntzakis, and Monica S. Lam. The Collective: A Cache-Based System Management Architecture. In Proceedings of the 2nd Symposium on Networked Systems Design and Implementation, May 2005.
[19]
Microsoft. Microsoft SoftGrid Application Virtualization. http://www.microsoft.com/systemcenter/softgrid/default.mspx.
[20]
AppStream. AppStream Technology Overview. http://www.appstream.com/products-technology.html.
[21]
Bowen Alpern, Joshua Auerbach, Vasanth Bala, Thomas Frauenhofer, Todd Mummert, and Michael Pigott. PDS: A Virtual Execution Environment for Software Deployment. In Proceedings of the 1st International Conference on Virtual Execution Environments, 2005.
[22]
Thinstall. Application Virtualization: A Technical Overview of the Thinstall Application Virtualization Platform. http://thinstall.com/assets/docs/ThinstallWPApplicVirtualization4a.pdf.
[23]
Microsoft Corporation. Windows Rights Management Services. http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt.
[24]
Authentica. Authentica Secure Mail, Authentica Secure Mobile Mail, and Authentica Secure Documents. http://software.emc.com/microsites/regional/authentica.
[25]
Liquid Machines. Liquid Machines Document Control. http://www.liquidmachines.com.
[26]
Xavier Roche. HTTrack Website Copier. http://www.httrack.com.
[27]
Yi-Min Wang, Roussi Roussev, Chad Verbowski, Aaron Johnson, Ming-Wei Wu, Yennun Huang, and Sy-Yen Kuo. Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for Spyware Management. In Proceedings of 18th Large Installation System Administration Conference, November 2004.
[28]
McAfee. McAfee SiteAdvisor. http://www.siteadvisor.com/analysis/reviewercentral.
[29]
RSA Laboratories. Diffie-Hellman key agreement protocol. http://www.rsa.com/rsalabs/node.asp?id=2248.

Cited By

View all
  • (2015)Protecting against screenshots: An image processing approach2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR)10.1109/CVPR.2015.7298750(1437-1445)Online publication date: Jun-2015
  • (2013)Malware Clearance for Secure Commitment of OS-Level Virtual MachinesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2012.8810:2(70-83)Online publication date: 1-Mar-2013
  • (2012)Facilitating inter-application interactions for OS-level virtualizationACM SIGPLAN Notices10.1145/2365864.215103647:7(75-86)Online publication date: 3-Mar-2012
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
VEE '08: Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
March 2008
190 pages
ISBN:9781595937964
DOI:10.1145/1346256
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 March 2008

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. binary server
  2. browser exploit
  3. information theft
  4. virtual machine
  5. web crawler

Qualifiers

  • Research-article

Conference

VEE '08

Acceptance Rates

VEE '08 Paper Acceptance Rate 18 of 57 submissions, 32%;
Overall Acceptance Rate 80 of 235 submissions, 34%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)4
  • Downloads (Last 6 weeks)0
Reflects downloads up to 14 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2015)Protecting against screenshots: An image processing approach2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR)10.1109/CVPR.2015.7298750(1437-1445)Online publication date: Jun-2015
  • (2013)Malware Clearance for Secure Commitment of OS-Level Virtual MachinesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2012.8810:2(70-83)Online publication date: 1-Mar-2013
  • (2012)Facilitating inter-application interactions for OS-level virtualizationACM SIGPLAN Notices10.1145/2365864.215103647:7(75-86)Online publication date: 3-Mar-2012
  • (2012)Facilitating inter-application interactions for OS-level virtualizationProceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments10.1145/2151024.2151036(75-86)Online publication date: 3-Mar-2012
  • (2011)Safe side effects commitment for OS-level virtualizationProceedings of the 8th ACM international conference on Autonomic computing10.1145/1998582.1998601(111-120)Online publication date: 14-Jun-2011
  • (2011)Virtualizing system and ordinary services in Windows-based OS-level virtual machinesProceedings of the 2011 ACM Symposium on Applied Computing10.1145/1982185.1982309(579-583)Online publication date: 21-Mar-2011
  • (2010)Generic Self-Healing via RejuvenationProceedings of the 2010 Fourth IEEE International Conference on Self-Adaptive and Self-Organizing Systems Workshop10.1109/SASOW.2010.68(239-242)Online publication date: 27-Sep-2010
  • (2010)A Prefetching Framework for the Streaming Loading of Virtual SoftwareProceedings of the 2010 IEEE 16th International Conference on Parallel and Distributed Systems10.1109/ICPADS.2010.25(712-717)Online publication date: 8-Dec-2010
  • (2010)A Virtualization-Based SaaS Enabling Architecture for Cloud ComputingProceedings of the 2010 Sixth International Conference on Autonomic and Autonomous Systems10.1109/ICAS.2010.28(144-149)Online publication date: 7-Mar-2010
  • (2009)Confining windows inter-process communications for OS-level virtual machineProceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems10.1145/1518684.1518690(30-35)Online publication date: 31-Mar-2009
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media