Virtualization Mechanisms for Mobility, Security and System Administration

نویسنده

  • Shaya Potter
چکیده

Virtualization Mechanisms for Mobility, Security and System Administration Shaya Potter This dissertation demonstrates that operating system virtualization is an effective method for solving many different types of computing problems. We have designed novel systems that make use of commodity software while solving problems that were not conceived when the software was originally written. We show that by leveraging and extending existing virtualization techniques, and introducing new ones, we can build these novel systems without requiring the applications or operating systems to be rewritten. We introduce six architectures that leverage operating system virtualization. *Pod creates fully secure virtual environments and improves user mobility. AutoPod reduces the downtime needed to apply kernel patches and perform system maintenance. PeaPod creates least-privilege systems by introducing the pea abstraction. Strata improves the ability of administrators to manage large numbers of machines by introducing the Virtual Layered File System. Apiary builds upon Strata to create a new form of desktop security by using isolated persistent and ephemeral application containers. Finally, ISE-T applies the two-person control model to system administration. By leveraging operating system virtualization, we have built these architectures on Linux without requiring any changes to the underlying kernel or user-space applications. Our results, with real applications, demonstrate that operating system virtualization has minimal overhead. These architectures solve problems with minimal impact on end-users while providing functionality that would previously have required modifications to the underlying system.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Virtualization Based Security Framework (vBASE)

In general, computer security aims at providing confidentiality, integrity and availability to computing systems. Traditionally, researchers in the fields of computer security have used software and hardware mechanisms for implementing security in computing systems. Software only security approaches typically deal with application level and Operating System (OS) level security mechanisms. Thoug...

متن کامل

Pouring Cloud Virtualization Security Inside Out

In this article, virtualization security concerns in the cloud computing domain are reviewed. The focus is toward virtual machine (VM) security where attacks and vulnerabilities such as VM escape, VM hopping, cross-VM side-channel, VM-based rootkits (VMBRs), VM mobility, and VM remote are mentioned and discussed according to their relevance in the clouds. For each attack we outline how they aff...

متن کامل

Critical Success Factors for Data Virtualization: A Literature Review

Data Virtualization (DV) has become an important method to store and handle data cost-efficiently. However, it is unclear what kind of data and when data should be virtualized or not. We applied a design science approach in the first stage to get a state of the art of DV regarding data integration and to present a concept matrix. We extend the knowledge base with a systematic literature review ...

متن کامل

Virtualization Aware File Systems: Getting Beyond the Limitations of Virtual Disks

Virtual disks are the main form of storage in today’s virtual machine environments. They offer many attractive features, including whole system versioning, isolation, and mobility, that are absent from current file systems. Unfortunately, the low-level interface of virtual disks is very coarse-grained, forcing all-or-nothing whole system rollback, and opaque, offering no practical means of shar...

متن کامل

Virtualization Based Secure Execution and Testing Framework

Computer security aims at protecting confidentiality, integrity, and availability of sensitive information that are processed, used, or stored by computing systems. Computer scientists working in the field of computer security have successfully designed and developed software and hardware mechanisms to provide security in modern day computing devices. As compared to hardware security mechanisms...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2010