Virtualization Mechanisms for Mobility, Security and System Administration

Virtualization Mechanisms for Mobility, Security and System Administration Shaya Potter This dissertation demonstrates that operating system virtualization is an effective method for solving many different types of computing problems. We have designed novel systems that make use of commodity software while solving problems that were not conceived when the software was originally written. We show that by leveraging and extending existing virtualization techniques, and introducing new ones, we can build these novel systems without requiring the applications or operating systems to be rewritten. We introduce six architectures that leverage operating system virtualization. *Pod creates fully secure virtual environments and improves user mobility. AutoPod reduces the downtime needed to apply kernel patches and perform system maintenance. PeaPod creates least-privilege systems by introducing the pea abstraction. Strata improves the ability of administrators to manage large numbers of machines by introducing the Virtual Layered File System. Apiary builds upon Strata to create a new form of desktop security by using isolated persistent and ephemeral application containers. Finally, ISE-T applies the two-person control model to system administration. By leveraging operating system virtualization, we have built these architectures on Linux without requiring any changes to the underlying kernel or user-space applications. Our results, with real applications, demonstrate that operating system virtualization has minimal overhead. These architectures solve problems with minimal impact on end-users while providing functionality that would previously have required modifications to the underlying system.