Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Display-only file server: a solution against information theft due to insider attack
Proceedings of the 4th ACM workshop on Digital rights management
Virtual Appliances for Deploying and Maintaining Software
LISA '03 Proceedings of the 17th USENIX conference on System administration
Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for Spyware Management
LISA '04 Proceedings of the 18th USENIX conference on System administration
PDS: a virtual execution environment for software deployment
Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments
Automated and Safe Vulnerability Assessment
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
A feather-weight virtual machine for windows applications
Proceedings of the 2nd international conference on Virtual execution environments
The collective: a cache-based system management architecture
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
The ghost in the browser analysis of web-based malware
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
SpyProxy: execution-based detection of malicious web content
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Confining windows inter-process communications for OS-level virtual machine
Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems
Virtualizing system and ordinary services in Windows-based OS-level virtual machines
Proceedings of the 2011 ACM Symposium on Applied Computing
Safe side effects commitment for OS-level virtualization
Proceedings of the 8th ACM international conference on Autonomic computing
Facilitating inter-application interactions for OS-level virtualization
VEE '12 Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
Hi-index | 0.00 |
A Feather-weight Virtual Machine (FVM) is an OS-level virtualization technology that enables multiple isolated execution environments to exist on a single Windows kernel. The key design goal of FVM is efficient resource sharing among VMs so as to minimize VM startup/shutdown cost and scale to a larger number of concurrent VM instances. As a result, FVM provides an effective platform for fault-tolerant and intrusion-tolerant applications that require frequent invocation and termination of dispensable VMs. This paper presents three complete applications of the FVM technology: scalable web site testing; shared binary service for application deployment and distributed Display-Only File Server (DOFS). To identify malicious web sites that exploit browser vulnerabilities, we use a web crawler to access untrusted sites, render their pages in multiple browsers each running in a separate VM, and monitor their execution behaviors. To allow Windows-based end user machines to share binaries that are stored, managed and patched on a central location, we run shared binaries in a special VM on the end user machine whose runtime environment is imported from the central binary server. To protect confidential files in a file server against information theft by insiders, we ensure that file viewing/editing programs run in a VM, which grants file content display but prevents file content from being saved on the host machine. In this paper, we show how to customize the generic FVM framework to accommodate the needs of the three applications, and present experimental results that demonstrate their performance and effectiveness.