SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
The performance of μ-kernel-based systems
Proceedings of the sixteenth ACM symposium on Operating systems principles
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Reducing TCB size by using untrusted components: small kernels versus virtual-machine monitors
Proceedings of the 11th workshop on ACM SIGOPS European workshop
Reducing TCB complexity for security-sensitive applications: three case studies
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
QEMU, a fast and portable dynamic translator
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Secure web applications via automatic partitioning
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Improving Xen security through disaggregation
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Accelerating two-dimensional page walks for virtualized systems
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Privilege separation made easy: trusting small libraries not big processes
Proceedings of the 1st European Workshop on System Security
NOVA: a microhypervisor-based secure virtualization architecture
Proceedings of the 5th European conference on Computer systems
Separating hypervisor trusted computing base supported by hardware
Proceedings of the fifth ACM workshop on Scalable trusted computing
Secure virtualization for cloud computing
Journal of Network and Computer Applications
Isolating commodity hosted hypervisors with HyperLock
Proceedings of the 7th ACM european conference on Computer Systems
VM aware journaling: improving journaling file system performance in virtualization environments
Software—Practice & Experience
Hi-index | 0.00 |
The trusted computing base of legacy applications can be reduced significantly by separating their security-critical parts into dedicated protection domains. As yet, paravirtualization has been used to host the non-secure portion. The applicability of this approach is limited by the need of source code access. We show how to implement efficient virtual machines in a microkernel-based system enabling the reuse of arbitrary operating systems. We found that the performance is on par with other virtual machine implementations, while security-sensitive applications retain their small trusted computing base. In fact, the kernel growth is marginal (500 SLOC), other security-critical components are not affected.