Secure Execution of Java Applets Using a Remote Playground
IEEE Transactions on Software Engineering
Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor
Proceedings of the General Track: 2002 USENIX Annual Technical Conference
Spout: A Transparent Distributed Execution Engine for Java Applets
ICDCS '00 Proceedings of the The 20th International Conference on Distributed Computing Systems ( ICDCS 2000)
When Virtual Is Better Than Real
HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Isolated Program Execution: An Application Transparent Approach for Executing Untrusted Programs
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Intel Virtualization Technology
Computer
Denali: a scalable isolation kernel
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
A comparison of software and hardware techniques for x86 virtualization
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
QEMU, a fast and portable dynamic translator
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
A user-mode port of the linux kernel
ALS'00 Proceedings of the 4th annual Linux Showcase & Conference - Volume 4
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Internet-based Virtual Computing Environment: Beyond the data center as a computer
Future Generation Computer Systems
Hi-index | 0.00 |
This paper proposes a Secure Virtual Execution Environment called Pollux for untrusted code. Pollux achieves both the OS isolation and the functionality benefits provided by the isolated untrusted applications. It accomplishes the OS isolation by introducing a hosted virtual machine as the untrusted code container. The key feature of Pollux is its capability of reproducing the host execution environment, thus the behavior of isolated applications recurs as if they were running natively within the host OS. This characteristic is accomplished by the novel local-booted technology, which means the virtual machine boots not from a newly installed OS image but just from the preinstalled host OS. Thus, Pollux provides security against potential malicious code without negating the functionality benefits of benign programs. This paper focuses on the architecture of Pollux and outlines the implementation framework.