Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
General Virtual Hosting via Lightweight User-Level Virtualization
SAINT '05 Proceedings of the The 2005 Symposium on Applications and the Internet
Memory resource management in VMware ESX server
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Secure and High-Performance Web Server System for Shared Hosting Service
ICPADS '06 Proceedings of the 12th International Conference on Parallel and Distributed Systems - Volume 1
A user-mode port of the linux kernel
ALS'00 Proceedings of the 4th annual Linux Showcase & Conference - Volume 4
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Hi-index | 0.00 |
We propose a low-cost runtime-privilege changing system that solves security problems in shared servers. The main problem with a shared server operating under conventional access control, i.e., an owner/group/other in combination with a Web server that runs under the privilege of the same user is that malicious users potentially can steal, delete, or tamper with other user's files. Existing approaches solve a portion of this problem, but they either lack performance, site-number scalability, or generality. POSIX ACL and a secure OS do not ensure security by themselves. Containers and virtual machines (VMs) have low scalability and low generality because they have the overhead of virtualization and because they typically require modifying the kernel. We implemented our system for an Apache on a Linux OS and evaluated its effectiveness. Our experimental results show that the throughput with it was, on average, 0.5% lower than that with Apache and was a maximum of 4.7% lower. Our system should be used for practical Web servers because its overhead is very low.