Interposition agents: transparently interposing user code at the system interface
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
SSU: Extending SSH for Secure Root Administration
LISA '98 Proceedings of the 12th USENIX conference on System administration
In VINI veritas: realistic and controlled network experimentation
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Operating system support for planetary-scale network services
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Experiences building PlanetLab
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
SLIC: an extensibility system for commodity operating systems
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Trellis: a platform for building flexible, fast virtual networks on commodity hardware
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Flexible, wide-area storage for distributed systems with WheelFS
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Direct code execution: revisiting library OS architecture for reproducible network experiments
Proceedings of the ninth ACM conference on Emerging networking experiments and technologies
Hi-index | 0.00 |
We present Vsys, a mechanism for restricting access to privileged operations, much like the popular sudo tool on UNIX. Unlike sudo, Vsys allows privileges to be constrained using general-purpose programming languages and facilitates composing multiple system services into powerful abstractions for isolation. In use for over three years on PlanetLab, Vsys has enabled over 100 researchers to create private overlay networks, userlevel file systems, virtual switches, and TCP-variants that function safely and without interference. Vsys has also been used by applications such as whole-system monitoring in a VM. We describe the design of Vsys and discuss our experiences and lessons learned.