Attacking the process migration bottleneck
SOSP '87 Proceedings of the eleventh ACM Symposium on Operating systems principles
Virtual memory primitives for user programs
ASPLOS IV Proceedings of the fourth international conference on Architectural support for programming languages and operating systems
Mostly parallel garbage collection
PLDI '91 Proceedings of the ACM SIGPLAN 1991 conference on Programming language design and implementation
ESA/390 interpretive-execution architecture, foundation for VM/ESA
IBM Systems Journal
Exokernel: an operating system architecture for application-level resource management
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Extensibility safety and performance in the SPIN operating system
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Microkernels meet recursive virtual machines
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Disco: running commodity operating systems on scalable multiprocessors
Proceedings of the sixteenth ACM symposium on Operating systems principles
AVM: application-level virtual memory
HOTOS '95 Proceedings of the Fifth Workshop on Hot Topics in Operating Systems (HotOS-V)
The design and implementation of Zap: a system for migrating computing environments
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments
Intel Virtualization Technology
Computer
SubVirt: Implementing malware with virtual machines
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
The Compressor: concurrent, incremental, and parallel compaction
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Libra: a library operating system for a jvm in a virtualized execution environment
Proceedings of the 3rd international conference on Virtual execution environments
Accelerating two-dimensional page walks for virtualized systems
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Wedge: splitting applications into reduced-privilege compartments
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Vx32: lightweight user-level sandboxing on the x86
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Leveraging legacy code to deploy desktop applications on the web
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Tolerating malicious device drivers in Linux
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
Trust and protection in the Illinois browser operating system
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
The turtles project: design and implementation of nested virtualization
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
C4: the continuously concurrent compacting collector
Proceedings of the international symposium on Memory management
Hardware-supported virtualization on ARM
Proceedings of the Second Asia-Pacific Workshop on Systems
Revisiting hardware-assisted page walks for virtualized systems
Proceedings of the 39th Annual International Symposium on Computer Architecture
A framework for application guidance in virtual memory systems
Proceedings of the 9th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Composing OS extensions safely and efficiently with Bascule
Proceedings of the 8th ACM European Conference on Computer Systems
Transparently consistent asynchronous shared memory
Proceedings of the 3rd International Workshop on Runtime and Operating Systems for Supercomputers
HotOS'13 Proceedings of the 14th USENIX conference on Hot Topics in Operating Systems
Lightweight snapshots and system-level backtracking
HotOS'13 Proceedings of the 14th USENIX conference on Hot Topics in Operating Systems
Arrakis: a case for the end of the empire
HotOS'13 Proceedings of the 14th USENIX conference on Hot Topics in Operating Systems
The nonkernel: a kernel designed for the cloud
Proceedings of the 4th Asia-Pacific Workshop on Systems
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
ACM SIGOPS 24th Symposium on Operating Systems Principles
Towards optimization-safe systems: analyzing the impact of undefined behavior
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
Weir: a streaming language for performance analysis
Proceedings of the Seventh Workshop on Programming Languages and Operating Systems
Bringing java's wild native world under control
ACM Transactions on Information and System Security (TISSEC)
A virtualized separation kernel for mixed criticality systems
Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Hi-index | 0.00 |
Dune is a system that provides applications with direct but safe access to hardware features such as ring protection, page tables, and tagged TLBs, while preserving the existing OS interfaces for processes. Dune uses the virtualization hardware in modern processors to provide a process, rather than a machine abstraction. It consists of a small kernel module that initializes virtualization hardware and mediates interactions with the kernel, and a user-level library that helps applications manage privileged hardware features. We present the implementation of Dune for 64- bit x86 Linux. We use Dune to implement three user-level applications that can benefit from access to privileged hardware: a sandbox for untrusted code, a privilege separation facility, and a garbage collector. The use of Dune greatly simplifies the implementation of these applications and provides significant performance advantages.