Using continuations to implement thread management and communication in operating systems
SOSP '91 Proceedings of the thirteenth ACM symposium on Operating systems principles
A Retrospective on the VAX VMM Security Kernel
IEEE Transactions on Software Engineering
Microkernels meet recursive virtual machines
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Lazy receiver processing (LRP): a network subsystem architecture for server systems
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
The Flux OSKit: a substrate for kernel and language research
Proceedings of the sixteenth ACM symposium on Operating systems principles
Application performance and flexibility on exokernel systems
Proceedings of the sixteenth ACM symposium on Operating systems principles
Extensible security architectures for Java
Proceedings of the sixteenth ACM symposium on Operating systems principles
Disco: running commodity operating systems on scalable multiprocessors
Proceedings of the sixteenth ACM symposium on Operating systems principles
Computer security
Resource containers: a new facility for resource management in server systems
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Improving the granularity of access control in Windows NT
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Chord: A scalable peer-to-peer lookup service for internet applications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
An empirical study of operating systems errors
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
The persistent relevance of the local operating system to global applications
EW 7 Proceedings of the 7th workshop on ACM SIGOPS European workshop: Systems support for worldwide applications
Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor
Proceedings of the General Track: 2002 USENIX Annual Technical Conference
Design and verification of secure systems
SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
WSCLOCK—a simple and effective algorithm for virtual memory management
SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
Analysis of the Intel Pentium's ability to support a secure virtual machine monitor
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Alpine: a user-level infrastructure for network protocol development
USITS'01 Proceedings of the 3rd conference on USENIX Symposium on Internet Technologies and Systems - Volume 3
Organization-based analysis of web-object sharing and caching
USITS'99 Proceedings of the 2nd conference on USENIX Symposium on Internet Technologies and Systems - Volume 2
WindowBox: a simple security model for the connected desktop
WSS'00 Proceedings of the 4th conference on USENIX Windows Systems Symposium - Volume 4
Agent Tcl: a flexible and secure mobile-agent system
TCLTK'96 Proceedings of the 4th conference on USENIX Tcl/Tk Workshop, 1996 - Volume 4
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Virtual services: a new abstraction for server consolidation
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
An architecture for large scale Internet measurement
IEEE Communications Magazine
The design and implementation of an operating system to support distributed multimedia applications
IEEE Journal on Selected Areas in Communications
A blueprint for introducing disruptive technology into the Internet
ACM SIGCOMM Computer Communication Review
Application specific data replication for edge services
WWW '03 Proceedings of the 12th international conference on World Wide Web
A Network Worm Vaccine Architecture
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
A case for virtual channel processors
NICELI '03 Proceedings of the ACM SIGCOMM workshop on Network-I/O convergence: experience, lessons, implications
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
PlanetLab: an overlay testbed for broad-coverage services
ACM SIGCOMM Computer Communication Review
Improving availability with recursive microreboots: a soft-state system case study
Performance Evaluation - Dependable systems and networks-performance and dependability symposium (DSN-PDS) 2002: Selected papers
Devirtualizable virtual machines enabling general, single-node, online maintenance
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Improving Availability and Performance with Application-Specific Data Replication
IEEE Transactions on Knowledge and Data Engineering
VMPlants: Providing and Managing Virtual Machine Execution Environments for Grid Computing
Proceedings of the 2004 ACM/IEEE conference on Supercomputing
Friendly virtual machines: leveraging a feedback-control model for application adaptation
Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments
Diagnosing performance overheads in the xen virtual machine environment
Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments
PDS: a virtual execution environment for software deployment
Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments
Slingshot: deploying stateful services in wireless hotspots
Proceedings of the 3rd international conference on Mobile systems, applications, and services
Intel Virtualization Technology
Computer
Labels and event processes in the asbestos operating system
Proceedings of the twentieth ACM symposium on Operating systems principles
Mondrix: memory isolation for linux using mondriaan memory protection
Proceedings of the twentieth ACM symposium on Operating systems principles
Scalability, fidelity, and containment in the potemkin virtual honeyfarm
Proceedings of the twentieth ACM symposium on Operating systems principles
Privileged operations in the PlanetLab virtualised environment
ACM SIGOPS Operating Systems Review
Supporting application quality of service in shared resource pools
Communications of the ACM - Self managed systems
Reducing TCB size by using untrusted components: small kernels versus virtual-machine monitors
Proceedings of the 11th workshop on ACM SIGOPS European workshop
A sledgehammer approach to reuse of legacy device drivers
Proceedings of the 11th workshop on ACM SIGOPS European workshop
Live updating operating systems using virtualization
Proceedings of the 2nd international conference on Virtual execution environments
Spin Detection Hardware for Improved Management of Multithreaded Systems
IEEE Transactions on Parallel and Distributed Systems
MINIX 3: a highly reliable, self-repairing operating system
ACM SIGOPS Operating Systems Review
Hardware support for spin management in overcommitted virtual machines
Proceedings of the 15th international conference on Parallel architectures and compilation techniques
Geiger: monitoring the buffer cache in a virtual machine environment
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Experiences with node virtualization for scalable network emulation
Computer Communications
Operating system support for virtual machines
ATEC '03 Proceedings of the annual conference on USENIX Annual Technical Conference
Debugging operating systems with time-traveling virtual machines
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Proper: privileged operations in a virtualised system environment
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Building secure high-performance web services with OKWS
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Xen and the art of repeated research
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Virtual appliances in the collective: a road to hassle-free computing
HOTOS'03 Proceedings of the 9th conference on Hot Topics in Operating Systems - Volume 9
HOTOS'03 Proceedings of the 9th conference on Hot Topics in Operating Systems - Volume 9
Palimpsest: soft-capacity storage for planetary-scale services
HOTOS'03 Proceedings of the 9th conference on Hot Topics in Operating Systems - Volume 9
Are virtual machine monitors microkernels done right?
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
Make least privilege a right (not a privilege)
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
Reducing downtime due to system maintenance and upgrades
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Measurement and analysis of spywave in a university environment
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Constructing services with interposable virtual hardware
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Operating system support for planetary-scale network services
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
FoxyTechnique: tricking operating system policies with a virtual machine monitor
Proceedings of the 3rd international conference on Virtual execution environments
Xen and co.: communication-aware CPU scheduling for consolidated xen-based hosting platforms
Proceedings of the 3rd international conference on Virtual execution environments
PinOS: a programmable framework for whole-system dynamic instrumentation
Proceedings of the 3rd international conference on Virtual execution environments
Nomad: migrating OS-bypass networks in virtual machines
Proceedings of the 3rd international conference on Virtual execution environments
Towards scalable multiprocessor virtual machines
VM'04 Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium - Volume 3
vBlades: optimized paravirtualization for the Itanium processor family
VM'04 Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium - Volume 3
Towards virtual networks for virtual machine grid computing
VM'04 Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium - Volume 3
Optimizing network virtualization in Xen
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
Quantifying the performance isolation properties of virtualization systems
Proceedings of the 2007 workshop on Experimental computer science
Quantifying the performance isolation properties of virtualization systems
ecs'07 Experimental computer science on Experimental computer science
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Splitting interfaces: making trust between applications and operating systems configurable
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Evaluating the Performance Impact of Xen on MPI and Process Execution For HPC Systems
VTDC '06 Proceedings of the 2nd International Workshop on Virtualization Technology in Distributed Computing
A Virtual Machine Migration System Based on a CPU Emulator
VTDC '06 Proceedings of the 2nd International Workshop on Virtualization Technology in Distributed Computing
Labels and event processes in the Asbestos operating system
ACM Transactions on Computer Systems (TOCS)
Scheduling I/O in virtual machine monitors
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Secure isolation of untrusted legacy applications
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Compatibility is not transparency: VMM detection myths and realities
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
The impact of paravirtualized memory hierarchy on linear algebra computational kernels and software
HPDC '08 Proceedings of the 17th international symposium on High performance distributed computing
Protection strategies for direct access to virtualized I/O devices
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Agility in virtualized utility computing
VTDC '07 Proceedings of the 2nd international workshop on Virtualization technology in distributed computing
Kernel design for isolation and assurance of physical memory
Proceedings of the 1st workshop on Isolation and integration in embedded systems
Resource overbooking and application profiling in a shared Internet hosting platform
ACM Transactions on Internet Technology (TOIT)
Profiling and modeling resource usage of virtualized applications
Proceedings of the 9th ACM/IFIP/USENIX International Conference on Middleware
Memory buddies: exploiting page sharing for smart colocation in virtualized data centers
Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Post-copy based live virtual machine migration using adaptive pre-paging and dynamic self-ballooning
Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
The hybrid scheduling framework for virtual machine systems
Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Operating System Support for Space Allocation in Grid Storage Systems
GRID '06 Proceedings of the 7th IEEE/ACM International Conference on Grid Computing
Dual-quorum replication for edge services
Proceedings of the ACM/IFIP/USENIX 2005 International Conference on Middleware
Enforcing performance isolation across virtual machines in Xen
Proceedings of the ACM/IFIP/USENIX 2006 International Conference on Middleware
Adding the easy button to the cloud with SnowFlock and MPI
Proceedings of the 3rd ACM Workshop on System-level Virtualization for High Performance Computing
Virtualization polling engine (VPE): using dedicated CPU cores to accelerate I/O virtualization
Proceedings of the 23rd international conference on Supercomputing
Post-copy live migration of virtual machines
ACM SIGOPS Operating Systems Review
Memory buddies: exploiting page sharing for smart colocation in virtualized data centers
ACM SIGOPS Operating Systems Review
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Java active extensions: Scalable middleware for performance-isolated remote execution
Computer Communications
Mitigating the lying-endpoint problem in virtualized network access frameworks
DSOM'07 Proceedings of the Distributed systems: operations and management 18th IFIP/IEEE international conference on Managing virtualization of networks and services
Efficient resource provisioning in compute clouds via VM multiplexing
Proceedings of the 7th international conference on Autonomic computing
PRISM: platform for remote sensing using smartphones
Proceedings of the 8th international conference on Mobile systems, applications, and services
Extensible block-level storage virtualization in cluster-based systems
Journal of Parallel and Distributed Computing
Operating system virtualization: practice and experience
Proceedings of the 3rd Annual Haifa Experimental Systems Conference
Satori: enlightened page sharing
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
SnowFlock: Virtual Machine Cloning as a First-Class Cloud Primitive
ACM Transactions on Computer Systems (TOCS)
Rethinking the library OS from the top down
Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems
Synchronous programming of device drivers for global resource control in embedded operating systems
Proceedings of the 2011 SIGPLAN/SIGBED conference on Languages, compilers and tools for embedded systems
Do you know where your data are?: secure data capsules for deployable data protection
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
Enhancement of Xen's scheduler for MapReduce workloads
Proceedings of the 20th international symposium on High performance distributed computing
VAMOS: virtualization aware middleware
WIOV'11 Proceedings of the 3rd conference on I/O virtualization
Enforcing performance isolation across virtual machines in xen
Middleware'06 Proceedings of the 7th ACM/IFIP/USENIX international conference on Middleware
Power management in grid computing with xen
ISPA'06 Proceedings of the 2006 international conference on Frontiers of High Performance Computing and Networking
Performance models for virtualized applications
ISPA'06 Proceedings of the 2006 international conference on Frontiers of High Performance Computing and Networking
Paravirtualization for HPC systems
ISPA'06 Proceedings of the 2006 international conference on Frontiers of High Performance Computing and Networking
Linux/RTOS hybrid operating environment on gandalf virtual machine monitor
EUC'06 Proceedings of the 2006 international conference on Embedded and Ubiquitous Computing
VIOLIN: virtual internetworking on overlay infrastructure
ISPA'04 Proceedings of the Second international conference on Parallel and Distributed Processing and Applications
Virtual playgrounds for worm behavior investigation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
The Xen-Blanket: virtualize once, run everywhere
Proceedings of the 7th ACM european conference on Computer Systems
HotCloud'11 Proceedings of the 3rd USENIX conference on Hot topics in cloud computing
Dual-Quorum replication for edge services
Middleware'05 Proceedings of the ACM/IFIP/USENIX 6th international conference on Middleware
De-indirection for flash-based SSDs with nameless writes
FAST'12 Proceedings of the 10th USENIX conference on File and Storage Technologies
Keeping information safe from social networking apps
Proceedings of the 2012 ACM workshop on Workshop on online social networks
Optimizing virtual machines using hybrid virtualization
Journal of Systems and Software
Bringing Virtualization to the x86 Architecture with the Original VMware Workstation
ACM Transactions on Computer Systems (TOCS)
Fine-grained I/O fairness analysis in virtualized environments
Proceedings of the 2012 ACM Research in Applied Computation Symposium
Verifying security invariants in ExpressOS
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Proceedings of the 9th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Arrakis: a case for the end of the empire
HotOS'13 Proceedings of the 14th USENIX conference on Hot Topics in Operating Systems
Resource virtualization methodology for on-demand allocation in cloud computing systems
Service Oriented Computing and Applications
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
ACM SIGOPS 24th Symposium on Operating Systems Principles
VirtuOS: an operating system with kernel virtualization
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
Fault isolation and quick recovery in isolation file systems
HotStorage'13 Proceedings of the 5th USENIX conference on Hot Topics in Storage and File Systems
VRAS: A Lightweight Local Resource Allocation System for Virtual Machine Monitor
Wireless Personal Communications: An International Journal
Comprehensive formal verification of an OS microkernel
ACM Transactions on Computer Systems (TOCS)
Hi-index | 0.00 |
This paper describes the Denali isolation kernel, an operating system architecture that safely multiplexes a large number of untrusted Internet services on shared hardware. Denali's goal is to allow new Internet services to be "pushed" into third party infrastructure, relieving Internet service authors from the burden of acquiring and maintaining physical infrastructure. Our isolation kernel exposes a virtual machine abstraction, but unlike conventional virtual machine monitors, Denali does not attempt to emulate the underlying physical architecture precisely, and instead modifies the virtual architecture to gain scale, performance, and simplicity of implementation. In this paper, we first discuss design principles of isolation kernels, and then we describe the design and implementation of Denali. Following this, we present a detailed evaluation of Denali, demonstrating that the overhead of virtualization is small, that our architectural choices are warranted, and that we can successfully scale to more than 10,000 virtual machines on commodity hardware.