A structural view of the Cedar programming environment
ACM Transactions on Programming Languages and Systems (TOPLAS)
Fine-grained mobility in the Emerald system
ACM Transactions on Computer Systems (TOCS)
Efficient software-based fault isolation
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Exokernel: an operating system architecture for application-level resource management
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Extensibility safety and performance in the SPIN operating system
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Microkernels meet recursive virtual machines
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Dealing with disaster: surviving misbehaved kernel extensions
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
An operating system structure for wide-address architectures
An operating system structure for wide-address architectures
Java security: hostile applets, holes&antidotes
Java security: hostile applets, holes&antidotes
The security of static typing with dynamic linking
Proceedings of the 4th ACM conference on Computer and communications security
Generational stack collection and profile-driven pretenuring
PLDI '98 Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation
Thin locks: featherweight synchronization for Java
PLDI '98 Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation
Memory management with explicit regions
PLDI '98 Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation
JRes: a resource accounting interface for Java
Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Dynamic class loading in the Java virtual machine
Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Resource management for extensible Internet servers
Proceedings of the 8th ACM SIGOPS European workshop on Support for composing distributed applications
Nested Java processes: OS structure for mobile code
Proceedings of the 8th ACM SIGOPS European workshop on Support for composing distributed applications
Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Application isolation in the Java Virtual Machine
OOPSLA '00 Proceedings of the 15th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Pilot: an operating system for a personal computer
Communications of the ACM
Thread-specific heaps for multi-threaded programs
Proceedings of the 2nd international symposium on Memory management
Asynchronous exceptions in Haskell
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Hoard: a scalable memory allocator for multithreaded applications
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
Multitasking without comprimise: a virtual machine evolution
OOPSLA '01 Proceedings of the 16th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
OOPSLA '01 Proceedings of the 16th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Termination in language-based systems
ACM Transactions on Information and System Security (TISSEC)
Proceedings of the 3rd international symposium on Memory management
Javaserver Pages
Java Native Interface: Programmer's Guide and Reference
Java Native Interface: Programmer's Guide and Reference
The Java Class Libraries Volume 1: java.io, java.lang, java.math, ,java.net, java.text,,java.util
The Java Class Libraries Volume 1: java.io, java.lang, java.math, ,java.net, java.text,,java.util
Java Language Specification, Second Edition: The Java Series
Java Language Specification, Second Edition: The Java Series
The Real-Time Specification for Java
The Real-Time Specification for Java
Write barrier removal by static analysis
OOPSLA '02 Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
A Survey of Distributed Garbage Collection Techniques
IWMM '95 Proceedings of the International Workshop on Memory Management
Uniprocessor Garbage Collection Techniques
IWMM '92 Proceedings of the International Workshop on Memory Management
In-Kernel Servers on Mach 3.0: Implementation and Performance
USENIX MACH III Symposium
Temporal-Safety Proofs for Systems Code
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
Protection is a software issue
HOTOS '95 Proceedings of the Fifth Workshop on Hot Topics in Operating Systems (HotOS-V)
Paramecium: an extensible object-based kernel
HOTOS '95 Proceedings of the Fifth Workshop on Hot Topics in Operating Systems (HotOS-V)
Garbage Collector Memory Accounting in Language-Based Systems
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Vulnerabilities in Synchronous IPC Designs
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Experience with Secure Multi-Processing in Java
ICDCS '98 Proceedings of the The 18th International Conference on Distributed Computing Systems
Lottery and stride scheduling: flexible proportional-share resource management
Lottery and stride scheduling: flexible proportional-share resource management
Isolation, resource management and sharing in the kaffeos java runtime system
Isolation, resource management and sharing in the kaffeos java runtime system
Kill-safe synchronization abstractions
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
Overview of the IBM Java just-in-time compiler
IBM Systems Journal
Building a Java virtual machine for server applications: the Jvm on 0S/390
IBM Systems Journal
Luna: a flexible Java protection system
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
A secure javaTM virtual machine
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Operating system protection for fine-grained programs
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Implementing multiple protection domains in java
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
Janos: a Java-oriented OS for active network nodes
IEEE Journal on Selected Areas in Communications
Task-aware garbage collection in a multi-tasking virtual machine
Proceedings of the 5th international symposium on Memory management
Clustering the heap in multi-threaded applications for improved garbage collection
Proceedings of the 8th annual conference on Genetic and evolutionary computation
Solving the starting problem: device drivers as self-describing artifacts
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Garbage collection-aware utility accrual scheduling
Real-Time Systems
Secure virtual architecture: a safe execution environment for commodity operating systems
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
CCGRID '12 Proceedings of the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012)
S-RVM: a secure design for a high-performance java virtual machine
Proceedings of the sixth ACM workshop on Virtual machines and intermediate languages
Hi-index | 0.00 |
Single-language runtime systems, in the form of Java virtual machines, are widely deployed platforms for executing untrusted mobile code. These runtimes provide some of the features that operating systems provide: interapplication memory protection and basic system services. They do not, however, provide the ability to isolate applications from each other. Neither do they provide the ability to limit the resource consumption of applications. Consequently, the performance of current systems degrades severely in the presence of malicious or buggy code that exhibits ill-behaved resource usage. We show that Java runtime systems can be extended to support processes, and that processes can provide robust and efficient support for untrusted applications.We have designed and built KaffeOS, a Java runtime system that provides support for processes. KaffeOS isolates processes and manages the physical resources available to them: CPU and memory. Unlike existing Java virtual machines, KaffeOS can safely terminate processes without adversely affecting the integrity of the system, and it can fully reclaim a terminated process's resources. Finally, KaffeOS requires no changes to the Java language. The novel aspects of the KaffeOS architecture include the application of a user/kernel boundary as a structuring principle for runtime systems, the employment of garbage collection techniques for resource management and isolation, and a model for direct sharing of objects between untrusted applications. The difficulty in designing KaffeOS lay in balancing the goals of isolation and resource management against the goal of allowing direct sharing of objects.For the SpecJVM benchmarks, the overhead that our KaffeOS prototype incurs ranges from 0&percent; to 25&percent;, when compared to the open-source JVM on which it is based. We consider this overhead acceptable for the safety that KaffeOS provides. In addition, our KaffeOS prototype can scale to run more applications than running multiple JVMs. Finally, in the presence of malicious or buggy code that engages in a denial-of-service attack, KaffeOS can contain the attack, remove resources from the attacked applications, and continue to provide robust service to other clients.