Interface and execution models in the Fluke kernel
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Inside Java 2 platform security architecture, API design, and implementation
Inside Java 2 platform security architecture, API design, and implementation
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
Stack inspection: theory and variants
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Scale and performance in the Denali isolation kernel
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Operating system support for planetary-scale network services
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
The flask security architecture: system support for diverse security policies
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
The design and implementation of an operating system to support distributed multimedia applications
IEEE Journal on Selected Areas in Communications
Experiences building PlanetLab
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
| Hi-index | 0.00 |
Virtualised systems have experienced a resurgence in popularity in recent years, whether used to support multiple OSes running on a user's desktop, provide commercial application hosting facilities, or isolate a large number of users from each other in global network testbeds. We also see an increasing level of interest in having entities within these virtualised systems interact with each other, either as peers or as helpers providing a service to clients.Very little work has been previously conducted on how such interaction between virtualised environments can take place. We introduce Proper, a service running on the PlanetLab system, that allows unprivileged entities to access privileged operations in a safe, tightly controlled manner.This paper describes our work designing and implementing Proper, including a discussion of the various architectural decisions made. We describe how implementing such a system in a traditional UNIX environment is non-trivial, and provide a number of examples of how services running on PlanetLab actually use Proper.