Extensibility safety and performance in the SPIN operating system
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Inside Java 2 platform security architecture, API design, and implementation
Inside Java 2 platform security architecture, API design, and implementation
Static enforcement of security with types
ICFP '00 Proceedings of the fifth ACM SIGPLAN international conference on Functional programming
Application isolation in the Java Virtual Machine
OOPSLA '00 Proceedings of the 15th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Multitasking without comprimise: a virtual machine evolution
OOPSLA '01 Proceedings of the 16th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Java Native Interface: Programmer's Guide and Reference
Java Native Interface: Programmer's Guide and Reference
Java Virtual Machine Specification
Java Virtual Machine Specification
Modular Internet Programming with Cells
ECOOP '02 Proceedings of the 16th European Conference on Object-Oriented Programming
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
HOTOS '99 Proceedings of the The Seventh Workshop on Hot Topics in Operating Systems
Experience with Secure Multi-Processing in Java
ICDCS '98 Proceedings of the The 18th International Conference on Distributed Computing Systems
Programming .NET Security
The Confused Deputy: (or why capabilities might have been invented)
ACM SIGOPS Operating Systems Review
A static type system for JVM access control
ICFP '03 Proceedings of the eighth ACM SIGPLAN international conference on Functional programming
Automated and Portable Native Code Isolation
Automated and Portable Native Code Isolation
Building a Java virtual machine for server applications: the Jvm on 0S/390
IBM Systems Journal
Java(TM) Language Specification, The (3rd Edition) (Java (Addison-Wesley))
Java(TM) Language Specification, The (3rd Edition) (Java (Addison-Wesley))
Processes in KaffeOS: isolation, resource management, and sharing in java
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Implementing multiple protection domains in java
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
Sharing the runtime representation of classes across class loaders
ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming
Interprocedural analysis for privileged code placement and tainted variable detection
ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming
Interaction-based programming towards translucent clouds: position paper
APLWACA '10 Proceedings of the 2010 Workshop on Analysis and Programming Languages for Web Applications and Cloud Applications
| Hi-index | 0.00 |
In this paper we propose a novel microkernel-based virtual machine (µKVM), a new code-based security framework with a simple and declarative security architecture. The main design goals of the µKVM are to put a clear, inviolable programming interface between different codebases or security components, and to limit the size of the trusted codebase in the spirit of a microkernel. Security policies are enforced solely on the interface because all data must explicitly pass through the inviolable interface. The architecture of the µKVM effectively removes the need for expensive runtime stack inspection, and applies the principle of least privilege to both library and application code elegantly and efficiently. We have implemented a prototype of the proposed µKVM. A series of benchmarks show that the prototype preserves the original functionality of Java and compares favorably with the J2SDK performance-wise.