The duality of memory and communication in the implementation of a multiprocessor operating system
SOSP '87 Proceedings of the eleventh ACM Symposium on Operating systems principles
Memory coherence in shared virtual memory systems
ACM Transactions on Computer Systems (TOCS)
Lightweight remote procedure call
ACM Transactions on Computer Systems (TOCS)
Transparent process migration: design alternatives and the sprite implementation
Software—Practice & Experience
Active messages: a mechanism for integrated communication and computation
ISCA '92 Proceedings of the 19th annual international symposium on Computer architecture
Extensible file systems in spring
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Interposition agents: transparently interposing user code at the system interface
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Efficient software-based fault isolation
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Exokernel: an operating system architecture for application-level resource management
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Extensibility safety and performance in the SPIN operating system
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Effective distributed scheduling of parallel workloads
Proceedings of the 1996 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Microkernels meet recursive virtual machines
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Dynamic binding for an extensible system
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Dealing with disaster: surviving misbehaved kernel extensions
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Safe kernel extensions without run-time checking
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Disco: running commodity operating systems on scalable multiprocessors
Proceedings of the sixteenth ACM symposium on Operating systems principles
The design, implementation and evaluation of SMART: a scheduler for multimedia applications
Proceedings of the sixteenth ACM symposium on Operating systems principles
Preemptable remote execution facilities for the V-system
Proceedings of the tenth ACM symposium on Operating systems principles
The structuring of systems using upcalls
Proceedings of the tenth ACM symposium on Operating systems principles
Communications of the ACM
HYDRA: the kernel of a multiprocessor operating system
Communications of the ACM
Inside MacIntosh: MacIntosh Toolbox Essentials
Inside MacIntosh: MacIntosh Toolbox Essentials
Show-Stopper!: The Breakneck Race to Create Windows NT and the Next Generation at Microsoft
Show-Stopper!: The Breakneck Race to Create Windows NT and the Next Generation at Microsoft
PGP: Pretty Good Privacy
The Art of the Metaobject Protocol
The Art of the Metaobject Protocol
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Protected shared libraries: a new approach to modularity and sharing
ATEC '97 Proceedings of the annual conference on USENIX Annual Technical Conference
Extending the operating system at the user level: the Ufo global file system
ATEC '97 Proceedings of the annual conference on USENIX Annual Technical Conference
Fine-grained dynamic instrumentation of commodity operating system kernels
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Separating access control policy, enforcement, and functionality in extensible systems
ACM Transactions on Computer Systems (TOCS)
Panel: which access control technique will provide the greatest overall benefit
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Specialization tools and techniques for systematic optimization of system software
ACM Transactions on Computer Systems (TOCS)
Lightweight kernel/user communication for real-time and multimedia applications
NOSSDAV '01 Proceedings of the 11th international workshop on Network and operating systems support for digital audio and video
Which operating system access control technique will provide the greatest overall benefit to users?
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Information and control in gray-box systems
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Remus: a security-enhanced operating system
ACM Transactions on Information and System Security (TISSEC)
Multiple Bypass: Interposition Agents for Distributed Computing
Cluster Computing
The JavaSeal Mobile Agent Kernel
Autonomous Agents and Multi-Agent Systems
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Software Development Kit for Dependable Applications in Embedded
ITC '00 Proceedings of the 2000 IEEE International Test Conference
Predicting Device Performance From Pass/Fail Transient Signal Analysis Data
ITC '00 Proceedings of the 2000 IEEE International Test Conference
A COTS Wrapping Toolkit for Fault Tolerant Applications under Windows NT
IOLTW '00 Proceedings of the 6th IEEE International On-Line Testing Workshop (IOLTW)
Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
Efficient mediators through dynamic code generation: a method and an experiment
Proceedings of the 2003 ACM symposium on Applied computing
Stateful distributed interposition
ACM Transactions on Computer Systems (TOCS)
Sub-operating systems: a new approach to application security
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
On incremental file system development
ACM Transactions on Storage (TOS)
A dynamic aspect-oriented system for OS kernels
Proceedings of the 5th international conference on Generative programming and component engineering
Extending ACID semantics to the file system
ACM Transactions on Storage (TOS)
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Copilot - a coprocessor-based kernel runtime integrity monitor
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Synthesizing fast intrusion prevention/detection systems from high-level specifications
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
DITools: application-level support for dynamic extension and flexible composition
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
Rapid file system development using ptrace
Proceedings of the 2007 workshop on Experimental computer science
Rapid file system development using ptrace
ecs'07 Experimental computer science on Experimental computer science
Exploiting concurrency vulnerabilities in system call wrappers
WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
HERMES: A Software Architecture for Visibility and Control in Wireless Sensor Network Deployments
IPSN '08 Proceedings of the 7th international conference on Information processing in sensor networks
Vx32: lightweight user-level sandboxing on the x86
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Operating system virtualization: practice and experience
Proceedings of the 3rd Annual Haifa Experimental Systems Conference
Log-based architectures: using multicore to help software behave correctly
ACM SIGOPS Operating Systems Review
USENIXATC'11 Proceedings of the 2011 USENIX conference on USENIX annual technical conference
Extending .NET security to unmanaged code
ISC'06 Proceedings of the 9th international conference on Information Security
TOSKANA: a toolkit for operating system kernel aspects
Transactions on Aspect-Oriented Software Development II
Composing OS extensions safely and efficiently with Bascule
Proceedings of the 8th ACM European Conference on Computer Systems
Hi-index | 0.00 |
Modern commodity operating systems are large and complex systems developed over many years by large teams of programmers, containing hundreds of thousands of lines of code. Consequently, it is extremely difficult to add significant new functionality to these systems. In response to this problem, a number of recent research projects have explored novel operating system architectures to support untrusted extensions, including SPIN, VINO, Exokernel, and Fluke. Unfortunately, these architectures require substantial implementation effort and are not generally available in commodity systems. In contrast, by leveraging the technique of interposition, we have designed and implemented a prototype extension system called SLIC which requires only trivial operating system changes. SLIC efficiently inserts trusted extension code into commodity operating systems, enabling a large class of trusted extensions for existing commodity operating systems such as Solaris and Linux, while retaining full compatibility with existing application binaries. By interposing trusted extensions on existing kernel interfaces, our solution enables extensions which are protected from malicious applications, are enforced upon uncooperative applications, are composable with extensions from other third-party sources, and can be developed at the user-level using state-of-the-art development tools. We have used SLIC to implement and demonstrate a number of useful operating system extensions, including a patch to fix a security hole described in a CERT advisory, a simple encryption file system, and a restricted execution environment for arbitrary untrusted binaries. Performance measurements of the SLIC prototype demonstrate a one-time installation cost of 2-8 µsec and a per-extension invocation overhead commensurate with a procedure call.