Design and implementation of a distributed virtual machine for networked computers

This paper describes the motivation, architecture and performance of a distributed virtual machine (DVM) for networked computers. DVMs rely on a distributed service architecture to meet the manageability, security and uniformity requirements of large, heterogeneous clusters of networked computers. In a DVM, system services, such as verification, security enforcement, compilation and optimization, are factored out of clients and located on powerful network servers. This partitioning of system functionality reduces resource requirements on network clients, improves site security through physical isolation and increases the manageability of a large and heterogeneous network without sacrificing performance. Our DVM implements the Java virtual machine, runs on x86 and DEC Alpha processors and supports existing Java-enabled clients.

[1]  Gerald J. Popek,et al.  Formal requirements for virtualizable third generation architectures , 1974, SOSP '73.

[2]  Robert P. Goldberg,et al.  Architectural Principles for Virtual Computer Systems , 1973 .

[3]  William A. Wulf,et al.  Policy/mechanism separation in Hydra , 1975, SOSP.

[4]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[5]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[6]  Susan L. Graham,et al.  Gprof: A call graph execution profiler , 1982, SIGPLAN '82.

[7]  Editors , 1986, Brain Research Bulletin.

[8]  William J. Bolosky,et al.  Mach: A New Kernel Foundation for UNIX Development , 1986, USENIX Summer.

[9]  Harvey M. Deitel,et al.  An introduction to operating systems (2. ed.) , 1990 .

[10]  L Robertson Introduction to operating systems , 1990 .

[11]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[12]  Larry L. Peterson,et al.  A dynamic network architecture , 1992, TOCS.

[13]  Mark Weiser,et al.  Some Computer Science Problems in Ubiquitous Computing , 1993 .

[14]  Simon L. Peyton Jones,et al.  Imperative functional programming , 1993, POPL '93.

[15]  Mark Weiser,et al.  Some computer science issues in ubiquitous computing , 1993, CACM.

[16]  John S. Heidemann,et al.  File-system development with stackable layers , 1994, TOCS.

[17]  Brian N. Bershad,et al.  Extensibility safety and performance in the SPIN operating system , 1995, SOSP.

[18]  Bill Cheswick,et al.  Firewalls and internet security - repelling the wily hacker , 2003, Addison-Wesley professional computing series.

[19]  Spencer E. Minear,et al.  Providing Policy Control Over Object Operations in a Mach-Based System , 1995, USENIX Security Symposium.

[20]  James A. Gosling,et al.  The Java application programming interface , 1996 .

[21]  Edward A. Schneider,et al.  Developing and using a “policy neutral” access control policy , 1996, NSPW '96.

[22]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[23]  Li Gong,et al.  Java security: present and near future , 1997, IEEE Micro.

[24]  Eric A. Brewer,et al.  Cluster-based scalable network services , 1997, SOSP.

[25]  Gary McGraw,et al.  Java security - hostile applets, holes and antidotes: what every netscape and internet explorer user needs to know , 1997 .

[26]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.

[27]  Benjamin G. Zorn,et al.  BIT: A Tool for Instrumenting Java Bytecodes , 1997, USENIX Symposium on Internet Technologies and Systems.

[28]  Dan S. Wallach,et al.  Extensible security architectures for Java , 1997, SOSP.

[29]  Tommy Thorne,et al.  Programming languages for mobile code , 1997, CSUR.

[30]  Hemma Prafullchandra,et al.  Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2 , 1997, USENIX Symposium on Internet Technologies and Systems.

[31]  Philip Winterbottom,et al.  The Inferno™ operating system , 1997, Bell Labs Technical Journal.

[32]  C. M. Sperberg-McQueen,et al.  Extensible Markup Language (XML) , 1997, World Wide Web J..

[33]  John H. Hartman,et al.  Toba: Java for Applications - A Way Ahead of Time (WAT) Compiler , 1997, COOTS.

[34]  Dan S. Wallach,et al.  Java security: Web browsers and beyond , 1997 .

[35]  Gary McGraw,et al.  Java security: hostile applets, holes&antidotes , 1997 .

[36]  Michael K. Reiter,et al.  Secure execution of Java applets using a remote playground , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[37]  Stephen N. Freund,et al.  A type system for object initialization in the Java bytecode language , 1998, OOPSLA '98.

[38]  M. Abadi,et al.  A type system for Java bytecode subroutines , 1998, POPL '98.

[39]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[40]  Geoff A. Cohen,et al.  Automatic Program Transformation with JOIE , 1998, USENIX Annual Technical Conference.

[41]  Derek Rayside,et al.  Change And Adaptive Maintenance in Java Software Systems. , 1998 .

[42]  Chandra Krintz,et al.  Overlapping execution with transfer using non-strict execution for mobile programs , 1998, ASPLOS VIII.

[43]  Charlie Scott,et al.  Virtual private networks , 1998 .

[44]  Dave Hitz,et al.  Merging NT and UNIX filesystem permissions , 1998 .

[45]  Derek Rayside,et al.  Change and adaptive maintenance detection in Java software systems , 1998, Proceedings Fifth Working Conference on Reverse Engineering (Cat. No.98TB100261).

[46]  Thorsten von Eicken,et al.  JRes: a resource accounting interface for Java , 1998, OOPSLA '98.

[47]  Li Gong,et al.  Implementing Protection Domains in the JavaTM Development Kit 1.2 , 1998, NDSS.

[48]  Luca Cardelli,et al.  Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages , 1998, POPL 1998.

[49]  Robert Grimm,et al.  Providing Policy-Neutral and Transparent Access Control in Extensible Systems , 2001, Secure Internet Programming.

[50]  Martín Abadi,et al.  A type system for Java bytecode subroutines , 1999, TOPL.

[51]  Gary McGraw,et al.  Securing Java: getting down to business with mobile code , 1999 .

[52]  Emin Gün Sirer,et al.  A Practical Approach for Improving Startup Latency in Java Applications , 1999 .

[53]  Li Gong,et al.  Inside Java 2 Platform Security: Architecture, API Design, and Implementation , 1999 .

[54]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, NSPW '99.

[55]  Emin Gün Sirer,et al.  Using production grammars in software testing , 1999, DSL '99.

[56]  Emin Gün Sirer,et al.  Static Analyses for Eliminating Unnecessary Synchronization from Java Programs , 1999, SAS.

[57]  David E. Evans,et al.  Flexible policy-directed code safety , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[58]  John L. Hennessy,et al.  The Future of Systems Research , 1999, Computer.

[59]  W. Webb,et al.  EMBEDDED JAVA : AN UNCERTAIN FUTURE , 1999 .

[60]  Jeffrey C. Mogul,et al.  Simple and Flexible Datagram Access Controls for UNIX-based Gateways , 1999 .

[61]  C. M. Sperberg-McQueen,et al.  eXtensible Markup Language (XML) 1.0 (Second Edition) , 2000 .