When Virtual Is Better Than Real

Abstract: This position paper argues that the operating system and applications currently running on a real machine should relocate into a virtual machine. This structure enables services to be added below the operating system and to do so without trusting or modifying the operating system or applications. To demonstrate the usefulness of this structure, we describe three services that take advantage of it: secure logging, intrusion prevention and detection, and environment migration.

[1]  M. Litzkow REMOTE UNIX TURNING IDLE WORKSTATIONS INTO CYCLE SERVERS , 1992 .

[2]  Fred Douglis,et al.  Transparent process migration: Design alternatives and the sprite implementation , 1991, Softw. Pract. Exp..

[3]  Craig A. N. Soules,et al.  Self-securing storage: protecting data in compromised systems , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[4]  Robert P. Goldberg,et al.  Survey of virtual machine research , 1974, Computer.

[5]  David B. Johnson,et al.  Sender-Based Message Logging , 1987 .

[6]  Brian D. Noble,et al.  Fast reconciliations in fluid replication , 2001, Proceedings 21st International Conference on Distributed Computing Systems.

[7]  Eugene H. Spafford,et al.  The design and implementation of tripwire: a file system integrity checker , 1994, CCS '94.

[8]  Fred B. Schneider,et al.  Hypervisor-based fault tolerance , 1996, TOCS.

[9]  David A. Wagner,et al.  A Secure Environment for Untrusted Helper Applications , 1996, USENIX Security Symposium.

[10]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[11]  J. Duane Northcutt,et al.  The interactive performance of SLIM: a stateless, thin-client architecture , 1999, SOSP.

[12]  Scott Devine,et al.  Disco: running commodity operating systems on scalable multiprocessors , 1997, TOCS.

[13]  Jerome H. Saltzer,et al.  A hardware architecture for implementing protection rings , 1972, CACM.

[14]  David A. Nichols,et al.  Using idle workstations in a shared computing environment , 1987, SOSP '87.

[15]  Andy Hopper,et al.  A ubiquitous, personalized computing environment for all: Teleporting in an X Window System Environment , 1994, IEEE Personal Communications.

[16]  Mark Russinovich,et al.  Replay for concurrent non-deterministic shared-memory applications , 1996, PLDI '96.

[17]  Dawson R. Engler,et al.  Exokernel: an operating system architecture for application-level resource management , 1995, SOSP.