Vsys: A Programmable sudo

We present Vsys, a mechanism for restricting access to privileged operations, much like the popular sudo tool on UNIX. Unlike sudo, Vsys allows privileges to be constrained using general-purpose programming languages and facilitates composing multiple system services into powerful abstractions for isolation. In use for over three years on PlanetLab, Vsys has enabled over 100 researchers to create private overlay networks, userlevel file systems, virtual switches, and TCP-variants that function safely and without interference. Vsys has also been used by applications such as whole-system monitoring in a VM. We describe the design of Vsys and discuss our experiences and lessons learned.

[1]  Michael B. Jones,et al.  Interposition agents: transparently interposing user code at the system interface , 1994, SOSP '93.

[2]  R. Sekar,et al.  User-Level Infrastructure for System Call Interposition: A Platform for Intrusion Detection and Confinement , 2000, NDSS.

[3]  Nick Feamster,et al.  In VINI veritas: realistic and controlled network experimentation , 2006, SIGCOMM 2006.

[4]  Nick Feamster,et al.  Trellis: a platform for building flexible, fast virtual networks on commodity hardware , 2008, CoNEXT '08.

[5]  Ken Thompson,et al.  Plan 9 from Bell Labs , 1995 .

[6]  Ian Goldberg,et al.  A Secure Environment for Untrusted Helper Applications ( Confining the Wily Hacker ) , 1996 .

[7]  Larry L. Peterson,et al.  Experiences building PlanetLab , 2006, OSDI '06.

[8]  David E. Culler,et al.  Operating Systems Support for Planetary-Scale Network Services , 2004, NSDI.

[9]  Larry L. Peterson,et al.  Container-based operating system virtualization: a scalable, high-performance alternative to hypervisors , 2007, EuroSys '07.

[10]  Christopher Thorpe SSU: Extending SSH for Secure Root Administration , 1998, LISA.

[11]  Tal Garfinkel,et al.  Ostia: A Delegating Architecture for Secure System Call Interposition , 2004, NDSS.

[12]  Thomas E. Anderson,et al.  SLIC: An Extensibility System for Commodity Operating Systems , 1998, USENIX Annual Technical Conference.

[13]  Robert Tappan Morris,et al.  Flexible, Wide-Area Storage for Distributed Systems with WheelFS , 2009, NSDI.

[14]  Niels Provos,et al.  Improving Host Security with System Call Policies , 2003, USENIX Security Symposium.

[15]  G. Cox,et al.  ~ " " " ' l I ~ " " -" . : -· " J , 2006 .

[16]  X. Leroy The Objective Caml system release 3.09 Documentation and user''s manual , 2005 .

[17]  Damien Doligez,et al.  The Objective Caml system release 2.04 , 2002 .