Cooperation and security isolation of library OSes for multi-process applications
Conference Paper
Overview
Identity
Additional Document Info
Other
View All
Overview
abstract
Library OSes are a promising approach for applications to efficiently obtain the benefits of virtual machines, including security isolation, host platform compatibility, and migration. Library OSes refactor a traditional OS kernel into an application library, avoiding overheads incurred by duplicate functionality. When compared to running a single application on an OS kernel in a VM, recent library OSes reduce the memory footprint by an order-of-magnitude. Previous library OS (libOS) research has focused on single-process applications, yet many Unix applications, such as network servers and shell scripts, span multiple processes. Key design challenges for a multi-process libOS include management of shared state and minimal expansion of the security isolation boundary. This paper presents Graphene, a library OS that seamlessly and efficiently executes both single and multi-process applications, generally with low memory and performance overheads. Graphene broadens the libOS paradigm to support secure, multi-process APIs, such as copy-on-write fork, signals, and System V IPC. Multiple libOS instances coordinate over pipe-like byte streams to implement a consistent, distributed POSIX abstraction. These coordination streams provide a simple vantage point to enforce security isolation. Copyright 2007 by the Association for Computing Machinery, Inc.
name of conference
Proceedings of the Ninth European Conference on Computer Systems
Proceedings of the Ninth European Conference on Computer Systems
altmetric score
3.5
author list (cited authors)
Tsai, C., Arora, K. S., Bandi, N., Jain, B., Jannen, W., John, J., ... Porter, D. E.
citation count
61
complete list of authors
Tsai, Chia-Che||Arora, Kumar Saurabh||Bandi, Nehal||Jain, Bhushan||Jannen, William||John, Jitin||Kalodner, Harry A||Kulkarni, Vrushali||Oliveira, Daniela||Porter, Donald E