SoftwarePot: A Secure Software Circulation System Yoshihiro OYAMA (Univ. of Tokyo / JST) Kazuhiko KATO (Univ. of Tsukuba / JST)

Slides:



Advertisements
Similar presentations
Applications of Feather-Weight Virtual Machines (FVMs) Hadi Salimi Distributed Systems Lab, School of Computer Engineering, Iran University of Science.
Advertisements

Ch-11 Project Execution and Termination. System Testing This involves two different phases with two different outputs First phase is system test planning.
CS533 Concepts of Operating Systems Class 14 Virtualization and Exokernels.
DESIGN AND IMPLEMENTATION OF SOFTWARE COMPONENTS FOR A REMOTE LABORATORY J. Fernandez, J. Crespo, R. Barber, J. Carretero University Carlos III of Madrid.
PlanetLab Operating System support* *a work in progress.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
Describe the concept of lightweight process (LWP) and the advantages to using LWPs Lightweight process (LWP) lies in a hybrid form of user-level & kernel-level.
Original Tree:
CS533 Concepts of Operating Systems Class 14 Virtualization.
Threads - Definition - Advantages using Threads - User and Kernel Threads - Multithreading Models - Java and Solaris Threads - Examples - Definition -
User Level Interprocess Communication for Shared Memory Multiprocessor by Bershad, B.N. Anderson, A.E., Lazowska, E.D., and Levy, H.M.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Zap Steven Osman Dinesh Subhraveti Gong Su Jason Nieh A System for Migrating Computing Environments.
Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.
Copyright Arshi Khan1 System Programming Instructor Arshi Khan.
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Space Science and Engineering Center University of Wisconsin-Madison Virtual Machines: A method for distributing DB processing software Liam Gumley.
Stack Management Each process/thread has two stacks  Kernel stack  User stack Stack pointer changes when exiting/entering the kernel Q: Why is this necessary?
Computer System Architectures Computer System Software
9/13/20151 Threads ICS 240: Operating Systems –William Albritton Information and Computer Sciences Department at Leeward Community College –Original slides.
HDVC & Client Reflector server SIP Server User management HDVC & Client.
Cyber crime & Security Prepared by : Rughani Zarana.
Multithreading Allows application to split itself into multiple “threads” of execution (“threads of execution”). OS support for creating threads, terminating.
Chapter 6 Operating System Support. This chapter describes how middleware is supported by the operating system facilities at the nodes of a distributed.
Threads, Thread management & Resource Management.
Operating System Support for Virtual Machines Sam King George Dunlap Peter Chen CoVirt Project, University of Michigan.
V IRTUALIZATION Sayed Ahmed B.Sc. Engineering in Computer Science & Engineering M.Sc. In Computer Science.
Presented by: Sanketh Beerabbi University of Central Florida COP Cloud Computing.
A Virtual Machine Monitor for Utilizing Non-dedicated Clusters Kenji Kaneda Yoshihiro Oyama Akinori Yonezawa (University of Tokyo)
Basic Security: Java vs.NET Master Seminar Advanced Software Engineering Topics Prof. Jacques Pasquier-Rocha Software Engineering Group Department of Informatics.
Managing Software Patches 10/15/ Introducing Solaris OE Patches A patch contains collection of files and directories Patch replaces existing files.
Windows XP. History Windows XP is based on the NT kernel developed in 1988 Windows XP is based on the NT kernel developed in 1988 XP was originally sold.
Module 6: Configuring User Environments Using Group Policy.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Beowulf Software. Monitoring and Administration Beowulf Watch 
 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.
OPERATING SYSTEM SUPPORT DISTRIBUTED SYSTEMS CHAPTER 6 Lawrence Heyman July 8, 2002.
Operating System Support for Easy Development of Distributed File Systems Kenichi Kourai* Shigeru Chiba** Takashi Masuda* *University of Tokyo **University.
CS 346 – Chapter 2 OS services –OS user interface –System calls –System programs How to make an OS –Implementation –Structure –Virtual machines Commitment.
Virtual Private Grid (VPG) : A Command Shell for Utilizing Remote Machines Efficiently Kenji Kaneda, Kenjiro Taura, Akinori Yonezawa Department of Computer.
Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.
1 Wide Area Network Emulation on the Millennium Bhaskaran Raman Yan Chen Weidong Cui Randy Katz {bhaskar, yanchen, wdc, Millennium.
Department of Computer Science and Software Engineering
Lecture 26 Virtual Machine Monitors. Virtual Machines Goal: run an guest OS over an host OS Who has done this? Why might it be useful? Examples: Vmware,
Chapter 2. System Structures
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
Module 6: Configuring User Environments Using Group Policies.
The Execution System1. 2 Introduction Managed code and managed data qualify code or data that executes in cooperation with the execution engine The execution.
Role Activity Sub-role Functional Components Control Data Software.
Distributed Systems Ryan Chris Van Kevin. Kinds of Systems Distributed Operating System –Offers Transparent View of Network –Controls multiprocessors.
Background Computer System Architectures Computer System Software.
Introduction to Programming 1 1 2Introduction to Java.
1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.
1 Chapter 5: Threads Overview Multithreading Models & Issues Read Chapter 5 pages
GridOS: Operating System Services for Grid Architectures
Let's talk about Linux and Virtualization in 'vLAMP'
Operating System Structures
IM-pack: Software Installation Using Disk Images
Lecture 24 Virtual Machine Monitors
wvcors.tedis-wv.org - current wvcors01.cors.us - soon.
MCSA VCE
CSC 480 Software Engineering
Oracle Solaris Zones Study Purpose Only
How to Uninstall Trend Micro Antivirus with Diagnostic Toolkit.
Chapter 2. Malware Analysis in VMs
Operating System Support for Virtual Machines
An introduction to the Linux environment v
A Virtual Machine Monitor for Utilizing Non-dedicated Clusters
Processes David Ferry, Chris Gill, Brian Kocoloski
Presentation transcript:

SoftwarePot: A Secure Software Circulation System Yoshihiro OYAMA (Univ. of Tokyo / JST) Kazuhiko KATO (Univ. of Tsukuba / JST)

SoftwarePot in a NutShell Provides virtual environment “ Pot ” Pot has private namespace of resources Contains private file tree (like chroot jail) Virtual resource in pot can be mapped to real external resource Snapshots of pots (pot files) are distributed as software packages Like Zip files

developer pot file user

security policy process pot remote machine process

Installation/Uninstallation Files in package are not extracted and installed into the original file system Installation: downloading pot file Uninstallation: deleting pot file Execution: “ stacking ” resource views Like UnionFS

Security Policy How to “ plant ” pot in real environment How to control accesses map: /usr/local/lib /dev/null /extern_world /home/oyama/shared_dir_for_pot … socket: allow connect *.u-tokyo.ac.jp 80 redirect >

Advantages Reduced effort is required for describing access control policies Because accessible external resources are minimized for preparing resources in virtual environment Because they are distributed as pot files

Implementation User-level middleware Syscall interception and sysarg modification Linux: our kernel module Solaris: procfs One monitor process attached to each application process Measured overhead: 6~21%

Source Code Available Soon!