Article

A feather-weight virtual machine for windows applications

Authors:

Tzi-cker ChiuehAuthors Info & Claims

VEE '06: Proceedings of the 2nd international conference on Virtual execution environments

Pages 24 - 34

https://doi.org/10.1145/1134760.1134766

Published: 14 June 2006 Publication History

Abstract

Many fault-tolerant and intrusion-tolerant systems require the ability to execute unsafe programs in a realistic environment without leaving permanent damages. Virtual machine technology meets this requirement perfectly because it provides an execution environment that is both realistic and isolated. In this paper, we introduce an OS level virtual machine architecture for Windows applications called Feather-weight Virtual Machine (FVM), under which virtual machines share as many resources of the host machine as possible while still isolated from one another and from the host machine. The key technique behind FVM is namespace virtualization, which isolates virtual machines by renaming resources at the OS system call interface. Through a copy-on-write scheme, FVM allows multiple virtual machines to physically share resources but logically isolate their resources from each other. A main technical challenge in FVM is how to achieve strong isolation among different virtual machines and the host machine, due to numerous namespaces and interprocess communication mechanisms on Windows. Experimental results demonstrate that FVM is more flexible and scalable, requires less system resource, incurs lower start-up and run-time performance overhead than existing hardware-level virtual machine technologies, and thus makes a compelling building block for security and fault-tolerant applications.

References

[1]

K. Lawton, B. Denney, N. D. Guarneri, V. Ruppert, C. Bothamy, and M. Calabrese, "Bochs user manual," http://bochs.sourceforge.net/doc/docbook/user/index.html.

[2]

VMware, "Vmware products," http://www.vmware.com/products/, 2006.

[3]

Microsoft, "Microsoft virtual pc 2004," http://www.microsoft.com/windows/virtualpc/default.mspx.

[4]

P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield, "Xen and the art of virtualization," in Proceedings of the 19th ACM Symposium on Operating Systems Principles. ACM Press, 2003, pp. 164--177.

Digital Library

[5]

P. Kamp and R. Watson, "Jails: Confining the omnipotent root," in Proceedings of the 2nd International SANE Conference, 2000.

[6]

Sun Microsystems, "Solaris containers: Server virtualization and manageability," http://www.sun.com/software/whitepapers/solaris10/grid_containers.pdf, September 2004.

[7]

H. Potzl, "Linux-vserver technology," http://linux-vserver.org/Linux-VServer-Paper, 2004.

[8]

B. Alpern, J. Auerbach, V. Bala, T. Frauenhofer, T. Mummert, and M. Pigott, "Pds: A virtual execution environment for software deployment," in Proceedings of the 1st International Conference on Virtual Execution Environments, 2005.

Digital Library

[9]

Softricity, "Application virtualization technology," http://www.softricity.com/products/virtualization.asp.

[10]

J. Sugerman, G. Venkitachalam, and B. Lim, "Virtualizing i/o devices on vmware workstation's hosted virtual machine monitor," in Proceedings of the 2001 USENIX Annual Technical Conference, June 2001.

Digital Library

[11]

A. Whitaker, M. Shaw, and S. D. Gribble, "Denali: Lightweight virtual machines for distributed and networked applications," in Proceedings of the USENIX Annual Technical Conference, June 2002.

[12]

J. Dike, "A user-mode port of the linux kernel," in Proceedings of the 4th Annual Linux Showcase and Conference, 2001.

Digital Library

[13]

C. A. Waldspurger, "Memory resource management in vmware esx server," in Proceedings of the 5th Symposium on Operating Systems Design and Implementation, December 2002.

Digital Library

[14]

Sphera, "Sphera server virtualization," http://www.sphera.com/prod-serv-server_virtualization.php.

[15]

SWsoft, "Virtuozzo for windows & linux server virtualization," http://www.virtuozzo.com/en/products/virtuozzo/.

[16]

AppStream, "Appstream technology overview," http://www.appstream.com/products-technology.html.

[17]

Thinstall, "Application virtualization: A technical overview of the thinstall application virtualization platform," https://thinstall.com/products/documents/ThinstallTechnicalOverview_V1Feb06.pdf.

[18]

A. Dornan, "Application streaming: The virtual thin client," http://www.itarchitectmag.com/shared/article/showArticle.jhtml?articleId=175001526&pgno=1, January 2006.

[19]

Trigence, "Optimized application management with trigence ae," http://www.trigence.com/whitepaper/download/OptAppMgmt.pdf, 2005.

[20]

A. Ernst, "Meiosys: Application virtualization and stateful application relocation," http://www.virtual-strategy.com/article/articleview/680/1/2/, 2005.

[21]

R. A. Baratto, S. Potter, G. Su, and J. Nieh, "Mobidesk: Mobile virtual desktop computing," in Proceedings of the 10th ACM Conference on Mobile Computing and Networking, 2004.

Digital Library

[22]

Z. Liang, V. Venkatakrishnan, and R. Sekar, "Isolated program execution: An application transparent approach for executing untrusted programs," in Proceedings of 19th Annual Computer Security Applications Conference, December 2003.

Digital Library

[23]

W. Sun, Z. Liang, V. Venkatakrishnan, and R. Sekar, "One-way isolation: An effective approach for realizing safe execution environments," in Proceedings of 12th Annual Network and Distributed System Security Symposium, 2005.

[24]

GreenBorder, "Greenborder's proactive security architecture," http://www.greenborder.com/solutions/technology.php.

[25]

R. Balzer, "Safe email, safe office, and safe web browser," in Proceedings of the DARPA Information Survivability Conference and Exposition, 2003.

[26]

K. Brown, "Security in longhorn: Focus on least privilege," http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnlong/html/leastprivlh.asp, 2004.

[27]

Wine, "Wine user guide," http://www.winehq.com/site/docs/wineusr-guide/index.

[28]

Red Hat, Inc, "Cygwin user's guide," http://cygwin.com/cygwin-ug-net/cygwin-ug-net.html.

[29]

C. Soules, G. Goodson, J. Strunk, and G. Ganger, "Metadata efficiency in a comprehensive versioning file system," in Proceedings of USENIX Conference on File and Storage Technologies, April 2003.

Digital Library

[30]

N. Zhu and T. Chiueh, "Design, implementation, and evaluation of repairable file service," in Proceedings of the 2003 International Conference on Dependable Systems and Networks, June 2003.

[31]

K.-K. Muniswamy-Reddy, C. P. Wright, A. Himmer, and E. Zadok, "A versatile and user-oriented versioning file system," in Proceedings of USENIX Conference on File and Storage Technologies, 2004.

Digital Library

[32]

T. Close, A. H. Karp, and M. Stiegler, "Shatter-proofing windows," Technical Report HPL-2005-87, HP Laboratories Palo Alto, May 2005.

[33]

M. Corporation, "Technical overview of windows server 2003 terminal services," http://download.microsoft.com/download/2/8/1/281f4d94-ee89-4b21-9f9e-9accef44a743/TerminalServerOverview.doc, January 2005.

[34]

G. Nebbett, Windows NT/2000 Native API Reference. New Riders Publishing, 2000.

Digital Library

[35]

skape and Skywing, "Bypassing patchguard on windows x64," http://www.uninformed.org/?v=3&a=3&t=pdf, December 2005.

[36]

D. A. Solomon and M. E. Russinovich, Inside Microsoft Windows 2000. Microsoft Press, 2000, ch. 3.

Digital Library

[37]

T. Chiueh, L. Lam, Y. Yu, P. Cheng, and C. Chang, "Secure mobile code execution service," in Proceedings of 2004 Virus Bulletin Conference, August 2004.

Digital Library

[38]

T. Chiueh, H. Sankaran, and A. Neogi, "Spout: A transparent distributed execution engine for java applets," IEEE Journal of Selected Areas in Communications, vol. 20, no. 7, September 2002.

Digital Library

[39]

R. A. Grimes, Malicious Mobile Code - Virus Protection for Windows. O'Reilly, 2001, ch. 1.

[40]

A. Conry-Murray, "Product focus: Behavior-blocking stops unknown malicious code," http://www.itarchitect.com/article/NMG20020603S0009, June 2002.

[41]

F. Guo, Y. Yu, and T. cker Chiueh, "Automated and safe vulnerability assessment," in Proceedings of the 21th Annual Computer Security Applications Conference, December 2005.

Digital Library

[42]

J. Srouji, P. Schuster, M. Bach, and Y. Kuzmin, "A transparent checkpoint facility on nt," in Proceedings of 2nd USENIX Windows NT Symposium, August 1998.

Digital Library

Cited By

Dai TLi XHassanshahi BYap RLiang Z(2017)RoppDroidComputers and Security10.1016/j.cose.2017.04.00268:C(98-111)Online publication date: 1-Jul-2017
https://dl.acm.org/doi/10.1016/j.cose.2017.04.002
Ul Haq MLiao LLerong M(2016)Design and implementation of sandbox technique for isolated applications2016 IEEE Information Technology, Networking, Electronic and Automation Control Conference10.1109/ITNEC.2016.7560422(557-561)Online publication date: May-2016
https://doi.org/10.1109/ITNEC.2016.7560422
Ul Haq MLiao LMa L(2016)Transitioning Native Application into Virtual Machine by Using Hardware Virtualization Extensions2016 International Symposium on Computer, Consumer and Control (IS3C)10.1109/IS3C.2016.108(397-403)Online publication date: Jul-2016
https://doi.org/10.1109/IS3C.2016.108
Show More Cited By

Index Terms

A feather-weight virtual machine for windows applications

Recommendations

Applications of a feather-weight virtual machine
VEE '08: Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments

A Feather-weight Virtual Machine (FVM) is an OS-level virtualization technology that enables multiple isolated execution environments to exist on a single Windows kernel. The key design goal of FVM is efficient resource sharing among VMs so as to ...
Resource availability based performance benchmarking of virtual machine migrations
ICPE '13: Proceedings of the 4th ACM/SPEC International Conference on Performance Engineering

Virtual machine migration enables load balancing, hot spot mitigation and server consolidation in virtualized environments. Live VM migration can be of two types - adaptive, in which the rate of page transfer adapts to virtual machine behaviour (mainly ...
A parallel migration scheme for fast virtual machine relocation on a cloud cluster

The paper proposes a method for parallelizing migrations to reduce the time required for virtual machine (VM) relocation. During VM relocation, VMs need to wait for their migrations in a chain due to the limited resource of the physical machines (PMs), ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

VEE '06: Proceedings of the 2nd international conference on Virtual execution environments

June 2006

194 pages

ISBN:1595933328

DOI:10.1145/1134760

General Chair:
Hans-J. Boehm
HP Labs, USA
,
Program Chair:
David Grove
IBM Research, USA

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 June 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

VEE06

Sponsor:

VEE06: Second International Conference on Virtual Execution Environments

June 14 - 16, 2006

Ontario, Ottawa, Canada

Acceptance Rates

Overall Acceptance Rate 80 of 235 submissions, 34%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

50
Total Citations
View Citations
1,485
Total Downloads

Downloads (Last 12 months)14
Downloads (Last 6 weeks)3

Reflects downloads up to 17 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Dai TLi XHassanshahi BYap RLiang Z(2017)RoppDroidComputers and Security10.1016/j.cose.2017.04.00268:C(98-111)Online publication date: 1-Jul-2017
https://dl.acm.org/doi/10.1016/j.cose.2017.04.002
Ul Haq MLiao LLerong M(2016)Design and implementation of sandbox technique for isolated applications2016 IEEE Information Technology, Networking, Electronic and Automation Control Conference10.1109/ITNEC.2016.7560422(557-561)Online publication date: May-2016
https://doi.org/10.1109/ITNEC.2016.7560422
Ul Haq MLiao LMa L(2016)Transitioning Native Application into Virtual Machine by Using Hardware Virtualization Extensions2016 International Symposium on Computer, Consumer and Control (IS3C)10.1109/IS3C.2016.108(397-403)Online publication date: Jul-2016
https://doi.org/10.1109/IS3C.2016.108
Natawiguna ALiem M(2016)Virtualization methods for securing online exam2016 International Conference on Data and Software Engineering (ICoDSE)10.1109/ICODSE.2016.7936145(1-7)Online publication date: Oct-2016
https://doi.org/10.1109/ICODSE.2016.7936145
Liu YYuan ZXing CGong BXiao YLiu H(2015)A behavioral anomaly detection strategy based on time series process portraits for desktop virtualization systemsCluster Computing10.1007/s10586-015-0431-218:2(979-988)Online publication date: 1-Jun-2015
https://dl.acm.org/doi/10.1007/s10586-015-0431-2
Yi CFeng SGong Z(2014)A Comparison of Sandbox Technologies Used in Online Judge SystemsApplied Mechanics and Materials10.4028/www.scientific.net/AMM.490-491.1201490-491(1201-1204)Online publication date: Jan-2014
https://doi.org/10.4028/www.scientific.net/AMM.490-491.1201
van Moolenbroek DAppuswamy RTanenbaum ADekel EBurns RFriedman R(2014)Towards a Flexible, Lightweight Virtualization AlternativeProceedings of International Conference on Systems and Storage10.1145/2611354.2611369(1-7)Online publication date: 30-Jun-2014
https://dl.acm.org/doi/10.1145/2611354.2611369
Shan ZWang XChiueh T(2014)ShuttleIEEE Transactions on Computers10.1109/TC.2012.29763:5(1220-1233)Online publication date: 1-May-2014
https://dl.acm.org/doi/10.1109/TC.2012.297
Li XBai GThian BLiang ZYin H(2014)A Light-Weight Software Environment for Confining Android MalwareProceedings of the 2014 IEEE Eighth International Conference on Software Security and Reliability-Companion10.1109/SERE-C.2014.34(158-167)Online publication date: 30-Jun-2014
https://dl.acm.org/doi/10.1109/SERE-C.2014.34
Tak BTang C(2014)AppCloakProceedings of the 2014 IEEE International Conference on Cloud Computing10.1109/CLOUD.2014.112(810-817)Online publication date: 27-Jun-2014
https://dl.acm.org/doi/10.1109/CLOUD.2014.112
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents