Sciweavers

PLDI
2006
ACM

A microkernel virtual machine: : building security with clear interfaces

13 years 9 months ago
A microkernel virtual machine: : building security with clear interfaces
In this paper we propose a novel microkernel-based virtual machine (µKVM), a new code-based security framework with a simple and declarative security architecture. The main design goals of the µKVM are to put a clear, inviolable programming interface between different codebases or security components, and to limit the size of the trusted codebase in the spirit of a microkernel. Security policies are enforced solely on the interface because all data must explicitly pass through the inviolable interface. The architecture of the µKVM effectively removes the need for expensive runtime stack inspection, and applies the principle of least privilege to both library and application code elegantly and efficiently. We have implemented a prototype of the proposed µKVM. A series of benchmarks show that the prototype preserves the original functionality of Java and compares favorably with the J2SDK performance-wise. Categories and Subject Descriptors D.3.3 [Programming Languages]: Language Co...
Xiaoqi Lu, Scott F. Smith
Added 14 Jun 2010
Updated 14 Jun 2010
Type Conference
Year 2006
Where PLDI
Authors Xiaoqi Lu, Scott F. Smith
Comments (0)