Results 1 - 10 of 1,339

KVM: the Linux Virtual Machine Monitor

by Avi Kivity, Yaniv Kamay, Dor Laor, Uri Lublin, Anthony Liguori - In Proceedings of the 2007 Ottawa Linux Symposium (OLS’-07 , 2007
"... Virtualization is a hot topic in operating systems these days. It is useful in many scenarios: server consolida-tion, virtual test environments, and for Linux enthusiasts who still can not decide which distribution is best. Re-cently, hardware vendors of commodity x86 processors have added virtualiz ..."
Abstract - Cited by 195 (2 self) - Add to MetaCart
virtualization extensions to the instruction set that can be utilized to write relatively simple virtual machine monitors. The Kernel-based Virtual Machine, or kvm, is a new Linux subsystem which leverages these virtualization extensions to add a virtual machine monitor (or hyper-visor) capability to Linux

kvm: the Linux Virtual Machine Monitor

by Uri Lublin, Yaniv Kamay, Dor Laor, Anthony Liguori
"... Virtualization is a hot topic in operating systems these days. It is useful in many scenarios: server consolidation, virtual test environments, and for Linux enthusiasts who still can not decide which distribution is best. Recently, hardware vendors of commodity x86 processors have added virtualizat ..."
Abstract - Add to MetaCart
virtualization extensions to the instruction set that can be utilized to write relatively simple virtual machine monitors. The Kernel-based Virtual Machine, or kvm, is a new Linux subsystem which leverages these virtualization extensions to add a virtual machine monitor (or hypervisor) capability to Linux. Using

Xen and the art of virtualization

by Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, Andrew Warfield - IN SOSP , 2003
"... Numerous systems have been designed which use virtualization to subdivide the ample resources of a modern computer. Some require specialized hardware, or cannot support commodity operating systems. Some target 100 % binary compatibility at the expense of performance. Others sacrifice security or fun ..."
Abstract - Cited by 2010 (35 self) - Add to MetaCart
or functionality for speed. Few offer resource isolation or performance guarantees; most provide only best-effort provisioning, risking denial of service. This paper presents Xen, an x86 virtual machine monitor which allows multiple commodity operating systems to share conventional hardware in a safe and resource

Terra: a virtual machine-based platform for trusted computing

by Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, Dan Boneh , 2003
"... We present a flexible architecture for trusted computing, called Terra, that allows applications with a wide range of security requirements to run simultaneously on commodity hardware. Applications on Terra enjoy the semantics of running on a separate, dedicated, tamper-resistant hardware platform, ..."
Abstract - Cited by 431 (5 self) - Add to MetaCart
, while retaining the ability to run side-by-side with normal applications on a generalpurpose computing platform. Terra achieves this synthesis by use of a trusted virtual machine monitor (TVMM) that partitions a tamper-resistant hardware platform into multiple, isolated virtual machines (VM), providing

A Virtual Machine Introspection Based Architecture for Intrusion Detection

by Tal Garfinkel, Mendel Rosenblum - In Proc. Network and Distributed Systems Security Symposium , 2003
"... Today's architectures for intrusion detection force the IDS designer to make a difficult choice. If the IDS resides on the host, it has an excellent view of what is happening in that host's software, but is highly susceptible to attack. On the other hand, if the IDS resides in the network, ..."
Abstract - Cited by 423 (5 self) - Add to MetaCart
this through the use of a virtual machine monitor. Using this approach allows us to isolate the IDS from the monitored host but still retain excellent visibility into the host's state. The VMM also offers us the unique ability to completely mediate interactions between the host software and the underlying

A Virtual Honeypot Framework

by Niels Provos - In Proceedings of the 13th USENIX Security Symposium , 2004
"... A honeypot is a closely monitored network decoy serving several purposes: it can distract adversaries from more valuable machines on a network, can provide early warning about new attack and exploitation trends, or allow in-depth examination of adversaries during and after exploitation of a honeypot ..."
Abstract - Cited by 252 (5 self) - Add to MetaCart
A honeypot is a closely monitored network decoy serving several purposes: it can distract adversaries from more valuable machines on a network, can provide early warning about new attack and exploitation trends, or allow in-depth examination of adversaries during and after exploitation of a

SubVirt: Implementing malware with virtual machines

by Samuel T. King, Peter M. Chen, Yi-min Wang, Chad Verbowski, Helen J. Wang, Jacob R. Lorch , 2006
"... Attackers and defenders of computer systems both strive to gain complete control over the system. To maximize their control, both attackers and defenders have migrated to low-level, operating system code. In this paper, we assume the perspective of the attacker, who is trying to run malicious softwa ..."
Abstract - Cited by 153 (2 self) - Add to MetaCart
virtual-machine based rootkit (VMBR), installs a virtual-machine mon-itor underneath an existing operating system and hoists the original operating system into a virtual machine. Virtual-machine based rootkits are hard to detect and remove because their state cannot be accessed by soft-ware running

Optimizing the migration of virtual computers

by Constantine P Sapuntzakis , Ramesh Chandra , Ben Pfaff , Jim Chow , Monica S Lam , Mendel Rosenblum - In Proceedings of the 5th Symposium on Operating Systems Design and Implementation , 2002
"... Abstract This paper shows how to quickly move the state of a running computer across a network, including the state in its disks, memory, CPU registers, and I/O devices. We call this state a capsule. Capsule state is hardware state, so it includes the entire operating system as well as applications ..."
Abstract - Cited by 238 (5 self) - Add to MetaCart
these optimizations in a prototype system that uses VMware GSX Server virtual machine monitor to create and run x86 capsules. The system targets networks as slow as 384 kbps. Our experimental results suggest that efficient capsule migration can improve user mobility and system management. Software updates

Secure Execution Via Program Shepherding

by Vladimir Kiriansky , Derek Bruening, Saman Amarasinghe , 2002
"... We introduce program shepherding, a method for monitoring control flow transfers during program execution to enforce a security policy. Program shepherding provides three techniques as building blocks for security policies. First, shepherding can restrict execution privileges on the basis of code or ..."
Abstract - Cited by 308 (5 self) - Add to MetaCart
in a runtime system with minimal or no performance penalties. This system operates on unmodified native binaries, requires no special hardware or operating system support, and runs on existing IA-32 machines under both Linux and Windows.

Fast transparent migration for virtual machines

by Michael Nelson, Beng-hong Lim, Greg Hutchins - In Proceedings of the annual conference on USENIX Annual Technical Conference , 2005
"... This paper describes the design and implementation of a system that uses virtual machine technology [1] to provide fast, transparent application migration. This is the first system that can migrate unmodified applications on unmodified mainstream Intel x86-based operating system, including Microsoft ..."
Abstract - Cited by 166 (0 self) - Add to MetaCart
This paper describes the design and implementation of a system that uses virtual machine technology [1] to provide fast, transparent application migration. This is the first system that can migrate unmodified applications on unmodified mainstream Intel x86-based operating system, including
Results 1 - 10 of 1,339