Vsys: A Programmable sudo.
USENIXATC'11: Proceedings of the 2011 USENIX conference on USENIX annual technical conference(2011)
摘要
We present Vsys, a mechanism for restricting access to privileged operations, much like the popular sudo tool on UNIX. Unlike sudo, Vsys allows privileges to be constrained using general-purpose programming languages and facilitates composing multiple system services into powerful abstractions for isolation. In use for over three years on PlanetLab, Vsys has enabled over 100 researchers to create private overlay networks, userlevel file systems, virtual switches, and TCP-variants that function safely and without interference. Vsys has also been used by applications such as whole-system monitoring in a VM. We describe the design of Vsys and discuss our experiences and lessons learned.
更多查看译文
关键词
present Vsys,popular sudo tool,general-purpose programming language,multiple system service,powerful abstraction,private overlay network,privileged operation,userlevel file system,virtual switch,whole-system monitoring,programmable sudo
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要