This paper focuses on an efficient user-level method for the deployment of application-specific extensions, using commodity operating systems and hardware. A sandboxing technique is described that supports multiple extensions within a shared virtual address space. Applications can register sandboxed code with the system, so that it may be executed in the context of any process. Such code may be used to implement generic routines and handlers for a class of applications, or system service extensions that complement the functionality of the core kernel. Using our approach, application-specific extensions can be written like conventional user-level code, utilizing libraries and system calls, with the advantage that they may be executed without...
Users are relying increasingly on untrusted software in their daily activities such as viewing docum...
Virtual memory is a classic computer science abstraction and is ubiquitous in all scales of computin...
This paper describes a mechanism for protecting against malicious mobile code. As mobile code is lin...
This paper focuses on an efficient user-level method for the deployment of application-specific exte...
This paper focuses on an efficient user-level method for the deployment of application-specific exte...
Extensible systems allow services to be configured and deployed for the specific needs of individual...
Many software applications extend their functionality by dynamically loading libraries into their al...
Current low-level networking abstractions on modern operating systems are commonly implemented in th...
We describe a set of efficient cross-domain mechanisms that allow operating systems to be implemente...
Current low-level networking abstractions on modern operating systems are commonly implemented in th...
User-level network interfaces allow applications direct access to the network without operating syst...
In this dissertation, I rethink how an OS supports virtual memory. Classical virtual memory is an op...
Scalable distributed systems, systems whose processing power remains proportional to the number of c...
In many instances of virtual machine deployments today, virtual machine instances are created to sup...
of the Thesis Palladium: A System for Supporting Safe User Extensions Using Segmentation Hardware ...
Users are relying increasingly on untrusted software in their daily activities such as viewing docum...
Virtual memory is a classic computer science abstraction and is ubiquitous in all scales of computin...
This paper describes a mechanism for protecting against malicious mobile code. As mobile code is lin...
This paper focuses on an efficient user-level method for the deployment of application-specific exte...
This paper focuses on an efficient user-level method for the deployment of application-specific exte...
Extensible systems allow services to be configured and deployed for the specific needs of individual...
Many software applications extend their functionality by dynamically loading libraries into their al...
Current low-level networking abstractions on modern operating systems are commonly implemented in th...
We describe a set of efficient cross-domain mechanisms that allow operating systems to be implemente...
Current low-level networking abstractions on modern operating systems are commonly implemented in th...
User-level network interfaces allow applications direct access to the network without operating syst...
In this dissertation, I rethink how an OS supports virtual memory. Classical virtual memory is an op...
Scalable distributed systems, systems whose processing power remains proportional to the number of c...
In many instances of virtual machine deployments today, virtual machine instances are created to sup...
of the Thesis Palladium: A System for Supporting Safe User Extensions Using Segmentation Hardware ...
Users are relying increasingly on untrusted software in their daily activities such as viewing docum...
Virtual memory is a classic computer science abstraction and is ubiquitous in all scales of computin...
This paper describes a mechanism for protecting against malicious mobile code. As mobile code is lin...