Proceedings of the Ninth European Conference on Computer Systems 2014
DOI: 10.1145/2592798.2592812
|View full text |Cite
|
Sign up to set email alerts
|

Cooperation and security isolation of library OSes for multi-process applications

Abstract: Library OSes are a promising approach for applications to efficiently obtain the benefits of virtual machines, including security isolation, host platform compatibility, and migration. Library OSes refactor a traditional OS kernel into an application library, avoiding overheads incurred by duplicate functionality. When compared to running a single application on an OS kernel in a VM, recent library OSes reduce the memory footprint by an order-of-magnitude.Previous library OS (libOS) research has focused on sin… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
55
0

Year Published

2016
2016
2022
2022

Publication Types

Select...
5
2
2

Relationship

0
9

Authors

Journals

citations
Cited by 91 publications
(55 citation statements)
references
References 37 publications
0
55
0
Order By: Relevance
“…SGX-based Systems. Haven [56], Graphene [57,58] and Panoply [59] provide LibOS for SGX, which enable easier application porting and prevent Iago attacks [60]. OpenSGX [61] provides an open research framework for running SGX applications.…”
Section: Related Workmentioning
confidence: 99%
“…SGX-based Systems. Haven [56], Graphene [57,58] and Panoply [59] provide LibOS for SGX, which enable easier application porting and prevent Iago attacks [60]. OpenSGX [61] provides an open research framework for running SGX applications.…”
Section: Related Workmentioning
confidence: 99%
“…Typically, library OSes implement their own APIs [7,64]. Some approaches [34,85] support POSIX but still run on top of a monolithic OS with a large TCB. LibrettOS provides full POSIX and BSD compatibility (except fork(2) and pipe(2) as discussed in Section 4.2), while avoiding a large TCB in the underlying kernel.…”
Section: Posix and Compatibilitymentioning
confidence: 99%
“…Nemesis [72] implemented a library OS with an extremely lightweight kernel. Drawbridge [66], Graphene [85], and Graphene-SGX [86] are more recent works that leverage the security bene ts of library OSes due to the increased isolation resulting from the lesser degree of interaction between applications and the privileged layer. Bascule [6] demonstrated OS-independent extensions for library OSes.…”
Section: Related Workmentioning
confidence: 99%
“…A number of works study how to load unmodified applications into enclaves [3,6,33,53]. These approaches work well for applications that process small data sizes, but do not scale well to larger workloads due to SGX limitations.…”
Section: Related Workmentioning
confidence: 99%