To refer to this page use:
|Abstract:||We present Vsys, a mechanism for restricting access to privileged operations, much like the popular sudo tool on UNIX. Unlike sudo, Vsys allows privileges to be constrained using general-purpose programming lan- guages and facilitates composing multiple system ser- vices into powerful abstractions for isolation. In use for over three years on PlanetLab, Vsys has enabled over 100 researchers to create private overlay networks, user- level file systems, virtual switches, and TCP-variants that function safely and without interference. Vsys has also been used by applications such as whole-system monitoring in a VM. We describe the design of Vsys and discuss our experiences and lessons learned.|
|Citation:||Bhatia, Sapan, Giovanni Di Stasi, Thom Haddow, Andy C. Bavier, Steve Muir, and Larry L. Peterson. "Vsys: A Programmable Sudo." In USENIX Annual Technical Conference (2011).|
|Type of Material:||Conference Article|
|Journal/Proceeding Title:||USENIX Annual Technical Conference|
|Version:||Final published version. This is an open access article.|
Items in OAR@Princeton are protected by copyright, with all rights reserved, unless otherwise indicated.