Skip to main content

Vsys: A Programmable sudo

Author(s): Bhatia, Sapan; Di Stasi, Giovanni; Haddow, Thom; Bavier, Andy; Muir, Steve; et al

To refer to this page use:
Full metadata record
DC FieldValueLanguage
dc.contributor.authorBhatia, Sapan-
dc.contributor.authorDi Stasi, Giovanni-
dc.contributor.authorHaddow, Thom-
dc.contributor.authorBavier, Andy-
dc.contributor.authorMuir, Steve-
dc.contributor.authorPeterson, Larry-
dc.identifier.citationBhatia, Sapan, Giovanni Di Stasi, Thom Haddow, Andy C. Bavier, Steve Muir, and Larry L. Peterson. "Vsys: A Programmable Sudo." In USENIX Annual Technical Conference (2011).en_US
dc.description.abstractWe present Vsys, a mechanism for restricting access to privileged operations, much like the popular sudo tool on UNIX. Unlike sudo, Vsys allows privileges to be constrained using general-purpose programming lan- guages and facilitates composing multiple system ser- vices into powerful abstractions for isolation. In use for over three years on PlanetLab, Vsys has enabled over 100 researchers to create private overlay networks, user- level file systems, virtual switches, and TCP-variants that function safely and without interference. Vsys has also been used by applications such as whole-system monitoring in a VM. We describe the design of Vsys and discuss our experiences and lessons learned.en_US
dc.relation.ispartofUSENIX Annual Technical Conferenceen_US
dc.rightsFinal published version. This is an open access article.en_US
dc.titleVsys: A Programmable sudoen_US
dc.typeConference Articleen_US

Files in This Item:
File Description SizeFormat 
ProgramSudo.pdf196.27 kBAdobe PDFView/Download

Items in OAR@Princeton are protected by copyright, with all rights reserved, unless otherwise indicated.