Vsys: A Programmable sudo
Author(s): Bhatia, Sapan; Di Stasi, Giovanni; Haddow, Thom; Bavier, Andy; Muir, Steve; et al
DownloadTo refer to this page use:
http://arks.princeton.edu/ark:/88435/pr1hg21
Abstract: | We present Vsys, a mechanism for restricting access to privileged operations, much like the popular sudo tool on UNIX. Unlike sudo, Vsys allows privileges to be constrained using general-purpose programming lan- guages and facilitates composing multiple system ser- vices into powerful abstractions for isolation. In use for over three years on PlanetLab, Vsys has enabled over 100 researchers to create private overlay networks, user- level file systems, virtual switches, and TCP-variants that function safely and without interference. Vsys has also been used by applications such as whole-system monitoring in a VM. We describe the design of Vsys and discuss our experiences and lessons learned. |
Publication Date: | 2011 |
Citation: | Bhatia, Sapan, Giovanni Di Stasi, Thom Haddow, Andy C. Bavier, Steve Muir, and Larry L. Peterson. "Vsys: A Programmable Sudo." In USENIX Annual Technical Conference (2011). |
Type of Material: | Conference Article |
Journal/Proceeding Title: | USENIX Annual Technical Conference |
Version: | Final published version. This is an open access article. |
Items in OAR@Princeton are protected by copyright, with all rights reserved, unless otherwise indicated.