Skip to main content

Vsys: A Programmable sudo

Author(s): Bhatia, Sapan; Di Stasi, Giovanni; Haddow, Thom; Bavier, Andy; Muir, Steve; et al

To refer to this page use:
Abstract: We present Vsys, a mechanism for restricting access to privileged operations, much like the popular sudo tool on UNIX. Unlike sudo, Vsys allows privileges to be constrained using general-purpose programming lan- guages and facilitates composing multiple system ser- vices into powerful abstractions for isolation. In use for over three years on PlanetLab, Vsys has enabled over 100 researchers to create private overlay networks, user- level file systems, virtual switches, and TCP-variants that function safely and without interference. Vsys has also been used by applications such as whole-system monitoring in a VM. We describe the design of Vsys and discuss our experiences and lessons learned.
Publication Date: 2011
Citation: Bhatia, Sapan, Giovanni Di Stasi, Thom Haddow, Andy C. Bavier, Steve Muir, and Larry L. Peterson. "Vsys: A Programmable Sudo." In USENIX Annual Technical Conference (2011).
Type of Material: Conference Article
Journal/Proceeding Title: USENIX Annual Technical Conference
Version: Final published version. This is an open access article.

Items in OAR@Princeton are protected by copyright, with all rights reserved, unless otherwise indicated.