VSYS: A programmable sudo

Sapan Bhatia; Giovanni Di Stasi; Thom Haddow; Andy Bavier; Steve Muir; Larry Peterson

VSYS: A programmable sudo

Sapan Bhatia, Giovanni Di Stasi, Thom Haddow, Andy Bavier, Steve Muir, Larry Peterson

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

We present Vsys, a mechanism for restricting access to privileged operations, much like the popular sudo tool on UNIX. Unlike sudo, Vsys allows privileges to be constrained using general-purpose programming languages and facilitates composing multiple system services into powerful abstractions for isolation. In use for over three years on PlanetLab, Vsys has enabled over 100 researchers to create private overlay networks, user-level file systems, virtual switches, and TCP-variants that function safely and without interference. Vsys has also been used by applications such as whole-system monitoring in a VM. We describe the design of Vsys and discuss our experiences and lessons learned.

Original language	English (US)
Title of host publication	Proceedings of the 2011 USENIX Annual Technical Conference, USENIX ATC 2011
Publisher	USENIX Association
Pages	253-258
Number of pages	6
ISBN (Electronic)	9781931971850
State	Published - 2019
Event	2011 USENIX Annual Technical Conference, USENIX ATC 2011 - Portland, United States Duration: Jun 15 2011 → Jun 17 2011

Publication series

Name	Proceedings of the 2011 USENIX Annual Technical Conference, USENIX ATC 2011

Conference

Conference	2011 USENIX Annual Technical Conference, USENIX ATC 2011
Country/Territory	United States
City	Portland
Period	6/15/11 → 6/17/11

ASJC Scopus subject areas

General Computer Science

Cite this

Bhatia, S, Di Stasi, G, Haddow, T, Bavier, A, Muir, S & Peterson, L 2019, VSYS: A programmable sudo. in Proceedings of the 2011 USENIX Annual Technical Conference, USENIX ATC 2011. Proceedings of the 2011 USENIX Annual Technical Conference, USENIX ATC 2011, USENIX Association, pp. 253-258, 2011 USENIX Annual Technical Conference, USENIX ATC 2011, Portland, United States, 6/15/11.

@inproceedings{eba6c11271d54ba4ab6279fdeb1c54f0,

title = "VSYS: A programmable sudo",

abstract = "We present Vsys, a mechanism for restricting access to privileged operations, much like the popular sudo tool on UNIX. Unlike sudo, Vsys allows privileges to be constrained using general-purpose programming languages and facilitates composing multiple system services into powerful abstractions for isolation. In use for over three years on PlanetLab, Vsys has enabled over 100 researchers to create private overlay networks, user-level file systems, virtual switches, and TCP-variants that function safely and without interference. Vsys has also been used by applications such as whole-system monitoring in a VM. We describe the design of Vsys and discuss our experiences and lessons learned.",

author = "Sapan Bhatia and {Di Stasi}, Giovanni and Thom Haddow and Andy Bavier and Steve Muir and Larry Peterson",

year = "2019",

language = "English (US)",

series = "Proceedings of the 2011 USENIX Annual Technical Conference, USENIX ATC 2011",

publisher = "USENIX Association",

pages = "253--258",

booktitle = "Proceedings of the 2011 USENIX Annual Technical Conference, USENIX ATC 2011",

note = "2011 USENIX Annual Technical Conference, USENIX ATC 2011 ; Conference date: 15-06-2011 Through 17-06-2011",

}

TY - GEN

T1 - VSYS

T2 - 2011 USENIX Annual Technical Conference, USENIX ATC 2011

AU - Bhatia, Sapan

AU - Di Stasi, Giovanni

AU - Haddow, Thom

AU - Bavier, Andy

AU - Muir, Steve

AU - Peterson, Larry

PY - 2019

Y1 - 2019

N2 - We present Vsys, a mechanism for restricting access to privileged operations, much like the popular sudo tool on UNIX. Unlike sudo, Vsys allows privileges to be constrained using general-purpose programming languages and facilitates composing multiple system services into powerful abstractions for isolation. In use for over three years on PlanetLab, Vsys has enabled over 100 researchers to create private overlay networks, user-level file systems, virtual switches, and TCP-variants that function safely and without interference. Vsys has also been used by applications such as whole-system monitoring in a VM. We describe the design of Vsys and discuss our experiences and lessons learned.

AB - We present Vsys, a mechanism for restricting access to privileged operations, much like the popular sudo tool on UNIX. Unlike sudo, Vsys allows privileges to be constrained using general-purpose programming languages and facilitates composing multiple system services into powerful abstractions for isolation. In use for over three years on PlanetLab, Vsys has enabled over 100 researchers to create private overlay networks, user-level file systems, virtual switches, and TCP-variants that function safely and without interference. Vsys has also been used by applications such as whole-system monitoring in a VM. We describe the design of Vsys and discuss our experiences and lessons learned.

UR - http://www.scopus.com/inward/record.url?scp=84873646155&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84873646155&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84873646155

T3 - Proceedings of the 2011 USENIX Annual Technical Conference, USENIX ATC 2011

SP - 253

EP - 258

BT - Proceedings of the 2011 USENIX Annual Technical Conference, USENIX ATC 2011

PB - USENIX Association

Y2 - 15 June 2011 through 17 June 2011

ER -

VSYS: A programmable sudo

Abstract

Publication series

Conference

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this