Sciweavers

LISA
2007

Secure Isolation of Untrusted Legacy Applications

14 years 1 months ago
Secure Isolation of Untrusted Legacy Applications
Existing applications often contain security holes that are not patched until after the system has already been compromised. Even when software updates are available, applying them often results in system services being unavailable for some time. This can force administrators to leave system services in an insecure state for extended periods. To address these system security issues, we have developed the PeaPod virtualization layer. The PeaPod virtualization layer provides a processes and associated users with two virtualization abstractions, pods and peas. A pod provides an isolated virtualized environment that is decoupled from the underlying operating system instance. A pea provides an easy-to-use least privilege model for fine grain isolation amongst application components that need to interact with one another. As a result, the system easily enables the creation of lightweight environments for privileged program execution that can help with intrusion prevention and containment. O...
Shaya Potter, Jason Nieh, Matt Selsky
Added 02 Oct 2010
Updated 02 Oct 2010
Type Conference
Year 2007
Where LISA
Authors Shaya Potter, Jason Nieh, Matt Selsky
Comments (0)