Yasushi Shinjo

Learn More
Virtual machine monitors (VMMs), including hypervisors, are a popular platform for implementing various security functionalities. However, traditional VMMs require numerous components for providing virtual hardware devices and for sharing and protecting system resources among virtual machines (VMs), enlarging the code size of and reducing the reliability of(More)
A user-level operating system (OS) can be implemented as a regular user process on top of another host operating system. Conventional userlevel OSes, such as User Mode Linux, view the underlying host operating system as a specific hardware architecture. Therefore, the implementation of a user-level OS often requires porting of an existing kernel to a new(More)
VPN Gate is a public VPN relay service designed to achieve blocking resistance to censorship firewalls such as the Great Firewall (GFW) of China. To achieve such resistance, we organize many volunteers to provide a VPN relay service, with many changing IP addresses. To block VPN Gate with their firewalls, censorship authorities must find the IP addresses of(More)
This paper proposes a novel method of achieving fast networking in hosted virtual machine (VM) environments. This method, called socket-outsourcing, replaces the socket layer in a guest operating system (OS) with the socket layer of the host OS. Socket-outsourcing increases network performance by eliminating duplicate message copying in both the host OS and(More)
We present a new access control model for XML Web-Services that provides users with two kinds of authorities: the authority to delegate their authorities to other users and the authority to create new authorities based on their own authorities. We developed this model by introducing capability- based access control to Web services. A capability consists of(More)
Virtualized environments are important building blocks in consolidated data centers and cloud computing. Full virtualization (FV) allows unmodified guest OSes to run on virtualization-aware microprocessors. However, the significant overhead of device emulation in FV has caused high I/O overhead. Current implementations based on paravirtualization can only(More)
In conventional egress network access control (NAC) using access control lists (ACLs), modifying ACLs is a heavy task for administrators. To enable rapid configuration without a large amount of effort by administrators, we introduce capabilities to egress NAC. In our egress NAC, a user can transfer his/her access rights (capabilities) to other persons(More)