Learn More
Virtual machine monitors (VMMs), including hypervisors, are a popular platform for implementing various security functionalities. However, traditional VMMs require numerous components for providing virtual hardware devices and for sharing and protecting system resources among virtual machines (VMs), enlarging the code size of and reducing the reliability of(More)
This paper proposes a novel method of achieving fast networking in hosted virtual machine (VM) environments. This method, called socket-outsourcing, replaces the socket layer in a guest operating system (OS) with the socket layer of the host OS. Socket-outsourcing increases network performance by eliminating duplicate message copying in both the host OS and(More)
This thesis presents the design and implementation of an extensible dialect of the Java language, named OpenJava. Although the Java language is well polished and dedicated to cover applications of a wide range of computational domain, it still lacks some mechanisms necessary for typical kinds of applications. Our OpenJava enables programmers to extend the(More)
VPN Gate is a public VPN relay service designed to achieve blocking resistance to censorship firewalls such as the Great Firewall (GFW) of China. To achieve such resistance, we organize many volunteers to provide a VPN relay service, with many changing IP addresses. To block VPN Gate with their firewalls, censorship authorities must find the IP addresses of(More)
A user-level operating system (OS) can be implemented as a regular user process on top of another host operating system. Conventional user-level OSes, such as User Mode Linux, view the underlying host operating system as a specific hardware architecture. Therefore, the implementation of a user-level OS often requires porting of an existing kernel to a new(More)
In conventional egress network access control (NAC) using access control lists (ACLs), modifying ACLs is a heavy task for administrators. To enable rapid configuration without a large amount of effort by administrators, we introduce capabilities to egress NAC. In our egress NAC, a user can transfer his/her access rights (capabilities) to other persons(More)
In conventional egress network access control (NAC) based on access control lists (ACLs), modifying the ACLs is a heavy task for administrators. To enable configuration without a large amount of administrators' effort, we introduce capabilities to egress NAC. In our method, a user can transfer his/her access rights (capabilities) to other persons without(More)
We present a new access control model for XML Web-Services that provides users with two kinds of authorities: the authority to delegate their authorities to other users and the authority to create new authorities based on their own authorities. We developed this model by introducing capability- based access control to Web services. A capability consists of(More)
Virtualized environments are important building blocks in consolidated data centers and cloud computing. Full virtualization (FV) allows unmodified guest OSes to run on virtualization-aware microprocessors. However, the significant overhead of device emulation in FV has caused high I/O overhead. Current implementations based on paravirtualization can only(More)