Title: Cooperation and Security Isolation in the Graphene Library OS
Speaker: Prof. Don Porter,
Department of Computer Science
Stony Brook University
Stony Brook, NY
When: Friday, 10/02/15, @ 2pm
Where: 1131 Kemper Hall
Host: Matt Bishop, firstname.lastname@example.org
Packaging an application with all of its software dependencies, including libraries and the OS API, is essential to deploying applications across a range of cloud and local systems. Library OSes are an appealing solution to this problem—efficiently decoupling an application from the host OS kernel over a minimal ABI that is easy to implement and secure.
This talk describes the Graphene library OS, which can run a wide range of unmodified Linux applications. Graphene is unique in its ability to support a wide range of Unix-style multi-processing abstractions. In Graphene, multiple library OS instances coordinate to appear to the application as a single Linux instance. This design facilitates strong isolation and dynamic sandboxing. The talk concludes with ongoing work that extends Graphene to improve application security.
More information about Graphene, including source code,
is available at graphene.cs.stonybrook.edu.
1131 Kemper Hall