Secure Isolation of Untrusted Legacy Applications

Shaya Potter, Jason Nieh, Matthew Selsky

Proceedings of the 21st Large Installation System Administration Conference (LISA 2007), Dallas, TX, November 11-16, 2007, pp. 117-130


Existing applications often contain security holes that are not patched until after the system has already been compromised. Even when software updates are available, applying them often re- sults in system services being unavailable for some time. This can force administrators to leave system services in an insecure state for extended periods. To address these system security issues, we have developed the PeaPod virtualization layer. The PeaPod virtualization layer provides a group of processes and associated users with two virtualization abstractions, pods and peas. A pod provides an isolated virtualized environment that is decoupled from the underlying operating sys- tem instance. A pea provides an easy-to-use least privilege model for fine grain isolation amongst application components that need to interact with one another. As a result, the system easily en- ables the creation of lightweight environments for privileged program execution that can help with intrusion prevention and containment. Our measurements on real world desktop and server appli- cations demonstrate that the PeaPod virtualization layer imposes little overhead and enables secure isolation of untrusted applications.



Columbia University Department of Computer Science