Virtualization Mechanisms for Mobility, Security and System Administration

Shaya Potter

Ph.D. Thesis, Department of Computer Science, Columbia University, March 2010


This dissertation demonstrates that operating system virtualization is an effective method for solving many different types of computing problems. We have designed novel systems that make use of commodity software while solving problems that were not conceived when the software was originally written. We show that by leveraging and extending existing virtualization techniques, and introducing new ones, we can build these novel systems without requiring the applications or operating systems to be rewritten. We introduce six architectures that leverage operating system virtualization. *Pod creates fully secure virtual environments and improves user mobility. AutoPod re- duces the downtime needed to apply kernel patches and perform system maintenance. PeaPod creates least-privilege systems by introducing the pea abstraction. Strata im- proves the ability of administrators to manage large numbers of machines by introduc- ing the Virtual Layered File System. Apiary builds upon Strata to create a new form of desktop security by using isolated persistent and ephemeral application containers. Finally, ISE-T applies the two-person control model to system administration. By leveraging operating system virtualization, we have built these architectures on Linux without requiring any changes to the underlying kernel or user-space ap- plications. Our results, with real applications, demonstrate that operating system virtualization has minimal overhead. These architectures solve problems with min- imal impact on end-users while providing functionality that would previously have required modifications to the underlying system.



Columbia University Department of Computer Science