{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:42:31Z","timestamp":1750308151966,"version":"3.41.0"},"reference-count":26,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2006,1,1]],"date-time":"2006-01-01T00:00:00Z","timestamp":1136073600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGOPS Oper. Syst. Rev."],"published-print":{"date-parts":[[2006,1]]},"abstract":"<jats:p>Virtualised systems have experienced a resurgence in popularity in recent years, whether used to support multiple OSes running on a user's desktop, provide commercial application hosting facilities, or isolate a large number of users from each other in global network testbeds. We also see an increasing level of interest in having entities within these virtualised systems interact with each other, either as peers or as helpers providing a service to clients.Very little work has been previously conducted on how such interaction between virtualised environments can take place. We introduce Proper, a service running on the PlanetLab system, that allows unprivileged entities to access privileged operations in a safe, tightly controlled manner.This paper describes our work designing and implementing Proper, including a discussion of the various architectural decisions made. We describe how implementing such a system in a traditional UNIX environment is non-trivial, and provide a number of examples of how services running on PlanetLab actually use Proper.<\/jats:p>","DOI":"10.1145\/1113361.1113375","type":"journal-article","created":{"date-parts":[[2006,2,6]],"date-time":"2006-02-06T18:14:10Z","timestamp":1139249650000},"page":"75-88","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Privileged operations in the PlanetLab virtualised environment"],"prefix":"10.1145","volume":"40","author":[{"given":"Steve","family":"Muir","sequence":"first","affiliation":[{"name":"Princeton University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Larry","family":"Peterson","sequence":"additional","affiliation":[{"name":"Princeton University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Marc","family":"Fiuczynski","sequence":"additional","affiliation":[{"name":"Princeton University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Justin","family":"Cappos","sequence":"additional","affiliation":[{"name":"Princeton University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"John","family":"Hartman","sequence":"additional","affiliation":[{"name":"Princeton University"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2006,1]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"Debian APT tool ported to RedHat Linux. http:\/\/www.apt-get.org\/.  Debian APT tool ported to RedHat Linux. http:\/\/www.apt-get.org\/."},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945462"},{"key":"e_1_2_1_3_1","volume-title":"Proc. 1st NSDI","author":"Bavier A.","year":"2004","unstructured":"Bavier , A. , Bowman , M. , Culler , D. , Chun , B. , Karlin , S. , Muir , S. , and And , T. S . Operating System Support for Planetary-Scale Network Services . In Proc. 1st NSDI ( San Francisco, CA , Mar. 2004 ). Bavier, A., Bowman, M., Culler, D., Chun, B., Karlin, S., Muir, S., and And, T. S. Operating System Support for Planetary-Scale Network Services. In Proc. 1st NSDI (San Francisco, CA, Mar. 2004)."},{"key":"e_1_2_1_4_1","unstructured":"ENSIM CORP. Ensim Virtual Private Server. http:\/\/www.ensim.com\/products\/privateservers\/index.html.  ENSIM CORP. Ensim Virtual Private Server. http:\/\/www.ensim.com\/products\/privateservers\/index.html."},{"key":"e_1_2_1_5_1","volume-title":"Proc. 3rd OSDI","author":"Ford B.","year":"1999","unstructured":"Ford , B. , Hibler , M. , Lepreau , J. , McGrath , R. , and Tullmann , P . Interface and Execution Models in the Fluke Kernel . In Proc. 3rd OSDI ( New Orleans, LA , Feb 1999 ). Ford, B., Hibler, M., Lepreau, J., McGrath, R., and Tullmann, P. Interface and Execution Models in the Fluke Kernel. In Proc. 3rd OSDI (New Orleans, LA, Feb 1999)."},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/503272.503301"},{"key":"e_1_2_1_7_1","volume-title":"M: Ostia: A Delegating Architecture for Secure System Call Interposition. In Proc. 2004 Symposium on Network and Distributed System Security","author":"Garfinkel T.","year":"2004","unstructured":"Garfinkel , T. , Pfaff , B. , and Rosenblum , M: Ostia: A Delegating Architecture for Secure System Call Interposition. In Proc. 2004 Symposium on Network and Distributed System Security ( 2004 ). Garfinkel, T., Pfaff, B., and Rosenblum, M: Ostia: A Delegating Architecture for Secure System Call Interposition. In Proc. 2004 Symposium on Network and Distributed System Security (2004)."},{"key":"e_1_2_1_8_1","volume-title":"Inside Java 2 Platform Security","author":"Gong L.","year":"1999","unstructured":"Gong , L. Inside Java 2 Platform Security . Addison Wesley , 1999 . Gong, L. Inside Java 2 Platform Security. Addison Wesley, 1999."},{"key":"e_1_2_1_9_1","volume-title":"Proc. USENIX '02","author":"Jim T.","year":"2002","unstructured":"Jim , T. , Morrisett , G. , Grossman , D. , and Hicks , M . Cyclone: A Safe Dialect of C . In Proc. USENIX '02 ( Monterey, CA , Jun 2002 ). Jim, T., Morrisett, G., Grossman, D., and Hicks, M. Cyclone: A Safe Dialect of C. In Proc. USENIX '02 (Monterey, CA, Jun 2002)."},{"key":"e_1_2_1_10_1","volume-title":"Jails: Confining the Omnipotent Root. In Proc. 2nd Int. SANE Conf.","author":"Kamp P.-H.","year":"2000","unstructured":"Kamp , P.-H. , and Watson , R. N . M . Jails: Confining the Omnipotent Root. In Proc. 2nd Int. SANE Conf. ( Maastricht, The Netherlands , May 2000 ). Kamp, P.-H., and Watson, R. N. M. Jails: Confining the Omnipotent Root. In Proc. 2nd Int. SANE Conf. (Maastricht, The Netherlands, May 2000)."},{"key":"e_1_2_1_11_1","volume-title":"Proc. of the 1st Workshop on Real, Large Distributed Systems","author":"Kotsovinos E.","year":"2004","unstructured":"Kotsovinos , E. , Moreton , T. , Pratt , I. , Ross , R. , Fraser , K. , Hand , S. , and Harris , T . Global-scale service deployment in the XenoServer platform . In Proc. of the 1st Workshop on Real, Large Distributed Systems ( San Francisco, CA , Dec 2004 ). Kotsovinos, E., Moreton, T., Pratt, I., Ross, R., Fraser, K., Hand, S., and Harris, T. Global-scale service deployment in the XenoServer platform. In Proc. of the 1st Workshop on Real, Large Distributed Systems (San Francisco, CA, Dec 2004)."},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/49.536480"},{"key":"e_1_2_1_13_1","unstructured":"LINUX VSERVERS PROJECT. http:\/\/linux-vserver.org\/.  LINUX VSERVERS PROJECT. http:\/\/linux-vserver.org\/."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.5555\/647054.715771"},{"key":"e_1_2_1_15_1","unstructured":"Object Management Group (OMG). Common Object Request Broker Architecture (CORBA). http:\/\/www.corba.org\/.  Object Management Group (OMG). Common Object Request Broker Architecture (CORBA). http:\/\/www.corba.org\/."},{"key":"e_1_2_1_16_1","first-page":"257","volume-title":"N. Improving Host Security with System Call Policies. In Proc. 12th USENIX Security Symposium","author":"Provos","year":"2003","unstructured":"Provos , N. Improving Host Security with System Call Policies. In Proc. 12th USENIX Security Symposium ( Washington, DC , Aug 2003 ), pp. 257 -- 272 . Provos, N. Improving Host Security with System Call Policies. In Proc. 12th USENIX Security Symposium (Washington, DC, Aug 2003), pp. 257--272."},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/319151.319163"},{"key":"e_1_2_1_18_1","volume-title":"Proc. 8th USENIX Security Symposium (WA","author":"Spencer R.","year":"1999","unstructured":"Spencer , R. , Smalley , S. , Loscocco , P. , Hibler , M. , Andersen , D. , and Lepreau , L . The Flask Security Architecture: System Support for Diverse Security Policies . In Proc. 8th USENIX Security Symposium (WA , Aug 1999 ). Spencer, R., Smalley, S., Loscocco, P., Hibler, M., Andersen, D., and Lepreau, L. The Flask Security Architecture: System Support for Diverse Security Policies. In Proc. 8th USENIX Security Symposium (WA, Aug 1999)."},{"key":"e_1_2_1_19_1","volume-title":"Comay. Solaris Zones: Operating System Support for Server Consolidation. In 3rd Virtual Machine Research and Technology Symposium Works-in-Progress","author":"Tucker A.","year":"2004","unstructured":"Tucker , A. , and Comay. Solaris Zones: Operating System Support for Server Consolidation. In 3rd Virtual Machine Research and Technology Symposium Works-in-Progress ( San Jose, CA , May 2004 ). Tucker, A., and Comay. Solaris Zones: Operating System Support for Server Consolidation. In 3rd Virtual Machine Research and Technology Symposium Works-in-Progress (San Jose, CA, May 2004)."},{"key":"e_1_2_1_20_1","unstructured":"User-Mode Linux. http:\/\/user-mode-linux.sourceforge.net\/.  User-Mode Linux. http:\/\/user-mode-linux.sourceforge.net\/."},{"key":"e_1_2_1_21_1","unstructured":"Virtual PC. http:\/\/www.microsoft.com\/windows\/virtualpc\/default.mspx.  Virtual PC. http:\/\/www.microsoft.com\/windows\/virtualpc\/default.mspx."},{"key":"e_1_2_1_22_1","unstructured":"VMWare. http:\/\/www.vmware.com\/.  VMWare. http:\/\/www.vmware.com\/."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.5555\/1060289.1060308"},{"key":"e_1_2_1_24_1","volume-title":"Proceedings of the 11th USENIX Security Symposium","author":"Wright C.","year":"2002","unstructured":"Wright , C. , Cowan , C. , Smalley , S. , Morris , J. , and Kroah-Hartman , G . Linux Security Modules: General Security Support for the Linux Kernel . In Proceedings of the 11th USENIX Security Symposium ( San Francisco, CA , Aug 2002 ). Wright, C., Cowan, C., Smalley, S., Morris, J., and Kroah-Hartman, G. Linux Security Modules: General Security Support for the Linux Kernel. In Proceedings of the 11th USENIX Security Symposium (San Francisco, CA, Aug 2002)."},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30143-1_13"},{"key":"e_1_2_1_26_1","unstructured":"Yum: Yellow Dog Updater Modified. http:\/\/linux.duke.edu\/projects\/yum\/.  Yum: Yellow Dog Updater Modified. http:\/\/linux.duke.edu\/projects\/yum\/."}],"container-title":["ACM SIGOPS Operating Systems Review"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1113361.1113375","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1113361.1113375","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T16:18:47Z","timestamp":1750263527000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1113361.1113375"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006,1]]},"references-count":26,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2006,1]]}},"alternative-id":["10.1145\/1113361.1113375"],"URL":"https:\/\/doi.org\/10.1145\/1113361.1113375","relation":{},"ISSN":["0163-5980"],"issn-type":[{"type":"print","value":"0163-5980"}],"subject":[],"published":{"date-parts":[[2006,1]]},"assertion":[{"value":"2006-01-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}