Thesis Presentation

Conventional secure desktop solutions running on top of the OS have provided user-friendly, per-application sandboxes for executing untrusted code, but they have also suffered from limited granularity and accuracy in monitoring such code. And while other sandboxing techniques such as simple full-system virtualization have been used to safely execute and monitor untrusted code, they lacked the scalability of the monitoring system itself.

We introduce VMM Sandbox, a virtualized sandbox environment that is lightweight, fast, scalable, and hence suitable for use in both program monitoring and secure desktop solutions. Based on the Xen VMM, it uses flash cloning techniques to "fork" virtual machines per application instance for scalability. It also provides a GUI package for driving the system as a secure desktop solution. We also propose a lightweight communication scheme and a device driver for the guest virtual machine that will further improve the performance of the system.

Thesis Committee:
James C. Hoe, Chair
Hyong S. Kim
Adrian Perrig