Page Reclamation Technique for VMM based Application Sandbox
Sandbox,process container and process isolation all provide the design to control and monitor execution of untrusted applications.Most of these solutions use virtualization to provide VM-equivalent isolation for sandboxed process.Sandboxing incurs sufficient overheads in providing secure execution of untrusted binary.Memory is one of such resources which can be bottleneck for scalability of sandbox to control execution of most of apps on single system.In this research,we present a novel page reclamation technique to reclaim pages from sandboxed applications.Page reclamation evicts pages of process which are least recently used in active working set.Proposed technique use Page modification logging (PML) hardware virtualization extension to get working set of isolated process.We implemented proposed technique as extension to one of sandboxes that use hardware virtualization extensions.In evaluation,we successfully reclaim 5% to 11% memory with negligible CPU overhead.
dynamic memory management VMM sandbox Intel PML Virtualization
Muhammad Shams Ul Haq Lejian liao
School of Computer Science and Technology Beijing Institute of Technology,China
国际会议
重庆
英文
70-74
2016-03-20(万方平台首次上网日期,不代表论文的发表时间)