DOCSLIB.ORG

Session-Based Intrusion Detection System to Map Anomalous Network Traffic

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Session-Based Intrusion Detection System to Map Anomalous Network Traffic SESSION-BASED INTRUSION DETECTION SYSTEM TO MAP ANOMALOUS NETWORK TRAFFIC by BRUCE D. CAULKINS B.S. Furman University, 1986 M.S. University of Central Florida, 1995 A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the Department of Modeling and Simulation in the College of Arts and Sciences at the University of Central Florida Orlando, Florida Fall Term 2005 Major Professor: Morgan C. Wang © 2005 Bruce D. Caulkins ii ABSTRACT Computer crime is a large problem (CSI, 2004; Kabay, 2001a; Kabay, 2001b). Security managers have a variety of tools at their disposal – firewalls, Intrusion Detection Systems (IDSs), encryption, authentication, and other hardware and software solutions to combat computer crime. Many IDS variants exist which allow security managers and engineers to identify attack network packets primarily through the use of signature detection; i.e., the IDS recognizes attack packets due to their well-known “fingerprints” or signatures as those packets cross the network’s gateway threshold. On the other hand, anomaly-based ID systems determine what is normal traffic within a network and reports abnormal traffic behavior. This paper will describe a methodology towards developing a more-robust Intrusion Detection System through the use of data-mining techniques and anomaly detection. These data-mining techniques will dynamically model what a normal network should look like and reduce the false positive and false negative alarm rates in the process. We will use classification-tree techniques to accurately predict probable attack sessions. Overall, our goal is to model network traffic into network sessions and identify those network sessions that have a high-probability of being an attack and can be labeled as a “suspect session.” Subsequently, we will use these techniques inclusive of signature detection methods, as they will be used in concert with known signatures and patterns in order to present a better model for detection and protection of networks and systems. iii To my wife Kim, whose love, patience, and support meant everything for my research iv ACKNOWLEDGMENTS Many thanks to the members of my committee, Drs. Morgan C. Wang, Joohan Lee, William H. Allen, Mark E. Johnson, J. Peter Kincaid, and Michael D. Proctor. Much credit goes to Morgan Wang for his guidance and mentorship. In a multi- disciplinary area like modeling and simulations, it takes a special professor who has wide- ranging knowledge and patience to make this research work well and go smoothly. Special thanks also goes to Joohan Lee – a specialist in computer security and reliable computing, he provided an incredible insight into the problems that we encountered during our research. Bill Allen at FIT also gave key assistance with his extensive expertise as well as the FIT data sets. The US Army Human Resources Command (HRC) provided support for this research through the Army’s fully funded Advanced Civil Schooling (ACS) program. I thank them as well as my boss at my current assignment at the US Army Signal Center at Fort Gordon, Georgia – Colonel Mackey. He as well as the good folks at the Army’s School of Information Technology (SIT) gave me the time and encouragement to complete my research properly and on time. Finally, I’d like to thank my family and friends, particularly my wife Kim. Much has happened to all of us since Kim and I started this journey in August 2002 and my dad’s onslaught of dementia was the absolute low point over the last three years. However, he always told me to study hard, never quit, take as many English classes as you can in college, and always put the family first. His current condition won’t allow him to remember ever saying those words but that’s fine – I’ve never forgotten that advice. v TABLE OF CONTENTS LIST OF FIGURES ....................................................................................................................... xi LIST OF TABLES.......................................................................................................................xiii LIST OF ACRONYMS/ABBREVIATIONS.............................................................................. xiv CHAPTER 1: INTRODUCTION.................................................................................................. 1 1.1 A Historical Look at Computer Security Issues .................................................................. 2 1.1.1 The 1980s and 1990s .................................................................................................... 3 1.1.1.1 Cuckoo’s Egg......................................................................................................... 3 1.1.1.2 Internet Worm and Mitnick’s Attacks ................................................................... 4 1.1.2 More Recent Malicious Events..................................................................................... 5 1.2 Security Issues of Today...................................................................................................... 7 1.2.1 CSO Magazine Survey Results..................................................................................... 8 1.2.2 CERT/CC Statistics .................................................................................................... 11 1.2.3 Trends and Attack Profiles.......................................................................................... 13 1.3 Thesis Statement ................................................................................................................ 14 CHAPTER 2: DATA MINING ................................................................................................... 16 2.1 Data Mining Basics............................................................................................................ 17 2.1.1 Data Cleaning, Selection, and Transformation........................................................... 19 2.1.2 Data Mining and Pattern Evaluation........................................................................... 19 2.2 Data Mining Patterns ........................................................................................................ 21 2.2.1 Characterization and Discrimination .......................................................................... 21 2.2.2 Association.................................................................................................................. 22 2.2.3 Clustering.................................................................................................................... 23 vi 2.2.4 Outliers........................................................................................................................ 24 2.2.5 Evolution..................................................................................................................... 24 2.2.6 Classification and Prediction ...................................................................................... 25 2.3 A Decision Tree Analysis ................................................................................................. 25 2.3.1 Decision Trees and Large Data Sets ........................................................................... 26 2.3.2 The Model Building Procedure................................................................................... 27 2.3.3 Consequences of Using Decision Trees...................................................................... 29 2.4 Data Mining In Our Research........................................................................................... 30 CHAPTER 3: INTRUSION DETECTION SYSTEMS .............................................................. 32 3.1 Network Intrusion Detection Systems ............................................................................... 32 3.2 Misuse Detection and Anomaly Detection ........................................................................ 33 3.3 Why IDS Programs are Needed......................................................................................... 34 3.4 Anomaly Detectors of Today............................................................................................. 35 3.4.1 CLAD and LERAD..................................................................................................... 35 3.4.2 EFSA........................................................................................................................... 36 3.4.3 Distributed Data Mining and Database Mining.......................................................... 37 3.4.4 IDEVAL...................................................................................................................... 37 3.4.5 Statistical Analysis on Network Packets..................................................................... 38 CHAPTER 4: SESSION-BASED INTRUSION DETECTION.................................................. 40 4.1 Packet-Based IDS System.................................................................................................. 41 4.2 Session-Based IDS Tools................................................................................................... 42 4.2.1 Tcpdump and Editcap ................................................................................................. 42 4.2.2 Snort IDS Freeware..................................................................................................... 43 vii 4.2.3 Cap2Txt2 Java Program.............................................................................................
Load more

Recommended publications
  • (12) Patent Application Publication (10) Pub. No.: US 2008/0103921 A1 CELLA Et Al
    US 20080 103921A1 (19) United States (12) Patent Application Publication (10) Pub. No.: US 2008/0103921 A1 CELLA et al. (43) Pub. Date: May 1, 2008 (54) CONTINGENCY-BASED OPTIONS AND (60) Provisional application No. 60/137,310, filed on Jun. FUTURES FOR CONTINGENT TRAVEL 3, 1999. ACCOMMODATIONS Publication Classification (76) Inventors: Charles H. CELLA, Pembroke, MA (US); Edward J. KELLY, Wellesley, (51) Int. Cl. MA (US); Matthew P. VINCENT, G06Q 30/00 (2006.01) Georgetown, MA (US) (52) U.S. Cl. ................................................................ 705/26 Correspondence Address: STRATEGIC PATENTS P.C.. (57) ABSTRACT CFO PORTFOLIOP P.O. BOX S2OSO MINNEAPOLIS, MN 55402 (US) Disclosed herein is a system for allowing a remote user to purchase, over a distributed computer network (e.g., the (21) Appl. No.: 11/875,368 Internet), an option for a ticket and/or accommodations for a contingent event', e.g., an event which is certain to occur (22) Filed: Oct. 19, 2007 but for which the participants, content and/or location(s) are Related U.S. Application Data not predetermined. For instance, the Subject system can be used to sell options for the purchase of tickets to such (63) Continuation of application No. 09/586,723, filed on contingent events such as playoff games on the basis of what Jun. 5, 2000. teams qualify, or all-star game. 282 Y 294 292 HOTEL DINING 290 TRANSPORTATION 288 284 3O4 TICKET OTHER GOODS RENTAL LOCAL CAR ATTRACTIONS OTHER SERVICES Patent Application Publication May 1, 2008 Sheet 1 of 10 US 2008/O103921 A1 to 1 O2 1 O2 1 O2 BUYER BUYER BUYER N7 10 HOST PROVIDER > 104 108 Fig.
    [Show full text]
  • The Linux Kernel Hidden Inside Windows 10
    GAINING VISIBILITY INTO LINUX BINARIES ON WINDOWS: DEFEND AND UNDERSTAND WSL BLUEHAT 2016 ALEX IONESCU @AIONESCU BIO Vice President of EDR Strategy at CrowdStrike, a security startup Previously worked at Apple on iOS Core Platform Team Co-author of Windows Internals 5th, 6th and now 7th Edition Reverse engineering NT since 2000 – lead kernel developer on ReactOS Project Instructor of worldwide Windows Internals classes Conference speaking: • BlueHat 2016, Infiltrate 2015 • Blackhat 2016, 2015, 2013, 2008 • SyScan 2015-2012, NoSuchCon 2014-2013, Breakpoint 2012 • Recon 2016-2010, 2006 For more info, see www.alex-ionescu.com and www.windows-internals.com INTRODUCTION • I have been analyzing WSL since its first inception as “Astoria” and “Arcadia” • Based on Microsoft Research “DrawBridge” Project • Achieved arbitrary ELF binary execution in January 2016 – no WSL installed (Redstone 1 Preview) • Discovered multiple design issues that would allow malicious users to abuse/exploit the subsystem • Presented at BlackHat 2016 after most of the issues had been fixed in Anniversary Update • “Optionality” of subsystem was now enforced (driver no longer present by default at boot) • Protected Process boundary added to driver/subsystem, and Pico processes are isolated too • Some visibility issues addressed (SeLocateProcessImageName no longer returns NULL, for example) • Many more visibility issues exist • New challenges and features which can negatively impact security are coming in Redstone 2 • Aka RS2 aka “Creator’s Update” aka 1703 DESIGN ISSUES
    [Show full text]
  • The OS/2 Warp 4 CID Software Distribution Guide
    SG24-2010-00 International Technical Support Organization The OS/2 Warp 4 CID Software Distribution Guide January 1998 Take Note! Before using this information and the product it supports, be sure to read the general information in Appendix D, “Special Notices” on page 513. First Edition (January 1998) This edition applies to OS/2 Warp 4 in a software distribution environment and to NetView Distribution Manager/2 (NVDM/2) with Database 2 (DB2) Version 2.11 for OS/2 and Tivoli TME 10 Software Distribution 3.1.3 for OS/2 (SD4OS2) software distribution managers. This edition also applies to OS/2 Warp 4 subcomponents, such as TCP/IP 4.0, MPTS, NetFinity 4.0, Peer Services, and LAN Distance, and to OS/2- related products, such as eNetwork Personal Communications for OS/2 Warp, eNetwork Communications Server for OS/2 Warp, Transaction Server, Lotus Notes, and Lotus SmartStuite 96 for OS/2 Warp. Comments may be addressed to: IBM Corporation, International Technical Support Organization Dept. DHHB Building 045 Internal Zip 2834 11400 Burnet Road Austin, Texas 78758-3493 When you send information to IBM, you grant IBM a non-exclusive right to use or distribute the information in any way it believes appropriate without incurring any obligation to you. © Copyright International Business Machines Corporation 1998. All rights reserved Note to U.S Government Users – Documentation related to restricted rights – Use, duplication or disclosure is subject to restrictions set forth in GSA ADP Schedule Contract with IBM Corp. Contents Figures. .xiii Tables. xvii Preface. .xix How This Redbook in Organized .
    [Show full text]
  • Basics of Windows OS for Reverse Engineering Malware
    Basics of Windows OS for Reverse Engineering Malware Protecting the irreplaceable | f-secure.com Copyright F-Secure 2010. All rights reserved. Applications on Windows 2 February 18, 2013 Copyright F-Secure 2010. All rights reserved. Executable Format • Object files and executables follow the PE (Portable Executable) file format • Full specification available online • http://www.microsoft.com/whdc/system/platform/ firmware/PECOFF.mspx • Best viewed with your hex editor (HT) or specialized PE viewer (PEBrowsePro ->) 3 February 18, 2013 Copyright F-Secure 2010. All rights reserved. Windows Executables • Filename extension hints to the executable type • EXE = executable application, anything from a DOS executable to 64-bit Windows applications • DLL = Dynamic link library, a set of callable routines compiled together as a loadable file • SYS = Driver • OBJ = Object file, input to the linker • Note that Windows does not really care much about the file extension • You can execute application.jpg just fine • All of these follow the PE/COFF specification • APPX is used for Windows 8 Windows Store apps • Not a PE, but a ZIP archive with all application contents inside 4 February 18, 2013 Copyright F-Secure 2010. All rights reserved. Windows API • Windows API (aka. Win32 API) is the interface to the operating system for applications • Exposed by a set of system libraries: kernel32.dll, user32.dll, … • Windows 7 refactored the system libraries (“MinWin”) so you will see e.g. kernelbase.dll • On 64-bit, because of 32-bit compatibilty, c:\windows\syswow64 contains another set of libraries • Several subcategories • Administration and management (WMI, …) • Diagnostics (event logging, …) • Networking • Security • System services (processes, threads, registry…) • MSDN is the reverse engineers best friend for Windows binaries • http://msdn2.microsoft.com/en-us/library/default.aspx 5 February 18, 2013 Copyright F-Secure 2010.
    [Show full text]
  • 12 Microsoft Hot Spots to Watch in 2012
    Foley: 12 Microsoft Hot Spots to Watch in 2012 JANUARY 2012 VOL. 18 NO. 1 REDMONDMAG.COM Steve Ballmer’s potential replacement, best exec fi ghts, products that changed tech forever: Redmond editors lay out lists that IT pros shouldn’t miss. + A Look at BeyondTrust PowerBroker Desktops DLP Solve Active Directory Disasters BETTER BUSINESS INTELLIGENCE AT A BETTER PRICE UP TO 72% LESS Untitled-8 2 6/15/10 3:19 PM S Turn your raw data into a powerful strategic advantage with Business Intelligence solutions from DellTM and Microsoft®—and do it for up to 72% less per terabyte than the competition.* Built on industry standards, Microsoft® SQL Server® 2008 R2 systems from Dell are designed to speed implementations, lower risk, and reduce complexity—all while delivering the best price-for-performance in the industry. SIMPLIFY YOUR IT AT DELL.COM/SQLBI * 72% claim based upon a comparison of list prices of typical Business Intelligence off erings from leading hardware manufacturers versus Dell/Microsoft combined off erings. Benchmarked systems confi gured with 4-5 TB of data storage, database application software, and Business Intelligence analytic software. Dell is a trademark of Dell Inc. ©2010 Dell Inc. All rights reserved. Untitled-8 3 6/15/10 3:20 PM Redmond The Independent Voice of the Microsoft IT CommunityContentsJANUARY 2012 COVER STORY REDMOND REPORT 9 IT Awaits Release of SQL Server 2012 Microsoft changed how its upcoming database management system will be packaged, while also rolling out release candidate software. COLUMNS 6 Barney’s Rubble: Doug Barney The Privacy Is Dead List Issue To start 2012, we’re offering numbered thoughts from our cleverest minds on where Microsoft and IT have been and are going.
    [Show full text]
  • Microsoft and Cray to Unveil $25,000 Windows-Based Supercomputer
    AAll About Microsoft: l lCodeTracker A monthly look at Microsoft’s codenames and what they Areveal about the direction of the company. b o u t M i c r o s o f t : All About Microsoft CodeTracker Keeping track of Microsoft's myriad codenames is an (almost) full-time occupation. I know, as I spend a lot of my work hours tracking down the latest names in the hopes of being able to better keep tabs on what's coming next from the Redmondians. Each month, I'll be releasing an updated, downloadable version of the CodeTracker. I'll add new codenames -- arranged in alphabetical order by codename -- of forthcoming Microsoft products and technologies. I also will note timing changes (date slips, the release of a new test build, the disappearance of a planned deliverable) for entries that are already part of the Tracker. Once Microsoft releases the final version of a product or technology I've been tracking, I will remove it from the Tracker. In that way, the CodeTracker will remain focused on futures. (An aside about the Tracker: A question mark in place of an entry means I have insufficient information to hazard even an educated guess about a particular category.) If you have suggested new entries or corrections to existing ones, please drop me an e-mail at mjf at microsofttracker dot com. Thanks! Mary Jo Foley, Editor, ZDNet's "All About Microsoft" blog This Month's Theme: OOF It’s the height of the summer here in the U.S., and summer holidays are in full swing for the Softies.
    [Show full text]
  • Universal Unhooking
    W HITE PAPER Universal Unhooking Blinding Security Software In both ‘good’ and ‘bad’ uses, hooks are inserted by overwriting the first few bytes of a target function to hijack execution flow. Code hooking is a technique used for redirecting a computer’s execution flow to modify software. Essentially, a ‘hook’ is something that will allow the developer to see, view, and interact with something that is already going on in the system. Code hooks can perform a wide variety of functionality, both innocent and nefarious, including: • Patching a bug • Performance monitoring • Disabling digital rights management systems • Capturing keystrokes (keylogging) • Hiding processes and files (rootkits) The antivirus (AV) industry uses code hooking to monitor processes for potentially malicious behavior, protect applications by injecting anti-exploitation checks, and isolate processes by sandboxing or virtualization. The technique can also be used by bad actors, for instance, to implement a rootkit to hide processes and network connections from the end-user and security software. Bad actors have also determined how to monetize the technique by hooking browsers to invisibly modify online banking sites to steal credentials or initiate fraudulent transfers. In both ‘good’ and ‘bad’ uses, hooks are inserted by overwriting the first few bytes of a target function to hijack execution flow. Typically, a JMP or CALL is inserted to transfer execution to new code that will perform the new functionality and, depending on the intended behavior, may return to the original function to complete its execution. Universal Unhooking | 2 A Pen Tester’s Perspective A Brief Detour: Code Hooking One of the first things a penetration tester performs The diagram below depicts the general outline of code after gaining initial access to a system is to dump hooking.
    [Show full text]
  • 98-365 Microsoft
    98-365 microsoft Number : 98-365 Passing Score : 800 Time Limit : 120 min www.examsforall.com http://www.gratisexam.com/ Exam A QUESTION 1 You need to assign permission to acces resources. Which type of group should you use? A. Workgroup B. Security group C. Organizational group D. Distribution group Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 2 You manage a Workgroup. You need to create a group for print administrators. Which type of group should you create? A. Domain Local group B. Local group C. Global group D. Universal group Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 3 In which order are group policies applied? (To answer, move the appropriate scopes from the list of scopes to the answer area and arrange them from first applied to last applied) Select and Place: http://www.gratisexam.com/ Correct Answer: Section: (none) Explanation Explanation/Reference: QUESTION 4 http://www.gratisexam.com/ You need to create a group that includes users from different domains in a single forest. You also need to enable the group to access resources in any domain in the forest. Which type of group should you create? A. Workgroup B. Local group C. Universal groep D. Global group E. Domain local group Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 5 You need to access resources located in another forest. Which should you create? A. Child domain B. Distribution group C. Trust D. Organizational unit Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 6 Users report that they are unable to print.
    [Show full text]
  • Dave Probert, Ph.D. ‐ Windows Kernel Architect Core Operating Systems Division –Microsoft
    Dave Probert, Ph.D. ‐ Windows Kernel Architect Core Operating Systems Division –Microsoft Copyright Microsoft Corporation UNIX vs NT Design Environments Environment which influenced fundamental design decisions UNIX [1969] Windows (NT) [1989] 16-bit program address space 32-bit program address space Kbytes of physical memory Mbytes of physical memory Swapping system with memory mapping Virtual memory Kbytes of disk, fixed disks Mbytes of disk, removable disks Uniprocessor Multiprocessor (4-way) State-machine based I/O devices Micro-controller based I/O devices Standalone interactive systems Client/Server distributed computing Small number of friendly users Large, diverse user populations Copyright Microsoft Corporation Effect on OS Design NT vs UNIX Although both Windows and Linux have adapted to changes in the environment, the original design environments (i.e. in 1989 and 1969) heavily influenced the design choices: Unit of concurrency: Threads vs processes Addr space, uniproc Process creation: CreateProcess() vs fork() Addr space, swapping I/O: Async vs sync Swapping, I/O devices Namespace root: Virtual vs Filesystem Removable storage Security: ACLs vs uid/gid User populations Copyright Microsoft Corporation Today’s Environment [2009] 64-bit addresses GBytes of physical memory TBytes of rotational disk New Storage hierarchies (SSDs) Hypervisors, virtual processors Multi-core/Many-core Heterogeneous CPU architectures, Fixed function hardware High-speed internet/intranet, Web Services Media-rich applications Single user, but vulnerable
    [Show full text]
  • Ebook - Informations About Operating Systems Version: September 3, 2016 | Download
    eBook - Informations about Operating Systems Version: September 3, 2016 | Download: www.operating-system.org AIX Operating System (Unix) Internet: AIX Operating System (Unix) AmigaOS Operating System Internet: AmigaOS Operating System Android operating system Internet: Android operating system Aperios Operating System Internet: Aperios Operating System AtheOS Operating System Internet: AtheOS Operating System BeIA Operating System Internet: BeIA Operating System BeOS Operating System Internet: BeOS Operating System BSD/OS Operating System Internet: BSD/OS Operating System CP/M, DR-DOS Operating System Internet: CP/M, DR-DOS Operating System Darwin Operating System Internet: Darwin Operating System Debian Linux Operating System Internet: Debian Linux Operating System eComStation Operating System Internet: eComStation Operating System Symbian (EPOC) Operating System Internet: Symbian (EPOC) Operating System FreeBSD Operating System (BSD) Internet: FreeBSD Operating System (BSD) Gentoo Linux Operating System Internet: Gentoo Linux Operating System Haiku Operating System Internet: Haiku Operating System HP-UX Operating System (Unix) Internet: HP-UX Operating System (Unix) GNU/Hurd Operating System Internet: GNU/Hurd Operating System Inferno Operating System Internet: Inferno Operating System IRIX Operating System (Unix) Internet: IRIX Operating System (Unix) JavaOS Operating System Internet: JavaOS Operating System LFS Operating System (Linux) Internet: LFS Operating System (Linux) Linspire Operating System (Linux) Internet: Linspire Operating
    [Show full text]
  • Sample Chapters from Windows Internals, Sixth Edition, Part 1
    spine = 1.2” Part 1 About the Authors Mark Russinovich is a Technical Fellow in ® the Windows Azure™ group at Microsoft. Windows Internals He is coauthor of Windows Sysinternals SIXTH EDITION Administrator’s Reference, co-creator of the Sysinternals tools available from Microsoft Windows ® The definitive guide—fully updated for Windows 7 TechNet, and coauthor of the Windows Internals and Windows Server 2008 R2 book series. Delve inside Windows architecture and internals—and see how core David A. Solomon is coauthor of the Windows Internals book series and has taught components work behind the scenes. Led by a team of internationally his Windows internals class to thousands of renowned internals experts, this classic guide has been fully updated Windows developers and IT professionals worldwide, SIXTH for Windows 7 and Windows Server® 2008 R2—and now presents its including Microsoft staff. He is a regular speaker 6EDITION coverage in two volumes. at Microsoft conferences, including TechNet As always, you get critical, insider perspectives on how Windows and PDC. operates. And through hands-on experiments, you’ll experience its Alex Ionescu is a chief software architect and internal behavior firsthand—knowledge you can apply to improve consultant expert in low-level system software, application design, debugging, system performance, and support. kernel development, security training, and Internals reverse engineering. He teaches Windows internals courses with David Solomon, and is ® In Part 1, you will: active in the security research community.
    [Show full text]
  • Rethinking the Library OS from the Top Down
    Rethinking the Library OS from the Top Down Donald E. Porter†, Silas Boyd-Wickizer‡, Jon Howell, Reuben Olinsky, Galen C. Hunt † Department of Computer Science ‡ MIT CSAIL Microsoft Research Stony Brook University 32 Vassar Street One Microsoft Way Stony Brook, NY 11794 Cambridge, MA 02139 Redmond, WA 98052 “There is nothing new under the sun, but there are a using a custom file system storage stack rather than using the lot of old things we don’t know.” default sequential prefetching heuristics. – Ambrose Bierce, The Devil’s Dictionary Like many of its contemporaries, the library OS approach is large- ly forgotten, a casualty of the rise of the modern virtual machine Abstract monitor (VMM) [8]. While most new OS designs of the time— This paper revisits an old approach to operating system construc- including library OS designs—ran only a handful of custom ap- tion, the library OS, in a new context. The idea of the library OS plications on small research prototypes, VMM systems proliferat- is that the personality of the OS on which an application depends ed because they could run major applications by reusing existing runs in the address space of the application. A small, fixed set of feature-rich operating systems. The performance benefits offered abstractions connects the library OS to the host OS kernel, offer- by library OS designs did not overcome the need for legacy com- ing the promise of better system security and more rapid inde- patibility. On the other hand, the need for security and independ- pendent evolution of OS components. ent system isolation has increased since the 1990s due to the rise of the Internet.
    [Show full text]