TC: Small: Improving System Security through Virtual Layered File Systems
Columbia University, New York NY
Investigators
Abstract
Desktop computers run many different applications, the compromise of any one of which can compromise the entire desktop given the lack of isolation among applications. Recovering a compromised desktop remains a time consuming task, which typically requires wiping everything and reinstalling the system from scratch. These security issues pose fundamental challenges as desktop computers are relied on for everything from financial transactions to medical records. To address these problems, we are creating novel virtual layered file system (VLFS) technologies to improve system security. Unlike a traditional file system which is a monolithic entity, a VLFS dynamically composes together a set of software layers into a single file system view for a desktop. Changes to one layer are isolated and decoupled from changes to another. The VLFS dynamic composition feature enables powerful and easy-to-use security functionality. We are using VLFSes to build an architecture to enable security patches to be deployed effectively when managing large numbers of heterogeneously configured machines, and to speed system recovery from security exploits. We are also using VLFSes to develop a transparent desktop application fault containment architecture that is effective at limiting the damage from exploits to enable quick recovery while being as easy to use as a traditional desktop system. The results of this proposal will provide a foundation for future computer innovations to provide improved system security for users' systems. Because we are working with industry-standard operating systems and binary application and patch distributions, our results will be directly applicable to the commercial world.
View original record on NSF Award Search →